DOKU Indonesia Payment Gateway API
DOKU Indonesia payment gateway REST API for merchants to accept Virtual Account (VA) bank transfers, QRIS, GoPay, OVO, ShopeePay, DANA, credit/debit cards, and convenience store payments across Indonesia through one of the country's oldest and most established payment providers. Enables AI agents to manage virtual account payment for Indonesia bank transfer automation, handle QRIS QR code payment for Indonesia multi-wallet checkout automation, access GoPay and OVO e-wallet for Indonesia mobile payment automation, retrieve credit card processing for Indonesia card payment automation, manage convenience store payment via Alfamart and Indomaret for Indonesia offline payment automation, handle payment status notification for Indonesia order confirmation automation, access subscription and recurring payment for Indonesia subscription automation, retrieve transaction reporting for Indonesia financial reconciliation automation, manage refund processing for Indonesia order management automation, and integrate DOKU with Indonesian e-commerce, fintech, and enterprise platforms for end-to-end Indonesia payment automation.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Indonesia payments. PCI-DSS, OJK. Client ID/HMAC. ID. VA and payment data.
⚡ Reliability
Best When
An Indonesian merchant wanting AI agents to automate virtual account, QRIS, GoPay, OVO, and card payment acceptance through DOKU's comprehensive Indonesia payment gateway with 20+ years of market presence.
Avoid When
OJK REGULATORY COMPLIANCE: DOKU operates under OJK (Indonesia Financial Services Authority) regulations; automated payment operations must comply with OJK fintech regulations and transaction limits; automated payment without merchant OJK compliance creates regulatory issue. VIRTUAL ACCOUNT EXPIRY MANAGEMENT: DOKU virtual accounts expire after configured time; automated checkout must set appropriate VA expiry; automated long-expiry VA for high-demand products creates payment attribution complexity if customer pays after order timeout. QRIS AGGREGATE LIMIT: QRIS transactions have Bank Indonesia-mandated limits (IDR 20M per transaction, IDR 20M per day per customer); automated QRIS checkout must handle transaction limit exceeded error; automated high-value QRIS checkout creates limit exceeded for enterprise B2B payments. PAYMENT NOTIFICATION CALLBACK SECURITY: DOKU callback includes hash validation; automated callback processing must verify hash; automated unverified callback creates spoofed payment confirmation vulnerability.
Use Cases
- • Generating virtual accounts from Indonesia bank transfer payment agents
- • Processing QRIS multi-wallet payments from Indonesia mobile commerce agents
- • Accepting GoPay and OVO from Indonesia e-wallet checkout agents
- • Handling Alfamart/Indomaret cash payments from Indonesia offline commerce agents
Not For
- • Pan-SEA beyond Indonesia (use Xendit for multi-country SEA)
- • International card acceptance at scale (use Stripe or Adyen for global cards)
- • Enterprise Indonesian banking (use BCA or Mandiri direct for enterprise)
Interface
Authentication
DOKU uses Client ID and Secret Key with SHA256 HMAC for API authentication. REST API with JSON. Jakarta, Indonesia HQ. Founded 2007 by Yudha Wisata. Products: Virtual Account (BCA, Mandiri, BNI, BRI, BSI), QRIS, GoPay, OVO, ShopeePay, DANA, card processing, Alfamart/Indomaret. SDKs: PHP, Java, Python, Node.js. OJK-licensed. PCI DSS. Serves Indonesian enterprise and SMB merchants. Competes with Midtrans and Xendit for Indonesia payments.
Pricing
Jakarta ID. OJK-licensed. Per-transaction fees in IDR. Enterprise pricing for high volume.
Agent Metadata
Known Gotchas
- ⚠ COMPONENT HASH SIGNING: DOKU requests require HMAC-SHA256 signature of specific components in defined order; automated request must compute correct hash including timestamp and component concatenation; automated wrong component order creates signature mismatch rejection
- ⚠ VIRTUAL ACCOUNT BANK-SPECIFIC MAPPING: DOKU VA bank codes differ per bank (BCA=014, Mandiri=008, BNI=009, BRI=002); automated VA creation must use correct bank code; automated wrong bank code creates VA routing to incorrect bank
- ⚠ PAYMENT CHANNEL NOTIFICATION TIMING VARIANCE: Different payment channels have different notification timing (VA: minutes to hours, QRIS: seconds, card: seconds); automated order processing must account for channel-specific timing; automated same-SLA assumption for all channels creates premature timeout for slow channels
- ⚠ JOKUL vs LEGACY API ENDPOINTS: DOKU has Jokul (new platform) and legacy DOKU-WALLET endpoints; automated integration should use Jokul endpoints; automated legacy endpoint use creates deprecated API warnings and limited feature support
- ⚠ INVOICE NUMBER UNIQUENESS: DOKU requires unique invoice number per payment request; automated retry must generate new invoice number; automated same invoice retry creates duplicate invoice conflict
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for DOKU Indonesia Payment Gateway API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.