DojaPay API
    DojaPay API
    • Authentication
      • Generate Access Token
        POST
    • Virtual Account
      • Create Virtual Account
        POST
      • Get Virtual Account Details
        GET
    • Transactions
      • Verify Transaction
        POST
    • Payout
      • Request Payout
        POST
      • Get Bank List
        GET

    Authentication

    DojaPay's API authentication mechanism is based on Basic Authentication, using a Public Key and Secret Key pair provided through the DojaPay developer dashboard. These credentials are required to generate a secure access token, which is used to authenticate and authorize all subsequent API requests.
    Upon registration or onboarding as a merchant or developer, DojaPay provides two unique credentials:
    Public Key: A non-confidential identifier used in token generation.
    Secret Key: A confidential key used in conjunction with the public key. It should be securely stored on your backend servers and never exposed to the client or frontend applications.
    To obtain an access token, send a POST request to the /api/v1/auth/login endpoint. The Authorization header must be in the format:
    Authorization: Basic base64(public_key:secret_key)
    For example:
    Authorization: Basic ZG9qYXBheV9wdWJsaWNfa2V5OmRvamFwYXlfc2VjcmV0X2tleQ==
    A successful response returns a JSON object containing an access token, which must then be included in the Authorization header of all protected DojaPay API calls:
    Authorization: Bearer {access_token}
    Important Notes:
    Keep your secret key safe. In case of a security compromise, you can regenerate your credentials from the DojaPay dashboard.
    Access tokens have a validity period (e.g., 1 hour) and should be refreshed when expired.
    Use HTTPS for all API requests to ensure secure communication.
    Modified at 2025-11-01 05:11:25
    Next
    Generate Access Token
    Built with