Pay With Card Token (Non-Secure)

The payByCardToken(non-secure) API is used to submit orders to the Sipay payment integration system. Merchant websites should receive payment status immediately without loading the checkout page. Based on API success status, cart and order status must be changed accordingly. In this payment API, there is no need to call getPos Api like other payment API calls.

Method URL Content-Type
POST /api/payByCardTokenNonSecure application/json

Type Params Data Type Condition
KEY card_token string Mandatory
KEY customer_number number Mandatory
KEY customer_email string Mandatory
KEY customer_phone string Mandatory
KEY customer_name string Mandatory
KEY customer_phone string Mandatory
KEY currency_code string Mandatory
KEY installments_number number Mandatory
KEY invoice_id string Mandatory
KEY invoice_description string Mandatory
KEY total number Mandatory
KEY merchant_key string Mandatory
KEY items string Mandatory
KEY hash_key string Mandatory
KEY bill_address1 string Optional
KEY bill_address2 string Optional
KEY bill_city string Optional
KEY bill_postcode string Optional
KEY bill_state string Optional
KEY bill_country string Optional
KEY bill_email string Optional
KEY bill_phone string Optional
KEY sale_web_hook_key string Optional
KEY ip string Optional

Request for Recurring

Type Params Data Type Condition
KEY order_type Integer Mandatory
KEY recurring_payment_number Integer Mandatory
KEY recurring_payment_cycle string Mandatory
KEY recurring_payment_interval Integer Mandatory
KEY recurring_web_hook_key string Mandatory



name First name of the person. For example, if the name of the person who is buying the product is “john Dao”, then name should be “john”


surname Last name of the person. For example, if the name of the person who is buying the product is “john Dao”, then the surname should be “Dao”.


sale_web_hook_keyis an optional key. When a purchase request is completed, Sipay sends a post request. So that merchant can perform an event on their site. Sİpay validates that this key must exist in the database. Merchant must assign the Sale web hook URL on the Sİpay Merchant Panel against this key.


If order_type=1, Sipay validates payment for recurring. Then recurring_payment_number, recurring_payment_cycle, recurring_payment_intervalkeys should not be empty.


For transaction_type “PreAuth”, a pending transaction is created in the system. But later it is converted to Completed by the merchant's confirmation.


recurring_payment_numberdefines installment count. If first_amount is $100 and recurring_payment_numberis 5, then the total amount will be deducted as $100*5 = $500. (Cost of transaction may be added with each transaction)


recurring_payment_cycle defines the unit type of recurring_payment_interval parameter. Possible values: D /M/Y e.g: D: Days, M: Months, Y: Years


recurring_payment_intervaldefines interval value. If recurring_payment_interval= 2 and recurring_payment_cycle = “M” then transaction will occur once in every 2 months.


recurring_web_hook_keydefines merchant recurring web hook url . An URL must be assigned on the Sipay Merchant Panel against this key. Sipay validates this key must exist in the database and it is a required value when payment is recurring.


hash_keyis declared to secure the payment. End user may change the product price before going to the bank. Here is the algorithm to write the hash key given below.

function generateHashKey($total,$installment,$currency_code,$merchant_key,$invoice_id,

$data = $total.'|'.$installment.'|'.$currency_code.'|'.$merchant_key.'|'.$invoice_id;

$iv = substr(sha1(mt_rand()), 0, 16);
$password = sha1($app_secret);

$salt = substr(sha1(mt_rand()), 0, 4);
$saltWithPassword = hash('sha256', $password . $salt);

$encrypted = openssl_encrypt("$data", 'aes-256-cbc', "$saltWithPassword", null, $iv);

$msg_encrypted_bundle = "$iv:$salt:$encrypted";
$msg_encrypted_bundle = str_replace('/', '__', $msg_encrypted_bundle);

return $msg_encrypted_bundle;

Fail Response

    "status_code": 41,
    "status_description": "transaction failed",
    "data": {
        "order_no": "162616264070046",
        "invoice_id": "5edfg345fffgdfdgff",
        "payment_method": 1,
        "credit_card_no": "5355765990527226",
        "transaction_type": "Auth",
        "payment_status": 0,
        "payment_method": 1,
        "error_code": "",
        "error": "transaction failed",
        "hash_key": "808b7dd19e13efb6:2374:aoDf__tgqgM5fTuFJKFrEcxxC4vTVz2uNarIGX31rzVTP+JZPTteiy5DGam__5wBVk"

Success Response

    "status_code": 100,
    "status_description": "Payment process successful",
    "data": {
        "order_no": "162616268649431",
        "invoice_id": "5edfg345fffgdfdgff",
        "payment_method": 1,
        "credit_card_no": "5355765990527226",
        "transaction_type": "Auth",
        "payment_status": 1,
        "payment_method": 1,
        "error_code": 100,
        "error": "Transaction Successful",
        "hash_key": "aabb5f5b9f179594:7ade:JiXxJ7wo99Y__9Gm__Kg0lwP273bXxNftgO++vp9ykxyl7n7vmjOKGvtgMkIus8mOk"
Key Explanation
payment_status payment_staus can be 1/0. 1=success, 0=fail
order_no Sipay order no
invoice_id merchant invoice id
status_code Sipay Status code, 100 is success code
status_description Transaction explanation
payment_method 1= Credit Card, 2= Mobile, 3= Wallet
transaction_type transaction_type == “Auth” //transaction amount is deducted from the card instantly.transaction_type == “Pre-Authorization” transaction amount will be deducted from the card later.
error_code The value of status_code parameter
error The value of status_description parameter
hash_key To Validate the request comes from Sipay

Validate Response

Condition 1 : status_code== 100 and transaction_type == “Auth” // Transaction is successful and transaction amount is deducted from the card instantly.

Condition 2 : status_code== 100 and transaction_type == “Pre-Authorization” //Process is successful and transaction amount will be deducted from the card later.