Non-Secure Payment

The pay API is used to submit order and credit card details information to sipay payment integration system. The merchant website should verify the post-process payment status with /api/checkstatus. Based on API success status, cart and order status must be changed accordingly. In this payment API, there is no need to call getpos API like other payment api called.

Method URL Content-Type
POST /api/paySmart2D application/json


Type Params Data Type Condition
KEY cc_holder_name string Mandatory
KEY cc_no string Mandatory
KEY expiry_month string Mandatory
KEY expiry_year string Mandatory
KEY cvv string Mandatory
KEY currency_code string Mandatory
KEY installments_number number Mandatory
KEY invoice_id string Mandatory
KEY invoice_description string Mandatory
KEY name string Mandatory
KEY surname string Mandatory
KEY total double Mandatory
KEY merchant_key string Mandatory
KEY items string Mandatory
KEY hash_key string Mandatory
KEY bill_address1 string Optional
KEY bill_address2 string Optional
KEY bill_city string Optional
KEY bill_postcode string Optional
KEY bill_state string Optional
KEY bill_country string Optional
KEY bill_email string Optional
KEY bill_phone string Optional
KEY sale_web_hook_key string Optional
KEY card_program string Optional
KEY ip string Optional
KEY transaction_type string Optional


Request for Recurring

Type Params Data Type Condition
KEY order_type integer Mandatory
KEY recurring_payment_number integer Mandatory
KEY recurring_payment_cycle string Mandatory
KEY recurring_payment_interval integer Mandatory
KEY recurring_web_hook_key integer Mandatory

Authorization

Authorization is a header key which defines verification that the connection attempt is allowed. The method should be “Bearer”.

Example Value

 Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImRlMGVlZGFiZjdhZDhkODYzYTgyMzQ4Nzk5NTFkYz
FlMDZkZTUxYjU0NWRjYmU3MzRjMmQ1OGNkMWFlOWE4YjliZTkyMjdlZGVmZDdlMDliIn0.eyJhdWQiOiIxN
SIsImp0aSI6ImRlMGVlZGFiZjdhZDhkODYzYTgyMzQ4Nzk5NTFkYzFlMDZkZTUxYjU0NWRjYmU3MzRjMmQ
1OGNkMWFlOWE4YjliZTkyMjdlZGVmZDdlMDliIiwiaWF0IjoxNTczNzUyNDcyLCJuYmYiOjE1NzM3NTI0NzIsIm
V4cCI6MTYwNTM3NDg3Miwic3ViIjoiMSIsInNjb3BlcyI6W119.mDtdzcv15p8SnYjZYJUJrhdskO5NohXbkcAxKW
WZ72lNtrg86RZ1yxQwfQlRu6IPoa1rfG3M4jfsNeH-Sh7g6PaVffIoKvjdcUG7Cc2lLqhE4qMEdPgO28luCMOFf6U
Hn6XxeEhK3XWaboZJvrubdeb0t04a6btrdHUaFgeV6I8bNSRlzUjOjBcsVrd1pxKhKnsREFHCWfzYVC_ZQ4RRC
9CZsJGz7_KQ8mo0BdNmtbNKwfvYkpcdsmVicsJYvnw7OMZ3u-TorhakndhQkUK0JPAzl_LSHqAKCju8dTG1-vZjbh9ifRB
85TGwW4HimQk46RPG9Hp6kydLnuhFOkbvGpaxcs5qyZ67-cmjDa6aeGNjZHfNa7dQ8bTokdbkxqwKrV
VUUVjgkMtPXhpL9yffaHHPNBCkc-1Vz40nsmNFeaoWlk2S7fDxFTcGYv8HFFiSRyfsPpfTbXPIRMoZUX1kC4c-DMyQmjuBqt
xIwEFzJexs9PkZEUze5Qcm_ZrkqeKUlL4tJidO9ZzwfCI9bpihMATHlDyM6IP7XyhgMRt3yr2Wvzxuxav
qSyu09YlybYU0WpTUtDVOavL7xnuKBXhwDSoCjtCMh__tL9ZfK9lDvq6mrHQ5Z4RXLixvWMbl98_Btbnfg_SqnCNYwL14FSHyeb3lnuF8VFyERwbf-tAlI

Notes

name

Name First name of the person. For example, if the name of the person who is buying the product is “john Dao”, then name should be “john”.

surname Surname Last name of the person. For example, if the name of the person who is buying the product is “john Dao”, then surname should be “Dao”.

sale_web_hook_key

sale_web_hook_key, is an optional key. When a purchase request is completed, Sipay sends a post request. So that merchant can perform an event on their site. Sipay validates this key must me exist in database. Merchant must assign Sale web hook URL on Sipay Merchant Panel against this key.

order_type

If order_type=1, Sipay validates payment for recurring. Then recurring_payment_number, recurring_payment_cycle, recurring_payment_interval keys should not be empty.

card_program

card_program value must be one of following: "WORLD", "BONUS", "MAXIMUM", "BANKKART_COMBO", "PARAF", "AXESS", "ADVANT", "CARD_FNS"

transaction_type

Ön provizyon/Pre-authorization işlemi yapabilmek için "PreAuth" değeri ile transaction_type parametresi eklenmelidir, ödemenin 20 gün içinde tamamlanması veya iptal edilmesi gerekir, aksi takdirde otomatik olarak iptal edilir.

recurring_payment_number

recurring_payment_number, defines installment count. If first_amount is $100 and recurring_payment_number is 5, then the total amount will be deducted as $100*5 = $500. (Cost of transaction may be added with each transaction).

recurring_payment_cycle

recurring_payment_cycle, defines unit type of recurring_payment_interval parameter. Possible values: D /M / Y E.g: D: Days, M: Months, Y: Years

recurring_web_hook_key

recurring_web_hook_key, defines merchant recurring web hook url . An URL must be assigned on Sipay Merchant Panel against this key. Sipay validates this key must me exist in database and it is a required value when payment is recurring.

ip

Represents the ip address the user logged in.

hash_key

hash_key is declared to secure the payment. End user may change product price before going to bank. Here is the algorithm to write hash key given below:

function generateHashKey($total,$installment,$currency_code,$merchant_key,$invoice_id,
$app_secret){

 $data = $total.'|'.$installment.'|'.$currency_code.'|'.$merchant_key.'|'.$invoice_id;

 $iv = substr(sha1(mt_rand()), 0, 16);
 $password = sha1($app_secret);

 $salt = substr(sha1(mt_rand()), 0, 4);
 $saltWithPassword = hash('sha256', $password . $salt);

 $encrypted = openssl_encrypt("$data", 'aes-256-cbc', "$saltWithPassword", null, $iv);

 $msg_encrypted_bundle = "$iv:$salt:$encrypted";
 $msg_encrypted_bundle = str_replace('/', '__', $msg_encrypted_bundle);

 return $msg_encrypted_bundle;
}

URL

URL
https://provisioning.sipay.com.tr/ccpayment/api/paySmart2D

Request

{
    "merchant_key":"$2y$10$HmRgYosneqcwHj.UH7upGuyCZqpQ1ITgSMj9Vvxn.t6f.Vdf2SQFO",
    "cc_holder_name":"John Dao",
    "cc_no":"4508034508034509",
    "expiry_month":"12",
    "expiry_year":"2026",
    "cvv": "000",
    "currency_code":"TRY",
    "installments_number":1,
    "invoice_id":"WY3DNAFYAPHGLLW-1635254737",
    "invoice_description":"API TEST WITH POSTMAN",
    "name":"John",
    "surname":"Dao",
    "total":"15.00",
    "items":[
        {"name":"pr001","price":"2.30","quantity":1,"description":"pr001"},
        {"name":"pr001","price":"2.70","quantity":1,"description":"pr001"},
        {"name":"pr001","price":"5.00","quantity":2,"description":"pr001"}
    ],
    "hash_key":"0a0ed66037ace667:5aee:1kw+xaT00aEpRmNtzXG26W+rh0__0QzIFTgP3PbDc8nAr6QZdanUjjcJdp1xRu5HLSqR__
    MOStFeGHntjfhH42MYNHRPHtS2Hc4Dh83ewDCQTSa16ohmlqHcKdC9+xSDOWKHnrn2OCnob__H0WzkP72Ew=="
}

Success Response

{
    "status_code": 100,
    "status_description": "Payment process successful",
    "data": {
        "sipay_status": 1,
        "order_no": "163525516519858",
        "order_id": "163525516519858",
        "invoice_id": "WY3DNAFYAPHGLLW-1635254737",
        "sipay_payment_method": 1,
        "credit_card_no": "450803****4509",
        "transaction_type": "Auth",
        "payment_status": 1,
        "payment_method": 1,
        "error_code": 100,
        "error": "",
        "hash_key": "4ea56231a2897254:d835:m6mCUrjBMKu2EpkS70AUqpEAFC
        H0sMVtBw+O6__jIAUHEkDpvHlnc__Uj+sLfzeDTdf2iaL14qwmjeBJdskGp0zg=="
    }
}

Failed Response

{
    "status_code": 13,
    "status_description": "The total of your items price(5.0000) is not equal to the invoice total(15.0000)"
}

Response Parameter Explanation

Key Explanation
payment_status payment_staus can be 1/0. 1=success, 0=fail
order_no Sipay order no
invoice_id merchant invoice id
status_code Sipay Status code, 100 is success code
status_description Transaction explanation
payment_method 1= Credit Card, 2= Mobile, 3= Wallet
transaction_type transaction_type == “Auth” //transaction amount is deducted from the card instantly.transaction_type == “Pre-Authorization” transaction amount will be deducted from the card later.
error_code The value of status_code parameter
error The value of status_description parameter
hash_key To Validate the request comes from Sipay

Validate Response

status 1 : payment_status == 1 ve transaction_type == “Auth” // Transaction successful and transaction amount deducted from the card.

status 2 : payment_status == 1 ve transaction_type == “Pre-Authorization” // Transaction successful, transaction amount blocked from the credit card. For complete the payment with blocked amount /api/confirmPayment API should call.

hash_key hash_key should be validated on the merchant side to confirm the request comes from Sipay. Also " Order Status "API confirms that the transaction is successful or Failed.

status 3 : payment_status == 0 // Transaction fail.