Welcome to DompetX API

The DompetX API provides a comprehensive set of endpoints for integrating payment processing into your applications. Our RESTful API enables you to create transactions, manage payments, handle webhooks, and monitor transaction status with ease.

Base URL

All API requests should be made to: 
Production: https://api.dompetx.com

API Features

Transaction Management

Create, retrieve, and manage payment transactions

Multiple Payment Methods

Support for virtual accounts, e-wallets, and credit cards

Real-time Webhooks

Instant notifications for payment status updates

Secure Authentication

API key-based authentication with request signing

Authentication

All API endpoints require authentication using an API Key obtained from your merchant dashboard.

Obtaining Your API Credentials

To get your API Key:
  1. Log in to the DompetX Merchant Dashboard
  2. Go to Merchant (ensure your merchant is active) → Details → API Keys
  3. Generate a new API Key
  4. Store your API Key securely using environment variables; do not hardcode or commit it.
Never share your API Key or commit it to version control. Use environment variables to store it securely.

Request Headers

All requests must include the following headers: 
Content-Type: application/json
X-DOMPAY-API-Key: {your_api_key}
X-DOMPAY-Signature: {request_signature}
X-DOMPAY-Timestamp: {unix_timestamp}
Idempotency-Key: {unique_request_id}

Header Generation

X-DOMPAY-API-Key

Your merchant API key obtained from the DompetX dashboard. This identifies your merchant account.

X-DOMPAY-Timestamp

A Unix timestamp (seconds since epoch) representing when the request was made. This prevents replay attacks. 
const timestamp = Math.floor(Date.now() / 1000);

X-DOMPAY-Signature

A HMAC-SHA256 signature of the request to ensure integrity and authenticity.

Idempotency-Key

A unique identifier for the request (e.g., UUID) to prevent duplicate processing if the same request is sent multiple times.

Request Signing

For security, all requests must include a signature generated using HMAC-SHA256. The signature is calculated using your API Key on a concatenated string ks = timestamp + '.' + body. 
const crypto = require('crypto');

function generateSignature(ks, apiKey) {
  return crypto.createHmac('sha256', apiKey).update(ks).digest('hex');
}

Example Header

Timestamp: 1736688000
Body (JSON): {"method":"QRIS","amount":100000,"currency":"IDR","reference":"ORDER-123"}

Signature input: 1736688000.{"method":"QRIS","amount":100000,"currency":"IDR","reference":"ORDER-123"}
API Key : dp_****************************ABCD
Signature (HMAC-SHA256): 8f2a9c0b******************************e7c1
Note: In all SDK examples, signing uses your API Key loaded via environment variables. Do not hardcode keys.

Rate Limiting

API requests are rate limited to ensure system stability:
  • Production: 1000 requests per minute
Rate limit headers are included in all responses: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

SDK and Examples

Here are code examples for integrating DompetX transaction endpoints: 
const axios = require('axios');
const crypto = require('crypto');

// Create Transaction
const createTransaction = async () => {
  const timestamp = Math.floor(Date.now() / 1000);
  const body = JSON.stringify({
    method: "QRIS",
    amount: 100000,
    currency: "IDR",
    reference: "ORDER-123"
  });

  const signatureData = timestamp + '.' + body;
  const signature = crypto
    .createHmac('sha256', process.env.API_KEY)
    .update(signatureData)
    .digest('hex');

  const response = await axios.post('https://api.dompetx.com/v1/payments', body, {
    headers: {
      'X-DOMPAY-API-Key': process.env.API_KEY,
      'X-DOMPAY-Signature': signature,
      'X-DOMPAY-Timestamp': timestamp,
      'Idempotency-Key': 'req_' + Date.now(),
      'Content-Type': 'application/json'
    }
  });

  return response.data;
};
// Get Payment Methods
const getPaymentMethods = async () => {
  const timestamp = Math.floor(Date.now() / 1000);
  const body = '{}';
  const signatureData = timestamp + '.' + body;
  const signature = crypto
    .createHmac('sha256', process.env.API_KEY)
    .update(signatureData)
    .digest('hex');

  const response = await axios.get('https://api.dompetx.com/v1/payments/channel', {
    headers: {
      'X-DOMPAY-API-Key': process.env.API_KEY,
      'X-DOMPAY-Signature': signature,
      'X-DOMPAY-Timestamp': timestamp
    }
  });

  return response.data;
};

Available Endpoints

Payment Methods

Get list of available payment methods

Create Transaction

Create a new payment transaction

Check Transaction Status

Retrieve transaction details and status

Cancel Transaction

Cancel a pending transaction

Need Help?

Support

Get technical support from our team