Using MD5 and Having Trouble Receiving Payment After Migration?

Scenario

Issues

What You May Experience

How to Resolve

Scenario 1:

Merchant Uses Checkout API (Manual Integration)

Payments are unable to proceed after migration.

⚠️ Impacts on your customer end. 

Customers may see an error message or a blank page during checkout.

Payment transactions may fail to complete.

Customers may abandon their purchase due to the interruption.

• Secret Key
• Detail
• Amount
• Order ID

For example if the values for the parameters are as below:

The string to be hashed is $str = 53-784Shopping_cart_id_3024.5056 which will generate the hash value of :

• hash_hmac('SHA256', $str, '53-784')
  =>
  74422328b44d30bf150fffbae89bbb42b885f9ac0960e2a3ddccc0cf9aa48e39

Scenario 2:

Merchant Uses Direct API Integration

Payments are unable to proceed after migration.

⚠️  Impacts on your customer end.

Customers may encounter an error message or blank page during checkout.

Payment transactions may fail to complete successfully.

Orders may not be processed due to payment failures.

To continue accepting payments without interruption, please update your integration to use the SHA-256 hashing algorithm. The secure hash should be generated using the following sequence:

{secret_key}{customer_name}{customer_email}{customer_phone}{order_id}{amount}{detail}{payment_method}

Scenario 3:

Merchant Uses Digital Catalog

Callback URL may be affected.

Payment status may not be updated correctly in your system.

⚠️  No impact on your customers. The issue only affects your system.

Customers can still complete their payments successfully and no errors are displayed to customers during checkout.

However, your system may not receive or process DOKU's payment callback notification correctly.

As a result, transaction statuses in your system may not be updated automatically.

Please ensure your callback endpoint is updated to support SHA-256 hash verification. Your system should validate the SHA-256 hash returned by DOKU before processing and updating the transaction status.

Example:

$secretKey = '123-456';
$string = $secretKey . $statusId . $orderId . $transactionReference . $message;
$hash = hash_hmac('SHA256', $string, $secretKey);

For merchant with custom params:

// Example custom params
$customQueryStringWithHashPlaceholder = '?email=john%40gmail.com&amount_paid=10.50&txn_status=1&txn_msg=Payment_was_successful&order_id=A5463&hashed_value=[HASH]';

$secretKey = '123-456';
$string = $secretKey . $customQueryStringWithHashPlaceholder;
$hash = hash_hmac('SHA256', $string, $secretKey);

// Result:

// 64c54bb8c1f1955ef6f4a8fc3d9f810d1490239d7e5dda82f030c2da6b99f0f6

Scenario 4:

Merchant Uses Payment Link

URL set by merchant may be affected.

Payment status may not be updated correctly in your system.

⚠️  No impact on your customers. The issue only affects your system.

Customers can complete payments successfully and no errors are displayed during checkout.

However, your system may not receive or validate DOKU's payment notification correctly.

As a result, payment statuses may not be updated automatically.

Example:

$secretKey = '123-456';
$string = $secretKey . $statusId . $orderId . $transactionReference . $message;
$hash = hash_hmac('SHA256', $string, $secretKey);


For merchant with custom params:

// Example custom params
$customQueryStringWithHashPlaceholder = '?email=john%40gmail.com&amount_paid=10.50&txn_status=1&txn_msg=Payment_was_successful&order_id=A5463&hashed_value=[HASH]';

$secretKey = '123-456';
$string = $secretKey . $customQueryStringWithHashPlaceholder;
$hash = hash_hmac('SHA256', $string, $secretKey);