Skip to main content

Deeplink Binding and Payment


Deeplink redirection lets a merchant send users from the merchant app (or web page) into the DANA App using a redirect URL provided by DANA. After the merchant opens the URL, DANA detects whether the DANA App is installed:

  • If the app is installed, the user is redirected into the DANA App to continue the flow.
  • If the app is not installed, the user is redirected to the DANA Web page as a fallback.

Where it's used:

  • Binding: the merchant opens the binding URL returned by Deeplink Binding .
  • Payment: the merchant opens webRedirectUrl returned by the Direct Debit Payment API . To enable redirect to app for payment, the merchant must set additionalInfo.supportDeepLinkCheckoutUrl to true.

Overview

The DANA Widget Binding flow lets users link their DANA account inside a merchant app. Merchants can initiate binding via Seamless Binding by providing seamlessData, or continue with Normal Binding without seamlessData. In both cases, the user is redirected to the DANA App as the primary binding experience to complete the binding process.

Flow

The general flow of DANA Widget Binding is as follows:

Deeplink Binding Flow

→ Scroll horizontally to see the complete diagram.

  1. User starts the DANA account binding process within the merchant App.
  2. Merchant calls Deeplink Binding generator to initiate the account binding process.
  3. Check if the merchant provided seamless data.
  4. If seamlessData is provided, the flow continues with Seamless Binding. The user must complete binding using the same phone number as the one provided in seamlessData .
  5. If seamlessData is not provided, the flow continues with Normal Binding. The user can proceed in the DANA App as long as they are already logged in.
  6. DANA generates and returns the binding URL.
  7. Merchant opens the generated URL.
  8. Check if the DANA App is installed
  9. Detect the app and automatically launches the DANA App for binding process.
  10. Detect the app is missing and automatically falls back to the DANA Web page. The web page will open either in container in merchant’s side or open in the browser page.
  11. User completes the DANA account binding process.
  12. After the binding process is completed, DANA redirects the user to the merchant’s redirectUrl and provides authCode.

Demo Video

Sample (1)

Sample (2)


What should merchant do?

  • In the Deeplink Binding request, use seamlessData when you already have the user’s phone number. When seamlessData is provided, the user must continue binding with the same phone number as the one provided in seamlessData. If the logged in DANA account uses a different phone number, the user will be logged out and must log in again with the matching account. If seamlessData is not provided, the flow will continue as Normal Binding. The user can still continue binding from the DANA App as long as they are already logged in.
  • Able to open DANA redirect URLs (universal links) to enable handoff to the DANA App.
  • Prefer opening the redirect URL via the OS/native browser. If the merchant uses an in-app WebView with domain allowlisting, the merchant must whitelist or allowlist the following domains: https://link.dana.id, https://m.dana.id, https://danaid.link, and danaid://.

Common Issue #1: Webview in Merchant Front-end

Some users may not be redirected to the DANA App when the payment page is opened inside the merchant’s in-app WebView. This usually happens because the WebView tries to load the redirect URL as a normal web page instead of passing it to open the target app.

Successful Sample

Failed Sample

The WebView intercepts every navigation event. If the URL matches DANA deeplink/universal link patterns (or is a non-HTTP URI), the app opens it using an Android Intent and returns “handled” so the WebView does not load it.

What should merchant do?

  • Implement both shouldOverrideUrlLoading variants (new and deprecated) so interception works across Android versions.
  • Detect DANA redirect URLs using these identifiers:
    • danaid://
    • https://link.dana.id
    • https://m.dana.id
    • https://danaid.link
  • Treat URLs that are not standard HTTP(S) as external-app URIs (your sample uses !url.contains("http")).
  • Open external-app URIs via Intent(Intent.ACTION_VIEW, uri) and return true to block WebView navigation.
  • Allow normal URLs to load in WebView by returning false.
  • If your WebView uses domain allowlisting, ensure these domains remain allowlisted: link.dana.id, m.dana.id, danaid.link.
WebView Implementation
@TargetApi(Build.VERSION_CODES.N)
override fun shouldOverrideUrlLoading(view: WebView, request: WebResourceRequest): Boolean {
return handleWebviewCustomUri(request.url)
}

@Suppress("OverridingDeprecatedMember", "DEPRECATION")
override fun shouldOverrideUrlLoading(view: WebView, url: String): Boolean {
return handleWebviewCustomUri(Uri.parse(url))
}

private fun handleWebviewCustomUri(uri: Uri): Boolean {
val url = uri.toString()

val deepLinkIdentifiers = listOf(
"danaid://",
"https://link.dana.id",
"https://m.dana.id",
"https://danaid.link"
)

// Check if the URL contains any of the known deep link identifiers, or if it lacks "http"
val isExternalAppUri = deepLinkIdentifiers.any { url.contains(it) } || !url.contains("http")

return if (isExternalAppUri) {
val intent = Intent(Intent.ACTION_VIEW, uri)
startActivity(intent)
true
} else {
false
}
}

Common Issue #2: Web-based Redirect Implementation

Deeplinks work best when triggered by user clicks on <a href="..."> elements across domains. JavaScript-based redirection, such as window.open or window.location.href, can also be used. However, if any issues occur, it is recommended to use redirection triggered directly by a user action, such as clicking a link.

ask AILLM-readable DANA API docs: llms.txt
ask AIAI Assistant
Need help with our documentation?
Start from our frequently asked questions or feel free to ask anything else.

AI generated responses may contain mistakes.