Set Up Integration
Connect your system with DOKU using API keys and integration tools
API Keys
API Keys are secure credentials used to authenticate and authorize a merchant's system to access and interact with DOKU’s payment processing services. API Keys consist of the following components:
Client ID: A unique identifier for the merchant (e.g.,
BRN-0239-1736742088036)Secret Key: A credential used for payment and general authentication. Options to reveal or copy the full key are available and will require users to input an OTP sent by DOKU to the user's email
Public Keys: Cryptographic keys used to authenticate or encrypt transactions
DOKU Public Key: A security key provided by DOKU, used to prove that messages (such as payment confirmations) are genuinely from DOKU
Merchant Public Key: A security key generated by the merchant, which DOKU uses to verify that requests are legitimately from the merchant
SNAP Settings: Configuration details required to connect your system with SNAP (Standard Open API Pembayaran Indonesia), Indonesia's standardized payment API system
View Secret Key
You can view the Secret Key of your Client ID by following the steps below:
Log in to DOKU Dashboard, and then access the side navigation bar
Select Settings from the menu
Settings page will appear. Under Account section, select API Keys
API Keys page will appear, then click Reveal Key
A pop-up will appear, then enter the 6-digit verification code (OTP) sent to your email
Upon successful verification, your Secret Key will be visible for 30 seconds. Click Copy Secret Key if needed.
Regenerate Secret Key
Regenerating your Secret Key is a best practice to enhance security, especially in cases of potential compromise or employee turnover. It is recommended to regularly rotate your Secret Key every few months to minimize risks. You can choose to regenerate your Secret Key either immediately or at a scheduled time.
Immediate Regeneration
You can regenerate your Secret Key and implement it immediately by following the steps below:
Log in to DOKU Dashboard, and then access the side navigation bar
Select Settings from the menu
Settings page will appear. Under Account section, select API Keys
API Keys page will appear, then click Regenerate Secret Key
A pop-up will appear, then enter the 6-digit verification code (OTP) sent to your email
Upon successful verification, your newly generated Secret Key will be displayed
Review and agree to the Terms and Conditions for Secret Key regeneration, then click Save.
Immediate Regeneration of Secret Key will disrupt active transactions.
Scheduled Generation
You can regenerate your secret key and implement it later by following the steps below:
Log in to DOKU Dashboard, and then access the side navigation bar
Select Settings from the menu
Settings page will appear. Under Account section, select API Keys
API Keys page will appear, then click Regenerate Secret Key
A pop-up will appear, then enter the 6-digit verification code (OTP) sent to your email
Upon successful verification, your newly generated Secret Key will be displayed
Under the Implementation Time field, select Specific Time
Choose your desired date and time for the implementation
Review and agree to the Terms and Conditions for Secret Key regeneration, then click Save.
View Public Keys
You can view your public keys by following the steps below:
Log in to DOKU Dashboard, and then access the side navigation bar
Select Settings from the menu
Settings page will appear. Under Account section, select API Keys
API Keys page will appear, then click Reveal Key next to the desired key (DOKU Public Key or Merchant Public Key).
FAQ
What is my Client ID and Secret Key?
You can find your Client ID and Secret Key by following the guide on View Secret Key.
What happens to the old Secret Key after regeneration?
Once a new Secret Key is generated, the previous key becomes invalid and can no longer be used for authentication. You must update your systems with the newly generated key immediately after regeneration.
Will regenerating the Secret Key disrupt active transactions?
Yes, if your systems continue using the old key after regeneration, it may cause transaction failures. To minimize disruption:
Test the new Secret Key in a staging environment before production deployment.
Plan key updates during low-traffic periods.
If available, implement dual-key handling during the transition.
How often can I regenerate the Secret Key?
There is no strict limit; however, avoid unnecessary key rotations to prevent potential integration disruptions.
Can I recover a previous Secret Key?
No. Once a Secret Key is regenerated, the previous key is permanently invalid. Always store backups securely if necessary.
Is there a delay before the new Secret Key becomes active?
Activation is typically immediate, although some systems may briefly cache the old key. If issues occur, retry after 1–2 minutes.
After regenerating a new Secret Key, do I need to update the Public Key as well?
No. Public keys are separate and are not affected by Secret Key regeneration.
How should I store the new Secret Key?
Never store the Secret Key in plaintext (e.g., emails, documents, or unencrypted files). Recommended practices include:
Using password managers (e.g., Bitwarden).
Using cloud-based secret management tools (e.g., AWS Secrets Manager).
Storing it as an environment variable on secure servers.
What should I do if I lose the new Secret Key?
Immediately regenerate a new Secret Key and update all affected integrations accordingly.
Can I track if someone changes the Secret Key?
Yes. You can track Secret Key changes by checking Activity Logs. For detailed steps, please follow the guide on Monitor Activity Logs.
Last updated