API Reference

Direct Debit Payment API

post
https://sandbox.api.of.ayoconnect.id/dd/api/v3.0/debit/payment-host-to-host

This API is used to perform Direct Debit payment using a bound account. Clients should refer to latestTransactionStatus as the source of truth for the payment status. The transaction should not be considered failed unless:

  • latestTransactionStatus is 06 - FAILED, or
  • 4045501 is received from the Payment Status API indicating the transaction is not found.

If callback delivery is delayed, clients may call the Payment Status API to retrieve the latest transaction status. Clients are advised not to immediately fail transactions when receiving HTTP 5XX responses or response codes with the 5XX54XX pattern, as the transaction may still be processing asynchronously in the backend system.

Service Code: 54

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params
string
required
length between 32 and 32

Unique 32-character string. Transaction identifier on the partner system.

string
required
length between 32 and 32

Unique bank card token after successful binding, only applicable for Payment.

string
required
length between 6 and 6

This field is a 6 char merchant identifier that is unique per each merchant. The exact value is disclosed to each merchant separately.

amount
object
required

Amount to be charged to the card.

additionalInfo
object
required

Additional info required for processing the transaction. The additionalInfo value must:

  • Have a maximum length of 100 characters.
  • Have a minimum length of 1 character.
  • Be alphanumeric, with the following special characters allowed: (space), @, ., -, _, +, *, !, ~

To display additional values on the dashboard, the values must be strings. Use the following keys:

  • additionalInfo1
  • additionalInfo2
  • additionalInfo3
Headers
string
enum
required
length between 16 and 16

Represents the content type of the received data (e.g. application/json)

Allowed:
string
required

Represents the access_token of a request; string starts with the keyword "Bearer " followed by the access_token.

string
required

Represents the customer_access_token of a request; string starts with the keyword "Bearer " followed by the B2B2C Token.

string
required
length between 24 and 27

Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format.

string
required

Represents signature of a request. Symmetric signature: HMAC_SHA512(clientSecret, stringToSign).

stringToSign = HTTPMethod +":"+ URLPath +":"+ AccessToken +":"+ Lowercase(HexEncode(SHA-256(minify(RequestBody))))+":" + X-TIMESTAMP

string
required
length between 6 and 6

This field is a 6 char merchant identifier that is unique per each merchant. The exact value is disclosed to each merchant separately.

string
required
length between 32 and 32

Alphanumeric String. Unique identifier provided by the merchant for each API request. The value must be unique per request attempt and contain 32 alphanumeric characters.

string
required
length between 5 and 5

Numeric String. PJP's channel id. Device identification on which the API services is currently being accessed by the end user (customer). Must be the same in one flow.

Response

Callback

Updated 25 days ago

Language
Credentials
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 25 days ago