1. Payment
Sipay API Documentation
  • Overview
    • Getting Started
  • Authentication
    • Generating Token
      POST
  • Installments
    • Getting Installment Information
      POST
    • Installments
      POST
  • Commissions
    • Commission
      POST
  • HASH
    • Hash Information
  • Non Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • 3D Secure Agriculture Payment
      POST
  • Payment
    • Check Status
      POST
    • Confirm Payment
      POST
    • Complete Payment
      POST
    • Non-Secure and 3D Payment with Sipay
      POST
    • Refund
      POST
  • Payment with Saved Card
    • Card Registration
    • Pay by Card Token
    • Retrieving Saved Card
    • Edit Saved Card
    • Delete Saved Card
    • Non-Secure Payment with Hidden Card
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Cashout
    • Cashout to Bank
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. Payment

Complete Payment

Testing
Testing Env
https://provisioning.sipay.com.tr
Testing Env
https://provisioning.sipay.com.tr
POST
/ccpayment/payment/complete
When the transaction is processed via 3D Secure Payment, the Complete Payment endpoint must be executed if the payment_completed_by parameter is set to merchant.
The Complete Payment endpoint is used to finalize the payment process and complete the transaction.
If payment_completed_byparameter is not provided, the system automatically treats the value as app and proceeds accordingly.
The Complete Payment endpoint must be called within 15 minutes.

The returned MD status is important. The MD status codes, along with their descriptions and meanings, are provided below.
mdStatusError DetailDescription
0Authentication Failed3D verification failed.
1Full AuthenticationCardholder successfully verified.
If any check fails, the transaction is declined.
ℹ️ At this stage, no funds are withdrawn yet; the amount is only temporarily reserved from the card’s available balance.
The hash key must be send in the request.
Sample hash keys can be found in the request form panel on the side, corresponding to the selected programming language.
An example of the hash algorithm is included in the request.

Hash Parameters#

The parameters and their order to be used for the hash algorithm are as follows.
merchant_key
invoice_id
order_id
status
app_secret

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Body

⚪14Failed
Request Request Example
Shell
JavaScript
Java
Swift
#!/usr/bin/env bash

 

generate_hash_key() {
  local merchant_key="$1"
  local invoice_id="$2"
  local order_id="$3"
  local status="$4"
  local app_secret="$5"

 

  local data="${merchant_key}|${invoice_id}|${order_id}|${status}"

 

  local iv
  iv=$(openssl rand -hex 16 | openssl sha1 | awk '{print $2}' | cut -c1-16)

 

  local password
  password=$(printf "%s" "$app_secret" | openssl sha1 | awk '{print $2}')

 

  local salt
  salt=$(openssl rand -hex 16 | openssl sha1 | awk '{print $2}' | cut -c1-4)

 

  local salt_with_password
  salt_with_password=$(printf "%s" "${password}${salt}" | openssl sha256 | awk '{print $2}' | cut -c1-32)

 

  local key_hex
  key_hex=$(printf "%s" "$salt_with_password" | xxd -p -c 256)

 

  local iv_hex
  iv_hex=$(printf "%s" "$iv" | xxd -p -c 256)

 

  local encrypted_base64
  encrypted_base64=$(printf "%s" "$data" | openssl enc -aes-256-cbc -K "$key_hex" -iv "$iv_hex" -base64)

 

  local msg="${iv}:${salt}:${encrypted_base64}"
  msg="${msg//\//__}"

 

  echo "$msg"
}

 

merchant_key="test_merchant_123"
invoice_id="INV-2026-0001"
order_id="VP12581354698765"
status="complete"
app_secret="my_secret_key_456"

 

result=$(generate_hash_key "$merchant_key" "$invoice_id" "$order_id" "$status" "$app_secret")
echo "Hash Key: $result"
Response Response Example
200 - Success
{
    "status_code": 100,
    "status_description": "Payment Successfully Completed",
    "data": {
        "sipay_status": 1,
        "order_no": "VP17349634893866298",
        "order_id": "VP17349634893866298",
        "invoice_id": "JB7HHTAGWWINPRT-1734963488",
        "status_code": 100,
        "status_description": "Payment Successfully Completed",
        "sipay_payment_method": 1,
        "credit_card_no": "540667****5403",
        "transaction_type": "Auth",
        "payment_status": 1,
        "payment_method": 1,
        "error_code": 100,
        "error": "Payment Successfully Completed",
        "auth_code": "P09424",
        "installment": 1,
        "amount": 800,
        "payment_reason_code": "",
        "payment_reason_code_detail": "",
        "status": "Completed",
        "hash_key": "4e431932f5e8b292:e470:eLjTMboO95+mvF54m4knqa6eD2nc__TnuVeHaxniabeIw9Wgo5qSRVrDdlKw2Y2mpgvT9jRnz30__yJ3d__SsqIP2eJeP3PjHQ+wdRd09Ej838=",
        "original_bank_error_code": "",
        "original_bank_error_description": ""
    }
}
Modified at 2026-04-20 11:23:05
Previous
Confirm Payment
Next
Non-Secure and 3D Payment with Sipay
Built with