1. Authentication
Sipay API Documentation
  • Overview
    • Getting Started
  • Authentication
    • Generating Token
      POST
  • Installments
    • Getting Installment Information
      POST
    • Installments
      POST
  • Commissions
    • Commission
      POST
  • HASH
    • Hash Information
  • Non Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • 3D Secure Agriculture Payment
      POST
  • Payment
    • Check Status
      POST
    • Confirm Payment
      POST
    • Complete Payment
      POST
    • Non-Secure and 3D Payment with Sipay
      POST
    • Refund
      POST
  • Payment with Saved Card
    • Card Registration
    • Pay by Card Token
    • Retrieving Saved Card
    • Edit Saved Card
    • Delete Saved Card
    • Non-Secure Payment with Hidden Card
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Cashout
    • Cashout to Bank
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. Authentication

Generating Token

Testing
Testing Env
https://provisioning.sipay.com.tr
Testing Env
https://provisioning.sipay.com.tr
POST
/ccpayment/api/token
This endpoint generates a token used to authenticate the merchant in subsequent API requests.
📌
The endpoint also returns the payment integration option configured for the merchant. The corresponding response field is is_3d, which can take the following values: 0, 1, 2, and 4.
0 = Whitelabel Non Secure only,
1 = Whitelabel Non Secure or 3D,
2 = Whitelabel 3D only,
4 = Branded payment solution
If the token API return is 1, the merchant website should display a checkbox for the user to select Non Secure or 3D Secure Payment.
Each token has a validity period of 2 hours.

Request

Authorization
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Body

🔵30Failed
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://provisioning.sipay.com.tr/ccpayment/api/token' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
  "app_id": "6d4a7e9374a76c15260fcc75e315b0b9",
  "app_secret": "b46a67571aa1e7ef5641dc3fa6f1712a",
  "app_lang": "en"
}'
Response Response Example
200 - Success
{
    "status_code": 100,
    "status_description": "Successfully Generated token",
    "data": {
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJqdGkiOiI0ZWJmYzJmOGNiOGZlMzlhYTc5ZGQzYmI1NDc4ZWI2ZjAzMGNjZmM5YzU4ZmExN2I5MjJiN2I1NTIwY2EzZDk5OTk0MWY2ZTAyMWNiZjkwMTEzYjk2ZWZkNmU3NmExZTExYjVlNWRjNDBhNGU1YWY5NmQ5NGVhNjFiYTMzOGNmYSIsImF1ZCI6MTAwMDcsInN1YiI6OTMsImNpZCI6MTgzMDksIm5iZiI6MTc3NTEyMTM1MiwiZXhwIjoxNzc1MTM1NzUyLCJpYXQiOjE3NzUxMjg1NTIsInNjb3BlcyI6W10sImRhdGEiOnsianRpIjoiNGViZmMyZjhjYjhmZTM5YWE3OWRkM2JiNTQ3OGViNmYwMzBjY2ZjOWM1OGZhMTdiOTIyYjdiNTUyMGNhM2Q5OTk5NDFmNmUwMjFjYmY5MDExM2I5NmVmZDZlNzZhMWUxMWI1ZTVkYzQwYTRlNWFmOTZkOTRlYTYxYmEzMzhjZmEifX0.jYPZapZZ-jWOnEc0HLIRX5_qjTdIM9rC8Im4x_DBOHmROOCqoZ1AoN7P6PU6324xcg0KLS8CDHTbwj7RIWnnCQ",
        "is_3d": 1,
        "expires_at": "2026-04-02 16:15:52"
    }
}
Modified at 2026-04-20 11:24:19
Previous
Getting Started
Next
Getting Installment Information
Built with