Notification - API Direct Debit
provides push s via dbProcessUrl . The needs to reassure there is no Blacklist IP and should Whitelist IP to get push only from 's server.
Request Method | POST |
---|---|
Merchant Token | SHA256 ( iMid+ tXid + amt+ merchantKey) |
IP | 103.20.51.0/24 103.117.8.0/24 |
User-Agent | User-Agent: Jakarta Commons-HttpClient/3.1 |
When your dbProcessUrl received a , strongly recommend to verify using Status Inquiry - API Direct Debit.
Parameter | Type | Size | Description | Example / Notes |
---|---|---|---|---|
tXid | N | 30 | Transaction ID | TNICECP04100202210201205567417 |
merchantToken | AN | 255 | Token | 8e6265b41306e084f919d3b970ce3a20a74211127293bc2e310824479975c119 |
referenceNo | ANS | 40 | Order Number | ORD20221020121062 |
mitraCd | A | 4 | JENC | |
payMethod | N | 2 | 04 | |
payNo | N | 20 | Number | 504100002539 |
payValidTm | N | 6 | CVS Expiry Time (HH24MISS) | null |
payValidDt | N | 8 | Expiry Date (YYYYMMDD) | |
amt | N | 12 | Amount | 50 |
clientUserKey Mandatory if tokenize | AN | 100 | User key, must be unique for each | 1134431 |
userToken | ANS | 255 | User Token | 12345eea9-6234-6789-12r3-123re3456tt5 |
tokenizeUser | N | 1 | Transaction Tokenize Type | 1 |
transDt | N | 8 | Transaction Date | 20221020 |
transTm | N | 6 | Transaction Time | 120803 |
currency | A | 3 | Currency | IDR |
goodsNm | AN | 100 | Goods Name | Testing |
billingNm | A | 100 | Billing Name | John-Doe |
matchCl | N | 1 | Flag: Notification Match Amount Indicator | 1 |
status | A | 1 | 0 |
The Token received by Notification Endpoint must compare internally to prevent fake/invalid s.
💡Example Case:
For example, you have a merchantKey that is used to generate a token, which is 1234. When merchantToken generated by is known, it is abcd, while merchantToken obtained in is abdd. Then is considered fake/invalid.