LogoLogo
Log In DashboardAPI ReferenceDOKU Website
  • Introduction
  • Get Started
    • Create Account
    • Activate Business
    • Manage Business
      • Manage Team Members
      • Activate Services
      • Manage Payment Methods
      • Set Up Integration
        • Accept Payments
      • Manage Finances
        • Custom Settlement
          • Split Settlement
          • Hold and Release
          • Custom Report
        • Refund
        • Dispute
      • Manage Reports
        • Analytics
        • Transaction Report
        • Settlement Report
      • Manage Operations
      • Manage Customers
      • Set Up a Promo
      • Manage Multiple Brands
        • Company Dashboard
      • Update Business Data
    • Manage User Account
      • Change Password
      • Enable 2-Step Verification
  • Accept Payments
    • No-Integration Products
      • Payment Link
        • Create Payment Link
        • Manage Payment Link
        • Customize Checkout Page
      • e-Katalog
        • Manage Catalog
        • Manage Items
        • Place an Order
        • Manage Orders
      • QRIS
      • PayChat
        • My WhatsApp Business
        • Accept Order
      • Virtual Terminal
    • Integration Tools
      • DOKU Checkout
        • Customize Checkout Page
        • Configure Notifications
        • Manage Checkout Orders
      • Direct API
      • e-Commerce and Plugins
        • Shopify
        • WooCommerce (WordPress)
        • Adobe Commerce (Magento)
      • SDKs and Libraries
    • Payment Methods
      • Requirements and Limitations
    • Finance & Settlement
      • Settlement Time
      • Pricing and Fees
      • Business Loan
      • Refund & Chargeback
    • Promo Engine
  • Payouts
    • Domestic Payouts
      • List of Banks
      • List of e-Wallet
      • List of Virtual Accounts
    • Cash Out
  • Wallet as a Service
    • Consumer Wallet
      • Embedded Wallet
    • Business Wallet
      • Balance Management System
  • Mobile Apps
    • Juragan DOKU
    • DOKU e-Wallet
      • Account Settings
      • Account Verification
      • Top-Up and Withdrawal
      • Online Transactions and Purchases
  • Use Cases
    • 🎓Education
    • 🎮Digital & Gaming
    • 💸Insurance
    • ✏️Freelance
    • 🍽️Food & Beverages
    • 🛒Retail
    • ✈️Travel & Hospitality
    • 🚚Logistics
  • Partner
    • Become a Partner
  • Security
    • Licenses
  • Miscellaneous
    • Glossary
    • SNAP Migration
    • Contact Support
  • Terms & Conditions
  • Privacy Policy
Powered by GitBook
On this page
  • API Keys
  • View Secret Key
  • Regenerate Secret Key
  • Immediate Regeneration
  • Scheduled Generation
  • View Public Keys
  • FAQ

Was this helpful?

Export as PDF
  1. Get Started
  2. Manage Business

Set Up Integration

Connect your system with DOKU using API keys and integration tools

PreviousManage Payment MethodsNextAccept Payments

Last updated 3 days ago

Was this helpful?

API Keys

API Keys are secure credentials used to authenticate and authorize a merchant's system to access and interact with DOKU’s payment processing services. API Keys consist of the following components:

  1. Client ID: A unique identifier for the merchant (e.g., BRN-0239-1736742088036)

  2. Secret Key: A credential used for payment and general authentication. Options to reveal or copy the full key are available and will require users to input an OTP sent by DOKU to the user's email

  3. Public Keys: Cryptographic keys used to authenticate or encrypt transactions

    1. DOKU Public Key: A security key provided by DOKU, used to prove that messages (such as payment confirmations) are genuinely from DOKU

    2. Merchant Public Key: A security key generated by the merchant, which DOKU uses to verify that requests are legitimately from the merchant

  4. SNAP Settings: Configuration details required to connect your system with SNAP (Standard Open API Pembayaran Indonesia), Indonesia's standardized payment API system


View Secret Key

You can view the Secret Key of your Client ID by following the steps below:

  1. Log in to , and then access the side navigation bar

  2. Select Settings from the menu

  3. Settings page will appear. Under Account section, select API Keys

  4. API Keys page will appear, then click Reveal Key

  5. A pop-up will appear, then enter the 6-digit verification code (OTP) sent to your email

  6. Upon successful verification, your Secret Key will be visible for 30 seconds. Click Copy Secret Key if needed.


Regenerate Secret Key

Regenerating your Secret Key is a best practice to enhance security, especially in cases of potential compromise or employee turnover. It is recommended to regularly rotate your Secret Key every few months to minimize risks. You can choose to regenerate your Secret Key either immediately or at a scheduled time.

Immediate Regeneration

You can regenerate your Secret Key and implement it immediately by following the steps below:

  1. Select Settings from the menu

  2. Settings page will appear. Under Account section, select API Keys

  3. API Keys page will appear, then click Regenerate Secret Key

  4. A pop-up will appear, then enter the 6-digit verification code (OTP) sent to your email

  5. Upon successful verification, your newly generated Secret Key will be displayed

  6. Review and agree to the Terms and Conditions for Secret Key regeneration, then click Save.

Immediate Regeneration of Secret Key will disrupt active transactions.

Scheduled Generation

You can regenerate your secret key and implement it later by following the steps below:

  1. Select Settings from the menu

  2. Settings page will appear. Under Account section, select API Keys

  3. API Keys page will appear, then click Regenerate Secret Key

  4. A pop-up will appear, then enter the 6-digit verification code (OTP) sent to your email

  5. Upon successful verification, your newly generated Secret Key will be displayed

  6. Under the Implementation Time field, select Specific Time

  7. Choose your desired date and time for the implementation

  8. Review and agree to the Terms and Conditions for Secret Key regeneration, then click Save.


View Public Keys

You can view your public keys by following the steps below:

  1. Select Settings from the menu

  2. Settings page will appear. Under Account section, select API Keys

  3. API Keys page will appear, then click Reveal Key next to the desired key (DOKU Public Key or Merchant Public Key).


FAQ

What is my Client ID and Secret Key?

You can find your Client ID and Secret Key by following the guide on View Secret Key.

What happens to the old Secret Key after regeneration?

Once a new Secret Key is generated, the previous key becomes invalid and can no longer be used for authentication. You must update your systems with the newly generated key immediately after regeneration.

Will regenerating the Secret Key disrupt active transactions?

Yes, if your systems continue using the old key after regeneration, it may cause transaction failures. To minimize disruption:

  • Test the new Secret Key in a staging environment before production deployment.

  • Plan key updates during low-traffic periods.

  • If available, implement dual-key handling during the transition.

How often can I regenerate the Secret Key?

There is no strict limit; however, avoid unnecessary key rotations to prevent potential integration disruptions.

Can I recover a previous Secret Key?

No. Once a Secret Key is regenerated, the previous key is permanently invalid. Always store backups securely if necessary.

Is there a delay before the new Secret Key becomes active?

Activation is typically immediate, although some systems may briefly cache the old key. If issues occur, retry after 1–2 minutes.

After regenerating a new Secret Key, do I need to update the Public Key as well?

No. Public keys are separate and are not affected by Secret Key regeneration.

How should I store the new Secret Key?

Never store the Secret Key in plaintext (e.g., emails, documents, or unencrypted files). Recommended practices include:

  • Using password managers (e.g., Bitwarden).

  • Using cloud-based secret management tools (e.g., AWS Secrets Manager).

  • Storing it as an environment variable on secure servers.

What should I do if I lose the new Secret Key?

Immediately regenerate a new Secret Key and update all affected integrations accordingly.

Can I track if someone changes the Secret Key?

Log in to , and then access the side navigation bar

Log in to , and then access the side navigation bar

Log in to , and then access the side navigation bar

Yes. You can track Secret Key changes by checking Activity Logs. For detailed steps, please follow the guide on .

DOKU Dashboard
DOKU Dashboard
DOKU Dashboard
DOKU Dashboard
Monitor Activity Logs