DOKU - OC 1.25 Hosted

DOKU Hosted API
Integration Guide - API for DOKU Hosted Payment Pages
Version 1.24– April 25, 2018
©2018 DOKU - PT Nusa Satu Inti Artha

Integration Guide – API for DOKU Hosted Payment Pages
Table of Contents
1. Introduction 3
1.1 About this document 3
1.2 Requirements 3
2. Transaction 4
2.1 Credit Card 4
2.1.1 Overview 4
2.1.1.1 BIN Filtering 4
2.1.1.2 Installment 4
2.1.1.3 Tokenization 4
2.1.1.4 Recurring 5
2.1.1.5 Customer Input at Merchant 5
2.1.1.6 Authorize & Capture 5
2.1.1.7 Void, Refund, or Cancellation 5
2.1.2 Transaction Flow 6
2.2 DOKU Wallet 7
2.2.1 Overview 7
2.2.2 Transaction Flow 7
2.3 Internet Banking 8
2.3.1 Overview 8
2.3.2 General Internet Banking Transaction Flow 8
2.3.3 KlikBCA Transaction Flow 9
2.4 Virtual Account 10
2.4.1 Overview 10
2.4.2 Regular 11
2.4.3 Direct 12
3. Message Formats and Contents 13
3.1 Shared Key Hash Value 13
3.2 Payment Request 14
3.2.1 Method and URL 14
3.2.2 Parameters Required 14
3.2.3 Advanced Features 15
3.2.3.1 Airlines 15
3.2.3.2 Credit Card Installment 16
3.2.3.3 Tokenization 16
3.2.3.4 Recurring 17
3.2.3.5 Customer Input at Merchant 17
3.3 Other Payment Request 17
3.3.2 Parameters Required 18
3.3.3 Response 18
3.4 Identify (optional) 19
3.4.1 Method 19
3.4.2 Parameters Sent 19
3.5 Notify 19
3.5.1 Method 19
3.5.3 Notify Response 20
3.6 Redirect 20
3.6.1 Method 20
3.7 Capture 21
1
www.doku.com
PT Nusa Satu Inti Artha
Plaza Asia Office Park Unit 3
Jl. Jenderal Sudirman Kav. 59
Jakarta 12190 Indonesia

3.7.3 Capture Response 21
3.8 Check Status 22
3.8.3 Check Status Response 22
3.9 Void 24
3.9.3 Void Response 24
3.10 Inquiry 24
3.10.1 Method 24
3.10.2 Parameters sent 24
3.10.3 Inquiry Response 25
3.11 Refund 26
3.11.1 Method & URL 26
3.11.2 Request Parameter 26
3.11.3 Response 26
3.12 Cancellation 27
3.12.3 Cancellation Response 28
Appendix 29
A. Payment Channel Code 29
B. DOKU IP Address 30
C. Example of email notification for Virtual Account payment 31
D. Currency & Country Codes (ISO3166) 32
E. Special Characters 33
F. Response Code 34
i. DOKU general error 34
ii. Credit Card 36
iii. Mandiri Clickpay 39
iv. DOKU Wallet 42
v. BRI e-Pay 43
vi. Alfamart/Indomaret/Permata/Mandiri/Sinarmas VA 44
vii. Mandiri Multipayment 45
G. Payment Page Screenshots 46
i. Credit Card Channel 46
ii. Mandiri Clickpay Channel 47
iii. DOKU Wallet Channel 48
iv. Permata/Mandiri/Sinarmas Virtual Account (Bank Transfer/ATM) Channel 49
v. Alfamart / Indomaret (Convenience Store) Channel 50
H. Processing Page Screenshots 53
i. Transaction processing 53
ii. Transaction approval 54
2
www.doku.com
1. Introduction
1.1 About this document
This documentation is intended to be used as manual ONLY for registered DOKU Merchants Technical / IT
Division or merchant’s appointed 3rd party vendor / web developers to integrate DOKU Payment Module in
Merchant’s websites.
In this document will explain in details how to use the Communication API with DOKU, how to represent the
payment page and what are the best practices. All samples for API in this document are using PHP language.
Other language can follow the same logic used in the PHP samples. All variables and parameters explained in
this document are treated as case-sensitive.
All users have to obey the rules to prevent account theft and security breach as follows:
• DO NOT SHARE this document to other party without any legal permission from DOKU. Fail to do so will
be lead to law prosecution.
• DO NOT SHARE any kind of Bank Information for merchant to other party. DOKU will not be responsible
of any problems that may occur from this action.
1.2 Requirements
- MID/TID from Bank Acquirer for accepting Visa, MasterCard, and JCB credit card transactions.
- DOKU Merchant ID or MALL ID. This number is generated by DOKU Integration Team and is provided to
you upon account activation.
- Merchant prepares URL in testing and production environment for 3 type of transaction, which are: Identify
(optional), Notify, and Redirect.
- DOKU API have minimum requirements to run properly:
o Dynamic language : Must use a language that support dynamic environment. Cannot be plain HTML.
o Language : Can use any kind of language that web-enabled such as Apache PHP, Microsoft ASP,
Adobe ColdFusion, Sun Java, Ruby on Rails.
o Frameworks : Virtually can use many of different framework available such as CodeIgniter, Spring, etc.
o Capable of using both HTTP Method GET and POST.
o Database : Any kind of database available in the market that support basic SQL Statements.
3
www.doku.com
2. Transaction
2.1 Credit Card
2.1.1 Overview
DOKU accept all credit card issued with these Principals:
• Mastercard
• Visa
• JCB (Only for BNI Acquiring)
Credit card transaction in Indonesia Online Merchant is usually required additional security from issuer Bank,
called 3D Secure. This process will ask the genuine credit card holder to enter Internet PIN or One Time PIN
(OTP) that usually sent to Credit Card Holder mobile phone.
2.1.1.1 BIN Filtering

BIN filtering is a feature that can be used to filter Credit Cards issued by certain banks for the purpose of doing
promotions. Each issuer has a unique BIN number, which is made up of the first 6 digits in the Credit Card
number. The conditions set in the filter will specify which BIN numbers that are allowed to make payments on
your site. When a card number that has been blocked by the BIN filter is entered, the DOKU server will not be
able to process the payment. Please contact our support team to activate this feature for any bank promotions
that you have.
2.1.1.2 Installment
DOKU supported credit card installment payment. Merchant can trigger installment payment by adding some
parameters in payment request to DOKU.
2.1.1.3 Tokenization
Tokenization enables the customer to make a purchase without having to input card details or personal
information, apart from the CVV number. This process is typically used by merchants that have repeat
customers who will benefit from a faster checkout by reducing the number of fields the customer needs to fill
in. If the card issuer requires 3D secure verification process, the customer will still have to complete this to
make a purchase. In order for this process to work, the customer enters all of the card information only during
the very first time they make a purchase. DOKU stores this data in a secure form and gives the merchant a
token, which is paired to the customer’s login credentials on the merchant website. After this process has
been completed, each time they make a payment from hereon out, they only have to input the CVV.
4
www.doku.com
2.1.1.4 Recurring
Using the same principles as Tokenization, Recurring payment takes it a step further and allows the customer
to make a purchase with a single click on the website. This means that they can skip the process of inputting
their card details, personal information, CVV number and 3D secure. The customer will have to enter the card
details and complete the 3D secure verification process only during the first time they make a purchase. By
eliminating the extra steps, you are able to create a more seamless and easy checkout process, which may
lead to a lower drop-off rate. However, please note that this is subject to DOKU’s and the bank’s approval due
to an increase in fraud risk. Please contact DOKU if you are interested to implement Recurring feature.
2.1.1.5 Customer Input at Merchant

It is possible for the customer to input card details on the merchant’s website. This means that after they
finished the process of inputting their card details and CVV number, the customer will be redirected to DOKU
and complete the 3D secure verification process. However, please note that this is subject to DOKU’s and the
bank’s approval due to an increase in fraud risk. Please contact our support team if you are interested to
implement this feature.
2.1.1.6 Authorize & Capture
Authorize & Capture is a feature that allows you to block a certain amount from the customer’s credit card limit
(Authorize), then hold it for a certain period before charging a payment – which can be a different amount from
what you block (Capture). To enable this feature, you will need an agreement with the acquiring bank; please
contact DOKU sales representative for more detail.
2.1.1.7 Void, Refund, or Cancellation

DOKU provides 3 types of feature to reverse success credit card transactions, which are:
a. Void
Void is a feature to cancel success transaction that is still unsettled yet.
b. Refund
Refund is a feature to request return fund from success transaction that has been settled by bank. This
feature is applicable only for specific bank acquirer that supports online refund.
c. Cancellation
Cancellation is a feature to request void or refund in a single request. DOKU will decide the transaction
will be voided or refunded based on settlement status. This feature is applicable only for specific bank
acquirer that supports online refund.
5
www.doku.com
6
www.doku.com
2.1.2 Transaction Flow
Description:
1. Customer conducts the checkout process on merchant's webpage
2. Merchant send payment request to DOKU and redirect page
3. DOKU displays payment page to the customer
4. Customer inputs the card and payment detail and submits the payment page to DOKU
5. DOKU can send payment channel used to Merchant using Identify API (optional)
6. DOKU will redirect customer to 3D Secure page (except for the rare occasion where 3D Secure is
disabled)
7. Customer submits the OTP on 3D Secure page and back to DOKU
8. DOKU submits transaction to acquiring bank
9. Bank gives response for the transaction process (success or failed)
10. DOKU notifies the transaction result to the merchant
11. Merchant gives response for transaction process (continue or stop) / (expect CONTINUE)
12. DOKU will redirect the customer back to merchant’s webpage and display the result
13. If merchant does not receive notify status from DOKU, please run/do Check Status function
7
www.doku.com
14. If merchant uses EDU, please wait for the second notify status before flagging the transaction to
SUCCESS
2.2 DOKU Wallet

2.2.1 Overview
DOKU Wallet is an electronic money service issued by DOKU, and had a license from Bank Indonesia.
2.2.2 Transaction Flow
Description:
4. Customer select DOKU Wallet in DOKU payment page
6. DOKU will redirect customer to DOKU Wallet page
7. Customer submits data and authentication required in DOKU Wallet page
9. Merchant gives response for transaction process (continue or stop) / (expect CONTINUE)
8
www.doku.com
12. DOKU will respond with transaction status info to Merchant
2.3 Internet Banking

2.3.1 Overview
Internet Banking accepted by DOKU-hosted service are:
• Mandiri Clickpay
• BCA Klikpay
• BRI e-Pay
• Muamalat
• Danamon
• Permata Net
• CIMBClicks
• Kredivo
• KlikBCA
For KlikBCA, transaction flow will be different with other Internet banking flow.
9
www.doku.com
2.3.2 General Internet Banking Transaction Flow
Description:
4. Customer select Internet Banking as payment channel
6. DOKU redirect page to Bank’s Internet Banking page
7. Internet Banking page showed to the Customer
8. Customer do transaction in Internet Banking page
9. Bank respond Internet Banking result to DOKU
11. Merchant gives response for transaction process (CONTINUE)
10
www.doku.com
2.3.3 KlikBCA Transaction Flow
1. Customer enter klikBCA user ID in merchant’s page

2. Merchant initiate payment request to DOKU
3. DOKU respond request from Merchant
4. Customer do transaction on klikBCA website, then Bank will notify transaction result to DOKU.
5. Merchant should respond “CONTINUE” to DOKU
2.4 Virtual Account

2.4.1 Overview
DOKU Virtual Account service is defined as two payment method in DOKU-Hosted Payment Page which are:
• Bank Transfer
o ATM Bersama, Prima and Alto Network via Permata
o Mandiri
o BRI
o Danamon
o BCA
11
www.doku.com
o Sinarmas
• Convenience Store
o Alfamart
o Indomaret
DOKU Virtual Account aggregates the funds using different entities – Bank Permata, Bank Sinarmas, Bank
Mandiri, Alfa Group and Indomaret. When the customer clicks ‘Generate Payment Code’, DOKU will generate
a one-time use, 11 digits payment code that is valid at any Prima, ALTO or ATM Bersama as well as all of Alfa
Group’s and Indomaret convenience stores. For each of the different acquiring entities, the first 5 digit codes
will define where the payment should be made. See codes below:
Bank First 5 Digit Code
Permata 88560
Mandiri 88899
Sinarmas 88900
Alfa Group 88888
Indomaret 88xxx
Danamon 8922x
So a payment code that is valid for payment at an Alfa store would look like this: 88888-39421877483. And a
bank transfer with Permata acquiring would look like this: 89650-39421877483.
Integration for ATM transfer and convenient store is practically identical; however, keep in mind that you will
have to set the first 5 digits according to the payment method, and the last 11 digits will be queried from the
DOKU server.
2.4.2 Regular
Regular VA is common used VA in DOKU Merchants. DOKU will generate Payment Code that will be used by
Customer as payment destination. Below is the flow of Regular VA:
12
www.doku.com
Description:
4. Customer select VA payment channel and choose Generate Payment Code
6. DOKU show Payment Code generated to Customer
7. Customer conduct payment in Convenience Store / Bank Channel (ATM, Internet Banking, Mobile
Banking, Teller), then Store / Bank will notify DOKU for payment result
2.4.3 Direct
Direct is an alternative flow for Virtual Account. In Direct VA, Merchant is the one who generate Payment Code.
DOKU will give guidance for Merchant about the Payment Code numbering sequence. Below is the flow of
Direct VA:
13
www.doku.com
Description:
2. Merchant generate Payment Code and show it to Customer
3. Customer conduct payment in Convenience Store / Bank Channel (ATM, Internet Banking, Mobile
Banking, Teller), then Store / Bank will request inquiry Payment Code to DOKU
4. DOKU will send Payment Code inquiry request to Merchant
5. Merchant respond Payment Code inquiry to DOKU
6. DOKU respond Payment Code inquiry to Store / Bank
7. Store / Bank notify Payment result to DOKU
14
www.doku.com
3. Message Formats and Contents

Below is the list of API of DOKU-Hosted Payment Page service:
Request Response
Communicati
API Names Sender Data Data Descriptions
on Method
Format Format
Payment HTTP POST Merchant HTTP POST - Merchant submit payment request using HTML Post
Request** Redirect (Customer Parameters from Customer browser to DOKU Hosted Payment
Browser) Pages. Then Customer chooses which payment
channel to use.
Other HTTP POST Merchant HTTP POST XML To do payment request for specific payment channel
Payment Direct to Parameters such as klikBCA and BNI Yap
Request Server
Identify HTTP POST DOKU HTTP POST - Optionally, DOKU server send a message to Merchant
Direct to Parameters server when Customer already selects payment
Server channel and click Submit. The message contains
chosen payment channel.
Notify** HTTP POST DOKU HTTP POST HTML DOKU server sends a payment notification status to
Direct to Parameters Merchant server when Acquirer has processed the
Server payment.
Redirect** HTTP POST DOKU HTTP POST - DOKU redirect Customer browser back to Merchant
Redirect (Customer Parameters Website. This is the last step of payment process from
Browser) Customer perspective.
Capture HTTP POST Merchant HTTP POST XML To capture authorized credit card transaction
Direct to Parameters
Server
Check Status HTTP POST Merchant HTTP POST XML To check the status of a Transaction, Merchant server
Direct to Parameters send request to DOKU server where DOKU server will
Server response with Transaction Status in XML format.
Void HTTP POST Merchant HTTP POST HTML To Void a Sale Transaction, Merchant server send
Direct to Parameters request to DOKU server where DOKU server will
Server response in HTML format. A transaction cannot be
voided if it has been settled.
Inquiry HTTP POST DOKU HTTP POST XML DOKU server send a message to Merchant Server to
Direct to Parameters check Payment Code generated by Merchant
Server
Refund HTTP POST Merchant HTTP POST XML To Refund Sale success transaction that has been
Direct to Parameters settled
Server
Cancellation HTTP POST Merchant HTTP POST XML To Void or Refund Sale success transaction depends
Direct to Parameters on settlement status
Server
** Main API
Payment Request, Identify (optional), Notify and Redirect will be in one flow of transaction. Check Status, Void,
and Cancellation are the API calls that you do if necessary after the transaction is done. So there are 3 main
API, which is Payment Request, Notify and Redirect.
3.1 Shared Key Hash Value

To secure the communication, besides IP filtering, DOKU implement Shared Key Hash Value. An additional
parameter from Merchant or DOKU, called WORDS. This parameter value is hashed using 4 options hash
method with combination of Shared Key. The hashed WORDS generated by Merchant will be validated with
hashed WORDS generated by DOKU System and vice versa. If match, then it will be considered genuine
request or response.
15
www.doku.com
4 options hash methods that Merchant can choose are: SHA1, SHA256, HMAC-SHA1, HMAC-SHA256.
Below is a sample combination string:
WORDS = sha1 (AMOUNT + MALLID + Shared Key + TRANSIDMERCHANT )
WORDS = sha1 (AMOUNT + MALLID + Shared Key + TRANSIDMERCHANT + CURRENCY)
Or if using currency other than IDR :
All these parameters are being combined without any spaces. The position of the parameters is in FIXED order.
You SHOULD NOT swaps the order.
Sample to write in PHP application should be like this:
$WORDS=sha1(40000.00123map_aztec977872);
Or if using USD currency :
$WORDS=sha1(40000.00123map_aztec977872840);
The Shared Key MUST NOT BE REVEALED to public. As it is your merchant’s secure credential.
And this Shared Key may/may not be changed accordingly. And will be inform beforehand.
3.2 Payment Request

3.2.1 Method and URL
Method
HTTP POST Redirect
HTTPS Form Action for PRODUCTION ENVIRONMENT
https://pay.doku.com/Suite/Receive
HTTP Form Action for DEVELOPMENT ENVIRONMENT
https://staging.doku.com/Suite/Receive
3.2.2 Parameters Required

No Name Type Length Comments Mandatory
1 MALLID N Given by DOKU Y
2 CHAINMERCHANT N Given by DOKU, if not using Chain, use value : NA Y
3 AMOUNT N 12.2 Total amount. Eg: 10000.00 Y
4 PURCHASEAMOUNT N 12.2 Total amount. Eg: 10000.00 Y
5 TRANSIDMERCHANT AN …30 Transaction ID from Merchant Y
6 PAYMENTTYPE AN …13 Type of payment : SALE or AUTHORIZATION.
O
Default is SALE
16
www.doku.com
7 WORDS AN …254 Hashed key combination encryption. The hashed

key generated from combining these parameters
value in this order : AMOUNT+MALLID+ <shared
key> + TRANSIDMERCHANT.
For transaction with currency other than 360 (IDR), Y
use :
AMOUNT+MALLID+ <shared key> +
TRANSIDMERCHANT + CURRENCY
Refer to Shared Key Hashed Value page section.
8 REQUESTDATETIME N 14 YYYYMMDDHHMMSS Y
9 CURRENCY N 3 ISO3166 , numeric code Y
10 PURCHASECURRENCY N 3 ISO3166 , numeric code Y
11 SESSIONID AN ...48 Merchant can use this parameter for additional
validation, DOKU will return the value in other Y
response process.
12 NAME AN …50 Travel Arranger Name / Buyer name Y
13 EMAIL ANS …254 Customer email Y
14 ADDITIONALDATA ANS 1024 Custom additional data for specific
O
Merchant use
15 BASKET ANS ...1024 Show transaction description. Use comma to
separate each field
and semicolon for each item. Y
Item1,1000.00,2,20000.00;item2,15000.00,2,3000
0.00
16 SHIPPING_ADDRESS ANS ...100 Shipping address contains street and number O
17 SHIPPING_CITY ANS ...100 City name O
18 SHIPPING_STATE AN …100 State / province name O
19 SHIPPING_COUNTRY A 2 ISO3166 , alpha-2 O
20 SHIPPING_ZIPCODE N ..10 Zip Code O
21 PAYMENTCHANNEL N 2 See payment channel code list O
22 ADDRESS ANS ..100 Home address contains street and number O
23 CITY ANS ..100 City name O
24 STATE AN ..100 State / province name O
25 COUNTRY A 2 ISO3166, alpha-2 O
26 ZIPCODE N ..10 Zip Code O
27 HOMEPHONE ANS ..11 Home Phone O
28 MOBILEPHONE ANS ..12 Mobile Phone O
29 WORKPHONE ANS ..13 Work Phone / Office Phone O
30 BIRTHDATE N ..8 YYYYMMDD O
Y = Mandatory
O = Optional
3.2.3 Advanced Features
3.2.3.1 Airlines
Airlines merchant is required to send some additional specific parameters on payment request. Below are the parameters:
1 FLIGHT N 2 01 : for Domestic, 02 : for International Y
2 FLIGHTTYPE N 1 0 : One Way, 1 : Return, 2 : Transit, 3 : Transit & Y
Return, 4 : Multi City
3 BOOKINGCODE AN ..20 Booking code generated by Airline Y
4 ROUTE Array ..50 List of route using format XXX-YYY (from XXX to Y
[AN] YYY). Eg : CGK-DPS
5 FLIGHTDATE Array 8 List of flight date using format YYYYMMDD. Y
[AN]
6 FLIGHTTIME Array 6 List of flight time using format HHMMSS. Y
[AN]
17
www.doku.com
7 FLIGHTNUMBER Array ..30 List of flight number using IATA Standard Y

[AN] separated by comma (,). e.g. XXYYYY (XX =
Airline Name, YYYY = Flight Number)
8 PASSENGER_NAME Array ..200 List of passenger name in one booking code Y
[ANS]
9 PASSENGER_TYPE Array 1 List of passenger type in one booking Y
[A] A : Adult, C : Child
10 VAT N 12.2 Total VAT. Eg: 10000.00 Y
11 INSURANCE N 12.2 Total Insurance. Eg: 10000.00 Y
12 FUELSURCHARGE N 12.2 Total fuel surcharge. Eg: 10000.00 Y
13 THIRDPARTY_STATUS ANS 1 0 : Travel Arranger joins the flight Y
1 : Travel Arranger does not join the flight
14 FFNUMBER ANS 16 Frequent Flyer Number. If no Frequent Flyer Y
Number, send “0”
*Array = If there are more than 1 value, please send same parameter name with different value. e.g.:
PASSENGER_NAME=Father
PASSENGER_NAME=Daughter
PASSENGER_TYPE=A
PASSENGER_TYPE=C
3.2.3.2 Credit Card Installment

Credit Card Installment payment require some additional specific parameters on payment request. Below are the
parameters:

Yes for
1 INSTALLMENT_ACQUIRER N 3 Acquirer code for installment
Installment
Yes for
2 TENOR N 2 Number of month to pay the installment
Installment
Yes for
3 PROMOID N 3 Promotion ID from the bank for the current merchant
Installment
3.2.3.3 Tokenization
In the DOKU-Hosted API, Credit Card Tokenization is treated as a separate payment method from the un-tokenized Credit
Card. Please send PAYMENTCHANNEL parameter in Payment Request with value 16.
Additional Parameters Required for Tokenization

Yes for
1 CUSTOMERID AN …16 Merchant’s customer identifier
Tokenization
Yes for
2 PAYMENTCHANNEL N 2 16
Tokenization
Additional Parameters Required for 2nd Payment Request

Yes for
Tokenization
Yes for
2 TOKENID AN …16 Tokenized Card’s Identifier
Tokenization
Yes for
3 PAYMENTCHANNEL N 2 16
Tokenization
If merchant send Payment Channel 16 but didn’t send CUSTOMERID, DOKU will use EMAIL value as
CUSTOMERID value.
18
www.doku.com
3.2.3.4 Recurring
In the DOKU-Hosted API, Credit Card Recurring is treated as a separate payment method. Please send
PAYMENTCHANNEL parameter in Payment Request with value 17.
No Name Type Comments Mandatory

Length
Yes for
Recurring
Yes for
2 BILLNUMBER AN …16 Merchant’s bill identifier
Recurring
Yes for
3 BILLDETAIL ANS …256 Product information
Recurring
S = Shopping, I = Installment,
Yes for
4 BILLTYPE A 1
Recurring
D = Donation, P = Payment
Recurring start date
Yes for
5 STARTDATE 8
N Recurring
yyyyMMdd
Recurring end date
Yes for
6 ENDDATE N 8
yyyyMMdd Recurring
NA = end date not specified
Yes for
7 EXECUTETYPE A …4 DAY / DATE / FULLDATE
Recurring
If EXECUTETYPE = DAY then
SUN / MON / TUE / WED / THU / FRI / SAT
If EXECUTETYPE = DATE then Yes for
8 EXECUTEDATE AN …3
1 / 2 / 3 / ,,, / 28 Recurring
if EXECUTETYPE = FULLDATE then
list of execute dates in yyyyMMdd
JAN / FEB / MAR / APR / MAY / JUN / JUL / AUG / SEP / Yes for
9 EXECUTEMONTH A 3
OCT / NOV / DEC Recurring
If the amount is dynamic, use value: FALSE. Use TRUE if the Yes for
10 FLATSTATUS A …5
amount is fixed. Recurring
11 REGISTERAMOUNT N 12.2 Registration amount Eg: 10000.00 Optional
3.2.3.5 Customer Input at Merchant

Please send PAYMENTCHANNEL parameter in Payment Request with value 15 for Regular Payment, or 16 if
merchant use Tokenization.
1 CARDNUMBER N …16 Credit Card Number Yes
2 EXPIRYDATE N 4 Credit Card Expiry Date (YYMM) Yes
3 CVV2 N …4 Credit Card Security Number for not present transactions Yes
4 CC_NAME AN ..50 Cardholder Name O
5 PAYMENTCHANNEL N 2 15 for regular payment or 16 for tokenization Yes
3.3 Other Payment Request

This API is used for specific payment channel such as klikBCA and BNI Yap.

Method
HTTP POST Direct to Server
19
www.doku.com
HTTPS Action for PRODUCTION ENVIRONMENT

https://pay.doku.com/Suite/ReceiveMIP
HTTP Action for DEVELOPMENT ENVIRONMENT
https://staging.doku.com/Suite/ReceiveMIP
3.3.2 Parameters Required

2 CHAINMERCHANT N Given by DOKU, if not using Chain, default value
Y
is NA
5 TRANSIDMERCHANT AN …32 Transaction ID from Merchant Y
7 WORDS AN …200 Hashed key combination encryption. The hashed
key generated from combining these parameters
value in this order : AMOUNT+MALLID+ <shared
key> + TRANSIDMERCHANT
use :
AMOUNT+MALLID+ <shared key> +
TRANSIDMERCHANT + CURRENCY
8 REQUESTDATETIME N 14 YYYYMMDDHHMMSS Y
11 SESSIONID AN ...48 Merchant can use this parameter for additional
validation, DOKU will return the value in other Y
response process.
12 NAME AN …50 Buyer name Y
13 EMAIL ANS …100 Customer email. If using BNI Yap payment
Y
channel, please enter customer Yap ID
14 USERIDKLIKBCA ANS ..12 Customer KlikBCA user ID. Mandatory for klikBCA
Y
payment channel
15 ADDITIONALDATA ANS 1024 Custom additional data for specific
O
Merchant use
16 PAYMENTCHANNEL N 2 Please put 03 for klikBCA, or 45 for BNI Yap Y
17 BASKET ANS ...1024 Show transaction description. Use comma to
separate each field
and semicolon for each item. Y
Item1,1000.00,2,20000.00;item2,15000.00,2,3000
0.00
18 EXPIRYTIME N 14 Expiry time for BNI Yap bill. Format:
O
YYYYMMDDHHMMSS
3.3.3 Response
No Name Type Length Comments

1 RESPONSECODE N 4 Request response code
2 RESPONSEMSG A ..20 Request message
Below is the example:

<?xml version="1.0" encoding="UTF-8"?>
<PAYMENT_RESPONSE>
<RESPONSECODE>0000</RESPONSECODE>
<RESPONSEMSG>SUCCESS</RESPONSEMSG>
</PAYMENT_RESPONSE>
20
www.doku.com
3.4 Identify (optional)

Allow Merchant to identified the channel that Customer chose. Merchant should inform the URL where DOKU
server will send the notification message. Example : http://www.yourwebsite.com/directory/DOKU_identify.php
This IDENTIFY Process is not a mandatory process. But strongly recommended if Merchant accept the
ATM/VA Channel. This IDENTIFY Process also does not require Merchant’s response. Feel free to use or not
use this process based on your business process and requirement.
3.4.1 Method
Method
3.4.2 Parameters Sent

1 AMOUNT N 12.2 Total amount. Eg: 10000.00
2 TRANSIDMERCHANT AN ...30 Transaction ID from Merchant
3 PAYMENTCHANNEL N 2 See payment channel code list in Appendix section
4 SESSIONID AN ...48 DOKU will return the value from Payment Request.
3.5 Notify
Allow Merchant to have a real-time payment status notification. Merchant should inform the URL where DOKU
server will send the notification message. Example: http://www.yourwebsite.com/directory/DOKU_notify.php
By default DOKU will IGNORE merchant’s response but merchant have an option for DOKU to reverse the
payment if merchant’s response is not appropriate or time out occurs.
3.5.1 Method
Method

3 WORDS AN ...200 Hashed key combination encryption. The hashed key generated from
combining these parameters value in this order:
AMOUNT+MALLID+<shared key>
+TRANSIDMERCHANT+
RESULTMSG+VERIFYSTATUS.
For transaction with currency other than 360 (IDR), use :
AMOUNT+MALLID+ <shared key> + TRANSIDMERCHANT +
RESULTMSG+VERIFYSTATUS + CURRENCY
4 STATUSTYPE A 1 Default value : P
5 RESPONSECODE N 4 0000: Success, others Failed
21
www.doku.com
6 APPROVALCODE AN ...20 Transaction number from bank

7 RESULTMSG *) A ...20 SUCCESS / FAILED
8 PAYMENTCHANNEL N 2 See payment channel code list
Virtual Account identifier for VA transaction. Has value if using
9 PAYMENTCODE N …8 Channel that has payment code.
11 BANK AN …100 Bank Issuer
12 MCN ANS 16 Masked card number
13 PAYMENTDATETIME N 14 YYYYMMDDHHMMSS
14 VERIFYID N 30 Generated by Fraud Screening (RequestID)
15 VERIFYSCORE N …3 -1 or 0 - 100
16 VERIFYSTATUS A …10 APPROVE / REJECT / REVIEW / HIGHRISK / NA
17 CURRENCY N 3 ISO3166 , numeric code
18 PURCHASECURRENCY N 3 ISO3166 , numeric code
19 BRAND A …10 VISA / MASTERCARD
20 CHNAME AN ..50 Cardholder Name
21 THREEDSECURESTATUS A ..5 TRUE / FALSE
22 LIABILITY A ..10 CUSTOMER / MERCHANT / NA
23 EDUSTATUS A ..10 Always be : NA
24 CUSTOMERID AN …16 Merchant’s customer identifier (If using Tokenization)
25 TOKENID AN …16 Tokenized Card’s Identifier (If using Tokenization)
*) main identifier of transaction success / failed
3.5.3 Notify Response

Merchant just echo or print “CONTINUE”.
3.6 Redirect
Redirecting back to Merchant’s domain. Merchant should inform the URL where DOKU will redirect. Example:
http://www.yourwebsite.com/directory/DOKU_redirect.php
3.6.1 Method
Method
HTTP POST

combining these parameters value in this order: AMOUNT+<shared key>
+TRANSIDMERCHANT+STATUSCODE.
AMOUNT+<shared key>
+TRANSIDMERCHANT+STATUSCODE + CURRENCY
4 STATUSCODE N 4 0000: Success, others Failed
Virtual Account identifier for VA transaction. Has value if using Channel that
7 PAYMENTCODE N 16 has payment code.
22
www.doku.com
3.7 Capture
Capture can be executed after Authorization process is success

Method
https://pay.doku.com/Suite/CaptureRequest
https://staging.doku.com/Suite/CaptureRequest

2 CHAINMERCHANT N Given by DOKU Y
3 TRANSIDMERCHANT AN ...30 Transaction ID from Merchant Y
4 APPROVALCODE AN ..20 Transaction number from Bank Y
9 SESSIONID AN ...48 Original value from Payment Request. Y
10 WORDS AN ...200 Hashed key combination encryption. The hashed key
generated from combining these parameters value in
this order : MALLID+<shared Y
key>+TRANSIDMERCHANT+SESSIONID
11 PAYMENTCHANNEL N 12 Only for Credit Card (15) Y
3.7.3 Capture Response

DOKU will echo payment status in XML format.

AMOUNT+MALLID+<shared
key>+TRANSIDMERCHANT+RESULTMSG+VERIFYSTATUS
For transaction with currency other than 360 (IDR), use:
RESULTMSG+CURRENCY
23
www.doku.com

<?xml version="1.0"?>
<PAYMENT_STATUS>
<AMOUNT></AMOUNT>
<TRANSIDMERCHANT></TRANSIDMERCHANT>
<WORDS></WORDS>
<RESPONSECODE></RESPONSECODE>
<APPROVALCODE></APPROVALCODE>
<RESULTMSG></RESULTMSG>
<PAYMENTCHANNEL></PAYMENTCHANNEL>
<SESSIONID></SESSIONID>
<MCN></MCN>
<PAYMENTDATETIME></PAYMENTDATETIME>
<CURRENCY></CURRENCY>
<PURCHASECURRENCY></PURCHASECURRENCY>
</PAYMENT_STATUS>
3.8 Check Status

We recommend Merchant to do CHECK STATUS after customer redirected back to merchant’s website or
after some period where no redirect had been detected.

Method
https://pay.doku.com/Suite/CheckStatus
https://staging.doku.com/CheckStatus

4 SESSIONID AN ...48 Original value from Payment Request. Y
5 WORDS AN ...200 Hashed key combination encryption. The hashed key
generated from combining these parameters value in
this order : MALLID+<shared
key>+TRANSIDMERCHANT.
use :
MALLID+<shared key>+TRANSIDMERCHANT +
CURRENCY
6 CURRENCY N 3 ISO3166 , numeric code O
7 PURCHASECURRENCY N 3 ISO3166 , numeric code O
8 PAYMENTTYPE AN ...13 AUTHORIZATION or CAPTURE
O
If not sent, last transaction will be responded
3.8.3 Check Status Response

DOKU will echo payment status in XML format.
24
www.doku.com

AMOUNT+MALLID+<shared key>+TRANSIDMERCHANT+
RESULTMSG+VERIFYSTATUS.
RESULTMSG+VERIFYSTATUS + CURRENCY
Virtual Account identifier for VA transaction. Has value if using
9 PAYMENTCODE N …8 Channel that has payment code.
11 BANK AN …100 Bank Issuer
13 PAYMENTDATETIME N 14 YYYYMMDDHHMMSS
14 VERIFYID N 30 Generated by Fraud Screening (RequestID)
15 VERIFYSCORE N …3 0 - 100
16 VERIFYSTATUS A …10 APPROVE / REJECT / HIGHRISK / NA
19 BRAND A …10 VISA / MASTERCARD
20 CHNAME AN ..50 Cardholder Name
21 THREEDSECURESTATUS A ..5 TRUE / FALSE
22 LIABILITY A ..10 CUSTOMER / MERCHANT / NA
23 EDUSTATUS A ..10 Manual Fraud Review, value : APPROVE / REJECT / NA (default)

<PAYMENT_STATUS>
<AMOUNT></AMOUNT>
<TRANSIDMERCHANT></TRANSIDMERCHANT>
<WORDS></WORDS>
<RESPONSECODE></RESPONSECODE>
<APPROVALCODE></APPROVALCODE>
<RESULTMSG></RESULTMSG>
<PAYMENTCHANNEL></PAYMENTCHANNEL>
<PAYMENTCODE></PAYMENTCODE>
<SESSIONID></SESSIONID>
<BANK></BANK>
<MCN></MCN>
<PAYMENTDATETIME></PAYMENTDATETIME>
<VERIFYID></VERIFYID>
<VERIFYSCORE></VERIFYSCORE>
<VERIFYSTATUS></VERIFYSTATUS>
<CURRENCY></CURRENCY>
<PURCHASECURRENCY></PURCHASECURRENCY>
<BRAND></BRAND>
<CHNAME></CHNAME>
<THREEDSECURESTATUS></THREEDSECURESTATUS>
<LIABILITY></LIABILITY>
<EDUSTATUS></EDUSTATUS>
</PAYMENT_STATUS>
25
www.doku.com
3.9 Void
Allow Merchant to Void Sale and Authorization Transaction.

Method

https://pay.doku.com/Suite/VoidRequest

https://staging.doku.com/Suite/VoidRequest

4 SESSIONID AN ...48 Original value from Sale Request. Y

5 WORDS AN ...200 Hashed key combination encryption. The hashed key generated Y
from combining these parameters value in this order:
MALLID+<shared key>+
TRANSIDMERCHANT+SESSIONID
6 PAYMENTCHANNEL N 2 See payment channel code list Y
3.9.3 Void Response

Response Method Data Format Description
SUCCESS Print / echo HTML DOKU successfully process the void request from Merchant
FAILED Print / echo HTML DOKU failed to process void request from Merchant
3.10 Inquiry
Inquiry is used only for Direct Virtual Account flow. Merchant should inform the URL where DOKU server will
send inquiry request. Example: http://www.yourwebsite.com/directory/DOKU_redirect.php
3.10.1 Method
Method
3.10.2 Parameters sent

3 PAYMENTCHANNEL N 2 See payment channel code list Y
4 PAYMENTCODE N …8 Virtual Account identifier for VA transaction. Has value if using

26
www.doku.com
Channel that has payment code.

5 WORDS AN ...200
Hashed key combination encryption (use SHA1 method). The
hashed key generated from combining these parameters value
Y
in this order : MALLID+ +PAYMENTCODE
3.10.3 Inquiry Response

DOKU will expect inquiry response from merchant in XML format with these parameters:

1 PAYMENTCODE N 16 Virtual Account identifier for VA transaction
2 AMOUNT N ...12.2 Total amount. Eg: 10000.00

3 PURCHASEAMOUNT N ...12.2 Total amount. Eg: 10000.00
If merchant implement open amount schema, please set limit min &
max amount for the transaction.
4 MINAMOUNT N ...12.2
Eg: 10000.00
Nb : set params AMOUNT & PURCHASE with value 0.00
Related with limit max open amount schema .
5 MAXAMOUNT N ...12.2
Eg: 500000.00
Hashed key combination encryption (use SHA1 method). The hashed
7 WORDS AN ...200 key generated from combining these parameters value in this order :
AMOUNT+MALLID+ <shared key> +TRANSIDMERCHANT
8 REQUESTDATETIME N 14 YYYYMMDDHHMMSS
11 SESSIONID AN ...48 Additional transaction validation
12 NAME AN ...50 Customer name
13 EMAIL ANS ...100 Customer email
Show transaction description. Use comma to separate each field and
14 BASKET ANS ...1024 semicolon for each item.
Item1,1000.00,2,20000.00;item2,15000.00,2,300 00.00
15 ADDITIONALDATA ANS 1024 Custom additional data for specific Merchant use
Optional parameter
3000 = Invalid account number
3001 = Decline
3002 = Bill already paid
16 RESPONSECODE N 4
3004 = Account number / Bill was expired
3006 = Bill / VA Number not found
0000 = Success
9999 = Internal Error / Failed
Below is the example :

<INQUIRY_RESPONSE>
<PAYMENTCODE>8975011200005642</PAYMENTCODE>
<AMOUNT>100000.00<AMOUNT>
<PURCHASEAMOUNT>100000.00</PURCHASEAMOUNT>
<MINAMOUNT>10000.00<MINAMOUNT>
<MAXAMOUNT>550000.00<MAXAMOUNT>
<TRANSIDMERCHANT>1396430482839</TRANSIDMERCHANT>
<WORDS>b5a22f37ad0693ebac1bf03a89a8faeae9e7f390</WORDS>
<REQUESTDATETIME>20140402162122</REQUESTDATETIME>
<CURRENCY>360</CURRENCY>
<PURCHASECURRENCY>360</PURCHASECURRENCY>
<SESSIONID>dxgcmvcbywhu3t5mwye7ngqhpf8i6edu</SESSIONID>
<NAME>Nama Lengkap</NAME>
<EMAIL>nama@xyx.com</EMAIL>
<BASKET>ITEM 1,10000.00,2,20000.00;ITEM 2,20000.00,4,80000.00</BASKET>
<ADDITIONALDATA>BORNEO TOUR AND TRAVEL</ADDITIONALDATA>
27
www.doku.com
</INQUIRY_RESPONSE>
3.11 Refund
Allow Merchant to Refund Sale & Installment on-us Transaction.
3.11.1 Method & URL
Method
HTTP POST
HTTPS Form Action for STAGING ENVIRONMENT
https://staging.doku.com/Suite/DoRefundRequest
https://pay.doku.com/Suite/DoRefundRequest
3.11.2 Request Parameter

1 MALLID N Given by DOKU X
2 CHAINMERCHANT N Given by DOKU O
3 REFIDMERCHANT N ...30 New Refund Transaction ID from Merchant X
4 TRANSIDMERCHANT AN ...30 Original Transaction ID from Merchant X
5 APPROVALCODE AN …20 Transaction number from Bank X
6 AMOUNT N 12.2 Total VOID / REFUND amount X
8 01 = Full Refund
02 = Partial Refund Credit X
REFUNDTYPE N …2 03 = Partial Refund Debit
Merchant can use this parameter for additional validation, DOKU
X
9 SESSIONID AN ...48 will return the value in other response process
WORDS AN ...200 Hashed key combination encryption. The hashed key generated
AMOUNT+MALLID+<shared key>+
REFIDMERCHANT+SESSIONID
X
REFIDMERCHANT+SESSIONID+CURRENCY
10 Refer to Shared Key Hashed Value page section.
11 REASON ANS …256 Reason for refund X
12 BANKDATA ANS …256 Additional Data O
13 DATA1 ANS …256 Additional Data O
3.11.3 Response
No Parameter Comment
1
RESPONSECODE Refund response code
2
RESPONSEMSG Refund status
28
www.doku.com
3
TRANSIDMERCHANT Transaction ID from Merchant
4
REFNUM Reference number
5
SESSIONID Refund session ID
6 REFIDMERCHANT Refund ID from Merchant
Sample of Refund response in XML format.

<REFUND_RESPONSE>
<TRANSIDMERCHANT>TRX123456789</TRANSIDMERCHANT>
<REFNUM>123456</REFNUM>
<SESSIONID>9999999999999</SESSIONID>
<REFIDMERCHANT>REFTRX123456789</REFIDMERCHANT>
</REFUND_RESPONSE>
3.12 Cancellation
Allow Merchant to Cancel Sale Transaction.

Method
https://pay.doku.com/Suite/DoCancelRequest
https://staging.doku.com/Suite/DoCancelRequest

1 MALLID N Given by DOKU X
2 REFIDMERCHANT N New Refund Transaction ID from Merchant X
3 TRANSIDMERCHANT AN ...30 Original Transaction ID from Merchant X
4 APPROVALCODE AN …20 Transaction number from Bank X
5 AMOUNT N 12.2 Total VOID / REFUND amount X
If Partial Refund Debit, it’s mandatory to enter ‘03’. Otherwise,
O
7 REFUNDTYPE N …2 parameter is not needed
8 SESSIONID AN ...48 Original value from Sale Request. X
WORDS AN ...200 Hashed key combination encryption. The hashed key generated
REFIDMERCHANT+SESSIONID
X
REFIDMERCHANT+SESSIONID+CURRENCY
9 Refer to Shared Key Hashed Value page section.
10 REASON ANS …256 Reason for cancellation X
11 BANKDATA ANS …256 Additional Data O
29
www.doku.com

3.12.3 Cancellation Response

1 TRANSIDMERCHANT AN ...30 Original Transaction ID from Merchant
3 RESPONSEMSG A ...20 VOIDED / REFUNDED / FAILED
4 REFNUM AN 6 Transaction number from bank
5 SESSIONID AN ...48 Original value from Sale Request.
6 REFIDMERCHANT AN …100 New Refund Transaction ID from Merchant
Sample will Cancellation response in XML format.
<CANCEL_RESPONSE>
<TRANSIDMERCHANT>TRX123456789</TRANSIDMERCHANT>
<REFNUM>123456</REFNUM>
<SESSIONID>9999999999999</SESSIONID>
<REFIDMERCHANT>REFTRX123456789</>
</CANCEL_RESPONSE>
30
www.doku.com
Appendix
A. Payment Channel Code
CODE DESCRIPTION
02 Mandiri ClickPay
03 KlikBCA
04 DOKU Wallet
06 BRI e-Pay
15 Credit Card Visa/Master/JCB
16 Credit Card Tokenization
17 Recurring Payment
18 BCA KlikPay
19 CIMB Clicks
22 Sinarmas VA
23 MOTO
25 Muamalat Internet Banking
26 Danamon Internet Banking
28 Permata Internet Banking
29 BCA VA
31 Indomaret
33 Danamon VA
34 BRI VA
35 Alfagroup
36 Permata VA
37 Kredivo
41 Mandiri VA
42 QNB VA
45 BNI Yap
31
www.doku.com
B. DOKU IP Address
DOKU has only 3 IP public that can be detected when DOKU call to your application (Identify, Notify & Redirect functions). So to
make those applications process ONLY from DOKU is by using DOKU IP Address. Although, High Anonymous Proxy or IP
Masking/Hide/Change tools on most current network application can still penetrate this feature, this will reduce most of injection
false information to the applications to create genuine transactions.
Below is an example script of IP filtering in PHP:
@$REMOTE_ADDR;
or
$_SERVER[‘REMOTE_ADDR’];
32
www.doku.com
C. Example of email notification for Virtual Account payment

From: <systemno-reply@doku.com>
Date: 2016-04-26 9:23 GMT+07:00
Subject: Bayar Pesanan Anda [8965052200000085] Via [ATM] - [MERCHANT NAME]
To: customer@domain.com
Yang terhormat [Customer Name]
Terima kasih atas pemesanan Anda di MERCHANTNAME. Pesanan akan segera kami proses setelah Anda melakukan
pembayaran di ATM atau fasilitas Internet Banking yang terhubung dengan jaringan ATM Bersama, Prima, atau ALTO.
KODE PEMBAYARAN ANDA:

8965052200000085
ORDER TOTAL:
10,000.00
Kami menyarankan agar pembayaran dilakukan secepatnya. Masa berlaku kode pembayaran akan berakhir dalam waktu 5 jam,
dimana pembelian akan batal apabila melewati jangka waktu.
Cara Membayar di ATM

1. Masukkan PIN
2. Pilih "TRANSFER". Apabila menggunakan ATM BCA, pilih "TRANSAKSI LAINNYA" lalu "TRANSFER".
3. Pilih "KE REK BANK LAIN"
4. Masukkan Kode Bank Permata (013) kemudian tekan "Benar"
5. Masukkan jumlah pembayaran sesuai dengan yang ditagihkan (Jumlah yang ditransfer harus sama persis
tidak boleh lebih dan kurang). Jumlah nominal yang tidak sesuai dengan tagihan akan menyebabkan
transaksi gagal.
6. Isi nomor rekening tujuan dengan 16-digit nomor kode pembayaran 8965052200000085 lalu tekan "Benar"
7. Muncul Layar Konfirmasi Transfer yang berisi nomor rekening tujuan Bank Permata dan Nama beserta jumlah
yang dibayar. Jika sudah benar, Tekan "Benar"
8. Selesai
Cara Membayar Melalui Internet Banking

1. Login ke dalam akun Internet Banking
2. Pilih transfer ke bank lainnya
3. Pilih Bank Permata (013) sebagain rekening tujuan
4. Masukan jumlah pembayaran sesuai dengan yang ditagihkan
5. Isi nomor rekening tujuan dengan 16-digit nomor kode pembayaran 8965052200000085 lalu tekan "Benar"
6. Selesai
Note:
Pembayaran tidak bisa dilakukan melalui BCA Internet Banking
Transfer hanya dapat dilakukan dengan Real Time Transfer tidak dapat di process dengan LLG (Lalu Lintas giro) dan
RTGS.
Apabila Anda memiliki pertanyakan, silahkan hubungi kami di care@doku.com.
Terima Kasih
DOKU, The Better Way To Pay
33
www.doku.com
D. Currency & Country Codes (ISO3166)

List of country & currency code (ISO3166) is listed on this URL:
https://www.iso.org/obp/ui/
34
www.doku.com
E. Special Characters
Due to security purpose, not all special characters are allowed. Special Characters allowed
by DOKU are:
,.&;+:/=
35
www.doku.com
F. Response Code
This response codes are not meant for customer. It’s for merchant’s benefits. Merchant must be always
treated declined transactions as the customer required to contact their Bank Issuer for the declined credit
card. This data is very confidential. Do not reproduce in any kind to public view. Fail to do so will void
merchant’s account.
i. DOKU general error

Error Code Description
0000 Successful approval
5555 Undefined error
5501 Payment channel not registered
5502 Merchant is disabled
5503 Maximum attempt 3 times
5504 Words not match
5505 Invalid parameter
5506 Notify failed
5507 Invalid parameter detected / Customer click cancel process
5508 Re-enter transaction
5509 Payment code already expired
5510 Cancel by Customer
5511 Not an error, payment code has not been paid by Customer
5512 Insufficient Parameter
5514 Reject by Fraud System
5515 Duplicate PNR
5516 Transaction Not Found
5517 Error in Authorization process
5518 Error parsing XML
5519 Customer stop at 3D Secure page
5520 Transaction Failed via scheduler
5521 Invalid Merchant
5522 Rates were not found
5523 Failed to get Transaction status
5524 Failed to void transaction
5525 Transaction can not be process
5526 Transaction is voided because timeout to wallet
5527 Transaction will be process as Off Us Instalment
5529 Invalid Merchant
5530 Internal server error
5531 Pairing Code does not exist
5532 Invalid Payment Channel
5533 Failed to inquiry list of fund
5534 Invalid Pairing Code
5535 Invalid Token
5536 Time Out
5537 Invalid Currency
36
www.doku.com
5538 Invalid Purchase Currency

5539 3D Secure Enrolment check failed
5540 3D Secure Authentication failed
5541 Form Type is not valid
5542 Duplicate Transaction ID
5543 Please check 3D Secure result
5544 Failed to delete token
5545 Failed to Void
5547 BIN are not allowed in promo
5548 Invalid Parameter
5553 Failed to tokenize
5554 Off-us Reward Process
5564 Batch ID not found in transaction
5568 Failed Refund
5569 Void / Refund Amount is invalid
5571 Failed Register Paycode
5572 No Response
5573 Failed create bill
5574 Merchant not found
5575 Transaction has already voided
00BA Rejected by Bank Acquiring
Wrong input the OTP (at 3dsecure page) or customer didn't continue the
003D
transactions when landing at the 3dsecure page.
00BB Bin Blocking, because Card Origin was not allowed go through the payment.
0098 3dsecure failure. The card is not supported 3dsecure
37
www.doku.com
ii. Credit Card

Error
VISA MASTERCARD ORIGIN ACTIONS
Code
0001 Refer to card issuer Refer to card issuer VISA/MASTER Tell Customer to contact
the Bank Issuer of the
card used.
0002 Refer to card issuer, special - VISA/MASTER Tell Customer to contact
condition the Bank Issuer of the
card used.
0003 Invalid merchant or service Invalid Merchant VISA/MASTER Contact DOKU or BNI
provider
0004 Pickup card Capture card VISA/MASTER Should consider
blocking the card
temporarily or Block
login ID
0005 Do Not Honor Do Not Honor VISA/MASTER Tell Customer to contact
card used.
0006 Error - VISA/MASTER Tell Customer to contact
card used.
0007 Pickup card, special - VISA/MASTER Should consider
condition (other than blocking the card
lost/stolen card)
0008 - Honor with ID VISA/MASTER Tell Customer to contact
card used.
0010 Partial Approval - Private - VISA/MASTER Tell Customer to contact
label the Bank Issuer of the
card used.
0011 VIP Approval - VISA/MASTER Tell Customer to contact
card used.
0012 Invalid Transaction Invalid Transaction VISA/MASTER Contact DOKU or BNI
0013 Invalid amount (currency Invalid Amount VISA/MASTER Contact DOKU or BNI
conversion field overflow.
Visa Cash - Invalid load
mount)
0014 Invalid account number (no Invalid Card Number VISA/MASTER Contact DOKU or BNI
such number)
0015 No such issuer Invalid issuer VISA/MASTER Contact DOKU or BNI
0019 Re-enter transaction - VISA/MASTER Contact DOKU or BNI
0021 No Action taken (unable to - VISA/MASTER Contact DOKU or BNI

back out prior transaction)
0025 Unable to locate record in - VISA/MASTER Contact DOKU or BNI
file, or account number is
missing from inquiry
0028 File is temporarily - VISA/MASTER Contact DOKU or BNI
unavailable
0030 - Format error VISA/MASTER Contact DOKU or BNI
38
www.doku.com
0041 Pickup card {lost card) Lost Card VISA/MASTER Should consider
blocking the card
login ID
0043 Pickup card [stolen card) Stolen Card VISA/MASTER Should consider
blocking the card
login ID
0051 Insufficient funds Insufficient Funds/Over VISA/MASTER Tell Customer to contact
Credit limit the Bank Issuer of the
card used.
0052 No checking account - VISA/MASTER Tell Customer to contact
card used.
0053 non savings account - VISA/MASTER Tell Customer to contact
card used.
0054 Expired card Expired Card VISA/MASTER Tell Customer to contact
card used.
0055 Incorrect PIN (Visa cash - Invalid PIN VISA/MASTER Tell Customer to contact
invalid or missing SI the Bank Issuer of the
signature) card used.
0057 Transaction not permitted to Transaction not permitted VISA/MASTER Tell Customer to contact
cardholder [Visa cash - to issuer/cardholder the Bank Issuer of the
incorrect routing, not a load card used.
request)
0058 Transaction not allowed at Transaction not permitted VISA/MASTER Tell Customer to contact
terminal to acquirer/terminal the Bank Issuer of the
card used.
0061 Activity amount limit Exceeds withdrawal VISA/MASTER Tell Customer to contact
exceeded amount limit the Bank Issuer of the
card used.
0062 Restricted card (for Restricted Card VISA/MASTER Tell Customer to contact
example in country the Bank Issuer of the
exclusion table) card used.
0063 Security violation Security Violation VISA/MASTER Contact DOKU or BNI
0065 Activity count limit exceeded Exceeds withdrawal count VISA/MASTER Tell Customer to contact
limit the Bank Issuer of the
card used.
0075 Allowable number of PIN- Allowable number of PIN VISA/MASTER Tell Customer to contact
entry tries exceeded tries exceeded the Bank Issuer of the
card used.
0076 Unable to locate previous Invalid/nonexistent "To VISA/MASTER Contact DOKU or BNI
message (no match on Account" specified
Retrieval Reference
number)
0077 Previous message located Invalid/nonexistent "From VISA/MASTER Contact DOKU or BNI
for a repeat or reversal, but account" specified
repeat or reversal data are
inconsistent with original
message
0078 - Invalid/nonexistent account VISA/MASTER Contact DOKU or BNI
specified (general)
39
www.doku.com
0080 invalid date (For use in - VISA/MASTER Contact DOKU or BNI

private label card
transactions and check
acceptance transactions)
0081 PIN Cryptographic error - VISA/MASTER Contact DOKU or BNI
found (error found by VIC
security module during PIN
decryption)
0082 Incorrect CW/1CW - VISA/MASTER Tell Customer to contact
card used.
0083 Unable to verify PIN - VISA/MASTER Tell Customer to contact
card used.
0084 - Invalid Authorization Life VISA/MASTER Contact DOKU or BNI
Cycle
0085 No reason to decline a Not Decline Valid for AVS VISA/MASTER Contact DOKU or BNI
request for account number only, balance inquiry, or
verification or address SET Cardholder certificate
verification requests [VISA Only)
0091 Issuer unavailable or switch Authorization System or VISA/MASTER Contact DOKU or BNI
inoperative (STIP not issuer system inoperative
applicable or available for
this transaction)
0092 Destination cannot be found Unable to route transaction VISA/MASTER Contact DOKU or BNI
for routing
0093 Transaction cannot be - VISA/MASTER Contact DOKU or BNI
completed; violation of law
0094 - Duplicate transmission VISA/MASTER Contact DOKU or BNI
detected
0096 System malfunction / System Error VISA/MASTER Contact DOKU or BNI
System malfunction or
certain field error conditions
00NO Force STIP - VISA/MASTER Contact DOKU or BNI
00N3 Cash service not available - VISA/MASTER Contact DOKU or BNI
00N4 Cash request exceeds - VISA/MASTER Contact DOKU or BNI

issuer limit
00N7 Decline for CW2 failure - VISA/MASTER Contact DOKU or BNI
00P2 Invalid biller information - VISA/MASTER Contact DOKU or BNI
00P5 PIN Change/Unblock - VISA/MASTER Contact DOKU or BNI

request declined
00P6 Unsafe PIN - VISA/MASTER Contact DOKU or BNI
00TO Timeout / Transaction’s Timeout / Transaction’s DOKU Contact DOKU or BNI

response exceed time limit response exceed time limit
00UE Unknown Exception / Unknown Exception / DOKU Contact DOKU or BNI
PosServer not responding PosServer not responding
40
www.doku.com
iii. Mandiri Clickpay
Error Code Description

0001 Internal system error: cannot parse message
0002 Internal system error: unmatched signature hash
0003 Internal system error: Cannot process message
0004 Internal system error: Error on field
0005 Internal system error: Transaction not found
0006 Internal system error: Create VPA response error
0101 Internal system error: Create velis-authenticator message
0102 Internal system error: Runtime try/catch error when creating VTCPStream
0103 Internal system error: Cannot connect to velis-authenticator
0104 Internal system error: Send request to velis-authenticator failed
0105 Internal system error: Waiting response from velis-authenticator failed
0106 Internal system error: Read response from velis-authenticator failed
0107 Internal system error: Parse response from velis-authenticator failed
0108 Internal system error: Signature key from velis-authenticator is invalid
1101 User not registered: Channel not register in database (not found)
1102 User not registered: User not active
1103 User not registered: User has deleted
1104 User not registered: User not found
1105 User not registered: Channel for User not active
1106 User not registered: Channel for User has deleted - no access
1107 User not registered: Channel for User not register / not found
1108 User has blocked: User has disabled
1109 User has blocked
1110 User has blocked: Channel for User has disabled
1111 User has blocked: Channel for User has blocked
1112 User already activated: User has invalid status (or already active)
1113 User already activated: Channel for User has invalid status (or already
active)
1114 Invalid token: Token of User not active
1115 Invalid token: Token of User has disable
1116 Invalid token: Token of User has deleted
1117 Invalid token: Token of User not found
1118 Invalid token: Method CR not allowed for Token of User
1119 Invalid token: Method RO not allowed for Token of User
1120 Invalid token: Method SG not allowed for Token of User
1121 Invalid token: Device Token Type not valid (only support VS = VASCO
Token)
1122 Invalid token response: Code Not Verified
1123 Invalid token response: Code Replay Attempt
1124 Invalid token response: Challenge Too Small
1125 Invalid token response: Challenge Too Long
1126 Invalid token response: Challenge Check Digit Wrong (Host Check
Challenge Mode)
41
www.doku.com
1127 Invalid token response: Challenge Character Not Decimal

1128 Invalid token response: Challenge Corrupt (Host Check Challenge Mode)
1129 Invalid token response: Response Length Out of Bounds
1130 Invalid token response: Response Too Small
1131 Invalid token response: Response Too Long
1126 Invalid token response: Challenge Check Digit Wrong (Host Check
Challenge Mode)
1127 Invalid token response: Challenge Character Not Decimal
1128 Invalid token response: Challenge Corrupt (Host Check Challenge Mode)
1129 Invalid token response: Response Length Out of Bounds
1130 Invalid token response: Response Too Small
1131 Invalid token response: Response Too Long
1132 Invalid token response: Response Check Digit Wrong
1133 Invalid token response: Response Character Not Decimal
1134 Invalid token response: Response Character Not Hexadecimal
1135 Invalid token response: Token Authentication Failed
1199 Receive error response from VA
0201 Internal system error: Create DSP-ISO message failed
0202 Internal system error: No active DSPSession
0203 Internal system error: Cannot send request to DSP-Silverlake
0204 Internal system error: Waiting response from DSP-Silverlake
0205 Internal system error: Read response from DSP-Silverlake without bit 39
0206 Internal system error: Read response from DSP-Silverlake without bit126
0207 Invalid card number: Card number not belong to this CIF
2101 Invalid card number: Card not found
2102 Not enough balance
2103 Invalid customer account
2104 DSP-Silverlake system error
2199 Receive error response from DSP-Silverlake
0301 Internal system error: Cannot connect to VAM
3101 Invalid XML request: Invalid data XML (tc)
3102 Invalid XML request: Invalid data XML (userid)
3103 Invalid XML request: Invalid data XML (trace number)
3104 Invalid XML request: Invalid data XML (reference number)
3105 Invalid XML request: Invalid data XML (datetime)
3106 Invalid XML request: Invalid data XML (merchantid)
3107 Invalid XML request: Invalid data XML (bankid)
3108 Invalid XML request: Invalid data XML (item detail)
3109 Invalid XML request: Invalid data XML (amount)
3110 Invalid XML request: Invalid data XML (challenge)
3111 Invalid XML request: Invalid data XML (authentication)
3112 Invalid XML request: Invalid data XML (signature)
3113 Invalid XML request: Invalid data XML (aggregator)
3114 Invalid XML request: Error parse XML
3115 Invalid XML request: XML data is null
42
www.doku.com
3116 Invalid XML request: Unmatched signature request

3117 Invalid XML request: Cannot find Aggregator
3118 User already registered: Duplicate UserID
3119 Customer account not found: Cannot find customer account
3120 Not registered UserID
3121 Daily transaction limit is reached
3122 Maximum transaction limit is reached
3123 Transaction payment rejected: Invalid limit configuration
3124 Transaction payment rejected: Cannot find Merchant ID
3125 Transaction payment rejected: Inactive merchant
3126 Transaction payment rejected: Cannot find Bank Commission
3127 Transaction payment rejected: Cannot find Bank Commission Tearing
3128 Transaction payment rejected: Cannot find Aggregator Commission
3129 Transaction payment rejected: Cannot find Aggregator Commission
Tearing
3130 Transaction payment rejected: Duplicate Transaction request
3131 Reversal rejected: Cannot find original data for reversal
3132 Reversal rejected: Cannot find merchant account for reversal
3133 Registration failed: Failed add customer channel
3134 Unregistered failed: Failed remove customer channel
3135 Merchant registration failed: Duplicate Merchant
3201 Error init database
3202 Error write to database
4000 No connection to Aggregator
9000 Other error
9013 Unable to send request to bank
43
www.doku.com
iv. DOKU Wallet

Error
Description
Code
0E01 FAILED GET MERCHANT
0E02 MASTER MERCHANT INACTIVE
0E03 INVALID WORDS FROM MERCHANT
0E04 INVALID MERCHANT
0E05 FAILED TO PROCESS PAYMENT
0E06 PAYMENT METHOD NOT DEFINE
0E07 FAILED EXECUTE PRE AUTH PLUGINS
0E08 FAILED EXECUTE POST AUTH PLUGINS
0E09 INVALID PAY ID
0E10 ERROR PAY ID
0E11 FAILED EXECUTE PRE TRANS MIP PLUGINS
0E12 VERIFY RESPONSE STOP FROM MERCHANT
0E13 FAILED VERIFY TO MERCHANT
0E14 FAILED SEND PAYMENT CASH WALLET
0E15 NOTIFY RESPONSE STOP FROM MERCHANT
0E16 FAILED NOTIFY TO MERCHANT
0E18 FAILED EXECUTE POST TRANS MIP PLUGINS
0E19 NOT ENOUGH CASH BALANCE AND DON’T HAVE CREDIT CARD
0E20 SPENDER NO HAVE LINK TO CREDIT CARD
0E21 ERROR CHECK 3D SECURE CREDIT CARD
0E22 PIN/OTP IS NOT VALID
0E23 PLEASE INPUT CVV2
0E24 INVALID SESSION
0E25 FAILED SEND LINK AUTHENTICATION TO CARD HOLDER
0E26 INSUFFICIENT PARAMS
0E27 FAILED EXECUTE PRE TRANS CIP PLUGINS
0E28 FAILED EXECUTE POST TRANS CIP PLUGINS
0E29 FAILED SEND PAYMENT MIP CREDIT CARD
0E30 YOU DO NOT HAVE PIN
0E31 DUPLICATE INVOICE NO
0E32 URL NOT FOUND
0E33 CUSTOMER NOT FOUND
0E34 VOID PROCESS FAILED
0E35 Failed Send ONE TIME PIN to your email
0E36 Failed Send Link for create PIN to your email
0E37 THIS SPENDER CAN'T TRANSACT IN THIS MERCHANT
0E38 You have reach your DOKU ID Transaction Limit
0E39 Process MIP Transaction Failed
0E99 ERROR SYSTEM
44
www.doku.com
v. BRI e-Pay
Error
Description
Code
0001 Failed to notify Merchant
0020 General error
0021 Wrong password
0022 Wrong paycode
0023 Transaction cancelled
0024 User ID is being used
0025 User has not registered M-Token
0026 Timeout
0027 Invalid parameter
0028 User ID is being blocked
0029 User ID not found
0030 Transaction limit exceeded
0031 User not found
0032 Failed to show BRI pop up (deprecated)
0033 Pop up page being closed by customer (deprecated)
0048 Failed to redirect to BRI e-Pay
0066 Page already redirected back to DOKU but not getting any payment result from
BRI (not getting notify and not getting response from 3 times check status)
45
www.doku.com
vi. Alfamart/Indomaret/Permata/Mandiri/Sinarmas VA
Error
Description
Code
0001 Decline (internal error)
0013 Invalid amount
0014 Bill not found
0066 Decline
0088 Bill already paid
46
www.doku.com
vii. Mandiri Multipayment

Error
Description
Code
0001 System unable to process
00B5 Bill can not be found / invalid reference number
00B8 Bill already paid
00C0 Bill has been blocked, please contact biller
0086 Transaction can not be cancelled (in reversal process)
0087 Problem at Database provider
0089 Time Out
0091 Link Down
47
www.doku.com
G. Payment Page Screenshots

i. Credit Card Channel
Merchant Logo
48
www.doku.com
ii. Mandiri Clickpay Channel
Merchant Logo
49
www.doku.com
iii. DOKU Wallet Channel
Merchant Logo
After this page, DOKU will redirect to DOKU Wallet Payment Page.
At DOKU Wallet Payment Page, Customer can choose to pay using Cash or Credit Card
50
www.doku.com
iv. Permata/Mandiri/Sinarmas Virtual Account (Bank Transfer/ATM) Channel
After this page, DOKU will redirect to payment code generate page.
Payment code can be used to pay in ATM or Internet Banking
51
www.doku.com
52
www.doku.com
v. Alfamart / Indomaret (Convenience Store) Channel
After this page, DOKU will redirect to payment code generate page.
Payment code can be used to pay in Alfa Group
53
www.doku.com
Payment code can be used to pay in Indomaret
54
www.doku.com
55
www.doku.com
H. Processing Page Screenshots
i. Transaction processing
56
www.doku.com
ii. Transaction approval
57
www.doku.com
- End of Document -
58
www.doku.com

DOKU - OC 1.25 Hosted

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

DOKU - OC 1.25 Hosted

Hochgeladen von

Copyright:

Verfügbare Formate

DOKU Hosted API

Integration Guide - API for DOKU Hosted Payment Pages

Version 1.24– April 25, 2018

©2018 DOKU - PT Nusa Satu Inti Artha

3.7.1 Method and URL 21

2.1.1.1 BIN Filtering

2.1.1.5 Customer Input at Merchant

2.1.1.6 Authorize & Capture

2.1.1.7 Void, Refund, or Cancellation

2.1.2 Transaction Flow

2.2 DOKU Wallet

2.2.2 Transaction Flow

2.3 Internet Banking

2.3.2 General Internet Banking Transaction Flow

2.3.3 KlikBCA Transaction Flow

1. Customer enter klikBCA user ID in merchant’s page

2.4 Virtual Account

Alfa Group 88888

3. Message Formats and Contents

3.1 Shared Key Hash Value

Below is a sample combination string:

WORDS = sha1 (AMOUNT + MALLID + Shared Key + TRANSIDMERCHANT )

WORDS = sha1 (AMOUNT + MALLID + Shared Key + TRANSIDMERCHANT + CURRENCY)

Or if using currency other than IDR :

Sample to write in PHP application should be like this:

Or if using USD currency :

3.2 Payment Request

3.2.2 Parameters Required

7 WORDS AN …254 Hashed key combination encryption. The hashed

3.2.3 Advanced Features

7 FLIGHTNUMBER Array ..30 List of flight number using IATA Standard Y

3.2.3.2 Credit Card Installment

No Name Type Length Comments Mandatory

Additional Parameters Required for Tokenization

Additional Parameters Required for 2nd Payment Request

No Name Type Comments Mandatory

3.2.3.5 Customer Input at Merchant

3.3 Other Payment Request

3.3.1 Method and URL

HTTPS Action for PRODUCTION ENVIRONMENT

3.3.2 Parameters Required

No Name Type Length Comments

Below is the example:

3.4 Identify (optional)

3.4.2 Parameters Sent

3.5.2 Parameters Sent

6 APPROVALCODE AN ...20 Transaction number from bank

3.5.3 Notify Response

3.6.2 Parameters Sent

9 PURCHASECURRENCY N 3 ISO3166 , numeric code

3.7.1 Method and URL

3.7.2 Parameters Sent

3.7.3 Capture Response

No Name Type Length Comments

12 PURCHASECURRENCY N 3 ISO3166 , numeric code

Below is the example:

3.8 Check Status

3.8.1 Method and URL

3.8.2 Parameters Sent

3.8.3 Check Status Response

No Name Type Length Comments

Below is the example:

3.9.1 Method and URL