virtual-account-dgpc
Here is the overview of how to get token with BNC - Virtual Account
1. Get Token
To generate payment code, firstly, you will need to hit this API through your Backend:
API Request
| Type | Value |
|---|---|
| HTTP Method | POST |
| API endpoint (Sandbox) | https://api-sandbox.doku.com/authorization/v1/access-token/b2b |
| API endpoint (Production) | https://api.doku.com/authorization/v1/access-token/b2b |
Here is the sample of request header to get token:
X-TIMESTAMP: 2020-01-01T00:00:00+07:00
X-CLIENT-KEY: SK-pI38Fdje23jkfDEu143nfw
X-PARTNER-ID: MCH-0008-1296507211683
X-SIGNATURE: 07abc7c30d245c0ecce3ef6c2a9ac76cd9ffaf6d0d090773b429c2b97437dc72047f46d9890abb2d6d8af7594ea19787e79ec80e388e2f6225b449c2e4d82e7df50f37c301424aede785935703c1c70235ba4e59f589f571218ce2dce4c061e598f0f38d1ac57f3feb52cf0c31078e3ceee8d796c53983fe1d38ebd71155aaa613700dc21f5a57941b787f921af7d287e72687d5242eb3063d543d5f5923f76db008cf4f56fb9c618f7f4bc8366ae70d88705617487754563e629119013fa0549e6645b397524b3dd2fa7e7f3fe9faf0fbf77da59f566861a3c510241fd4416ab7d0eba42d998e1178da51d607e0ef866607c458837c762323be53827d86e875
Request Header Explanation
| Parameter | Description |
|---|---|
| X-TIMESTAMP | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| X-CLIENT-KEY | Secret Key from DOKU Backoffice |
| X-PARTNER-ID | Client ID retrieved from DOKU Back OfficE |
| X-SIGNATURE | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample of request body to generate payment code:
{
"grantType":"client_credentials" ,
"additionalInfo":{
}
}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
grantType | string | Mandatory | 'client_credentials' : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750) |
API Response
After hitting the above API request, DOKU will give the response.
| Type | Value |
|---|---|
| HTTP Status | 200 |
| Result | SUCCESS |
X-TIMESTAMP: 2020-01-01T00:00:00+07:00
X-CLIENT-KEY: SK-pI38Fdje23jkfDEu143nfw
X-PARTNER-ID: MCH-0008-1296507211683
X-SIGNATURE: 07abc7c30d245c0ecce3ef6c2a9ac76cd9ffaf6d0d090773b429c2b97437dc72047f46d9890abb2d6d8af7594ea19787e79ec80e388e2f6225b449c2e4d82e7df50f37c301424aede785935703c1c70235ba4e59f589f571218ce2dce4c061e598f0f38d1ac57f3feb52cf0c31078e3ceee8d796c53983fe1d38ebd71155aaa613700dc21f5a57941b787f921af7d287e72687d5242eb3063d543d5f5923f76db008cf4f56fb9c618f7f4bc8366ae70d88705617487754563e629119013fa0549e6645b397524b3dd2fa7e7f3fe9faf0fbf77da59f566861a3c510241fd4416ab7d0eba42d998e1178da51d607e0ef866607c458837c762323be53827d86e875
Response Header Explanation
| Parameter | Description |
|---|---|
| X-TIMESTAMP | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| X-CLIENT-KEY | Secret Key from DOKU Backoffice |
| X-PARTNER-ID | Client ID retrieved from DOKU Back OfficE |
| X-SIGNATURE | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample of response body:
"responseCode":"2007300",
"responseMessage":"Successful",
"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiZjFmM2Q3ZS1kOTA3LTRkOWItODJlNC02Y2IxZGYxOTBlOWUiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODg1NiwiZXhwIjoxNjExNDY5NzU2LCJpYXQiOjE2MTE0Njg4NTZ9.-7HRhcyEh4y0qsG2H3DRdu0AeYv3MEJHfWRKhRBYcNU",
"tokenType":"Bearer",
"expiresIn":"900",
"additionalInfo":{
}
}
Response Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
responseCode | number | Optional | Response Code : '2007300 = Success' and '4017300 = Unauthorized' |
responseMessage. | string | Optional | Response Message : 'Success' and 'Unauthorized' |
accessToken | string | Mandatory | A string representing an authorization issued to the client that used to access protected resources. |
expiresIn | string | Mandatory | Session expiry in seconds : 900 (15 minute ) |
tokenType | string | Mandatory | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes) |
Pro Tips
You can also learn about generatin signature here https://apidevportal.bi.go.id/snap/api-services/keamanan