1. Payment with Saved Card
Sipay API Documentation
  • Overview
    • Getting Started
  • Authentication
    • Generating Token
      POST
  • Installments
    • Getting Installment Information
      POST
    • Installments
      POST
  • Commissions
    • Commission
      POST
  • HASH
    • Hash Information
  • Non Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • 3D Secure Agriculture Payment
      POST
  • Payment
    • Check Status
    • Confirm Payment
    • Complete Payment
    • Non-Secure and 3D Payment with Sipay
    • Refund
  • Payment with Saved Card
    • Card Registration
      POST
    • Pay by Card Token
      POST
    • Retrieving Saved Card
      GET
    • Edit Saved Card
      POST
    • Delete Saved Card
      POST
    • Non-Secure Payment with Hidden Card
      POST
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Cashout
    • Cashout to Bank
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. Payment with Saved Card

Card Registration

Testing
Testing Env
https://provisioning.sipay.com.tr
Testing Env
https://provisioning.sipay.com.tr
POST
/ccpayment/api/saveCard
The Card Registration endpoint is used to securely store card information within the Sipay system. Upon successful registration, the system generates and returns a unique token card_token that represents the stored card data.
This token is then used in subsequent payment operations through the payByCardToken API, eliminating the need to resend sensitive card details. The service helps streamline the payment process, improves user experience for recurring transactions, and ensures that sensitive card information is handled in a secure and compliant manner.
The hash key must be send in the request.
Sample hash keys can be found in the request form panel on the side, corresponding to the selected programming language.
An example of the hash algorithm is included in the request.

Hash Parameters#

The parameters and their order to be used for the hash algorithm are as follows.
merchant_key
customer_number
card_holder_name
expiry_month
expiry_year
app_secret

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Header Params

Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Body

🟠400Failed
Request Request Example
Shell
JavaScript
Java
Swift
generate_save_card_create_hash_key() {
  local merchant_key="$1"
  local customer_number="$2"
  local card_holder_name="$3"
  local card_number="$4"
  local expiry_month="$5"
  local expiry_year="$6"
  local app_secret="$7"

  local data="${merchant_key}|${customer_number}|${card_holder_name}|${card_number}|${expiry_month}|${expiry_year}"

  local iv
  iv=$(openssl rand -hex 16 | openssl sha1 | awk '{print $2}' | cut -c1-16)

  local password
  password=$(printf "%s" "$app_secret" | openssl sha1 | awk '{print $2}')

  local salt
  salt=$(openssl rand -hex 16 | openssl sha1 | awk '{print $2}' | cut -c1-4)

  local salt_with_password
  salt_with_password=$(printf "%s" "${password}${salt}" | openssl sha256 | awk '{print $2}' | cut -c1-32)

  local key_hex
  key_hex=$(printf "%s" "$salt_with_password" | xxd -p -c 256)

  local iv_hex
  iv_hex=$(printf "%s" "$iv" | xxd -p -c 256)

  local encrypted_base64
  encrypted_base64=$(printf "%s" "$data" | openssl enc -aes-256-cbc -K "$key_hex" -iv "$iv_hex" -base64)

  local msg="${iv}:${salt}:${encrypted_base64}"
  msg="${msg//\//__}"

  echo "$msg"
}

result=$(generate_save_card_create_hash_key \
  "123456789" \
  "CUST001" \
  "AHMET YILMAZ" \
  "4111111111111111" \
  "12" \
  "2028" \
  "mySecretKey123")

echo "$result"
Response Response Example
200 - Success
{
    "status_code": 100,
    "status_description": "The card token saved successfully",
    "card_token": "3acb729f7341c4fa4971a5b81b76189e"
}
Modified at 2026-04-16 15:14:01
Previous
Payment with Saved Card
Next
Pay by Card Token
Built with