Verify OTP
Verify OTP
To register the card, you will need to hit this API through your Backend:
Direct API - Direct Debit CIMB SNAP Payment
API Request
| Type | Value | Description |
|---|---|---|
| HTTP Method | POST | |
| API endpoint (Sandbox) | https://api-sandbox.doku.com/direct-debit/[acquirer-name]/v1.0/otp-verification | Possible Values for [acquirer-name] : ovo, cimb, allobank, bri |
| API endpoint (Production) | https://api.doku.com/direct-debit/[acquirer-name]/v1.0/otp-verification | Possible Values for [acquirer-name] : ovo, cimb, allobank, bri |
Here is the sample of request header to perform Account Binding:
X-PARTNER-ID: MCH-0001-10791114622547
X-EXTERNAL-ID: 1684987418452706687
X-TIMESTAMP: 2023-01-27T15:58:59+07:00
X-IP-ADDRESS: 192.168.23.23
X-DEVICE-ID: 912f12e223624d2e94828b1681992be3
X-SIGNATURE: hMac123234nsjkdfhajnkssfhgjklsfsdfdfgdfgdfg124dfgfgh
Request Header Explanation
| Parameter | Description |
|---|---|
| X-PARTNER-ID | Unique ID for a partner (DOKU'S Client ID) |
| X-EXTERNAL-ID | Numeric String. Reference number that should be unique in the same day (request-id) |
| X-TIMESTAMP | Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format |
| X-IP-ADDRESS | IP address of the end user (customer) using IPv4 format. Notes: Mandatory for Allobank (Min:10, Max:15), Optional for rest of acquirer |
| X-SIGNATURE | algoritma symmetric signature HMAC_SHA512 (clientSecret, stringToSign) dengan formula stringToSign = HTTPMethod +โ:โ+ EndpointUrl +":"+ AccessToken +":โ+ Lowercase(HexEncode(SHA-256(minify(RequestBody))))+ ":โ + TimeStamp |
Here is the sample of request body for Balance Inquiry :
{
"originalPartnerReferenceNo": " CIMB20000001",
"otp": "123456",
"type": "PAYMENT",
"additionalInfo": {
"bankCardToken": "12341234"
}
}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
originalPartnerReferenceNo | string | Conditional | Transaction identifier on service consumer system, Mandatory for type Payment |
otp | string | Mandatory | The OTP Sent to user's Whatsapp or Phone Number |
type | string | Mandatory | Type of OTP Verification (binding, unbinding, payment) |
additionalInfo.bankCardToken | string | Mandatory | Customer's Token, mandatory for type Binding and Payment |
API Response
After hitting the above API request, DOKU will give the response.
| Type | Value |
|---|---|
| HTTP Status | 201 |
| Result | CREATED |
Here is the sample response header:
X-PARTNER-ID: MCH-0001-10791114622547
X-EXTERNAL-ID: 1684987418452706687
X-TIMESTAMP: 2023-01-27T15:58:59+07:00
X-IP-ADDRESS: 192.168.23.23
X-DEVICE-ID: 912f12e223624d2e94828b1681992be3
X-SIGNATURE: hMac123234nsjkdfhajnkssfhgjklsfsdfdfgdfgdfg124dfgfgh
Response Header Explanation
| Parameter | Description |
|---|---|
| X-PARTNER-ID | Unique ID for a partner (DOKU'S Client ID) |
| X-EXTERNAL-ID | Numeric String. Reference number that should be unique in the same day (request-id) |
| X-TIMESTAMP | Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format |
| X-IP-ADDRESS | IP address of the end user (customer) using IPv4 format. Notes: Mandatory for Allobank (Min:10, Max:15), Optional for rest of acquirer |
| X-SIGNATURE | algoritma symmetric signature HMAC_SHA512 (clientSecret, stringToSign) dengan formula stringToSign = HTTPMethod +โ:โ+ EndpointUrl +":"+ AccessToken +":โ+ Lowercase(HexEncode(SHA-256(minify(RequestBody))))+ ":โ + TimeStamp |
Here is the sample of response body:
{
"responseCode": "2005400",
"responseMessage": "Successful",
"originalReferenceNo": "12341234"
}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
responseCode | string (7) | Mandatory | Response code as defined in SNAP Regulation |
responseMessage | string | Mandatory | Response message as defined in SNAP Regulation |
originalReferenceNo | string | Optional | account binding unique identifier on acquirer's side |