1. Authentication
Sipay API Documentation
  • Overview
    • Getting Started
    • Status Codes
    • PreAuthorization / Authorization
    • Webhook
  • Authentication
    • Generating Token
      POST
  • Installments
    • Getting Installment Information
      POST
    • Installments
      POST
  • Commissions
    • Commission
      POST
  • Non Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Credit Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure PreAuthorization Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Credit Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure PreAuthorization Payment
      POST
    • 3D Secure PreAuthorization Payment APP
      POST
    • 3D Secure Agriculture Payment
      POST
  • Payment
    • CheckStatus
      POST
    • ConfirmPayment
      POST
    • CompletePayment
      POST
    • Non-Secure and 3D Payment with Sipay
      POST
    • Refund
      POST
  • Cards
    • Card Registration
    • Pay by Card Token
    • Retrieving Saved Card
    • Edit Saved Card
    • Delete Saved Card
    • NonSecure Payment with Hidden Card
  • HASH
    • Hash Information
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Cashout
    • Cashout to bank
  • Report
    • Settlement API
  1. Authentication

Generating Token

Testing
Testing Env
https://provisioning.sipay.com.tr
Testing Env
https://provisioning.sipay.com.tr
POST
/ccpayment/api/token
The API generates a token to be used in other APIs to verify the merchant. It also returns the payment integration option set for the merchant. The response key is “is_3d”. Possible values ​​for is_3d are: 0, 1, 2, and 4.
0 = Whitelabel 2D only,
1 = Whitelabel 2D or 3D,
2 = Whitelabel 3D only,
4 = Branded payment solution,
If the token API return is 1, the merchant website should display a checkbox for the user to select 2D or 3D.
Each token has a validity period of 2 hours, and it is important to use the same token until it expires. There is no need to call this API again.

Request

Authorization
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
Body Params application/jsonRequired

Examples

Responses

🟢200Token Response
application/json
Body

🟠401Failed
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://provisioning.sipay.com.tr/ccpayment/api/token' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
  "app_id": "6d4a7e9374a76c15260fcc75e315b0b9",
  "app_secret": "b46a67571aa1e7ef5641dc3fa6f1712a",
  "app_lang": "en"
}'
Response Response Example
200 - Success
{
    "status_code": 100,
    "status_description": "Successfully Generated token",
    "data": {
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJqdGkiOiI0ZWJmYzJmOGNiOGZlMzlhYTc5ZGQzYmI1NDc4ZWI2ZjAzMGNjZmM5YzU4ZmExN2I5MjJiN2I1NTIwY2EzZDk5OTk0MWY2ZTAyMWNiZjkwMTEzYjk2ZWZkNmU3NmExZTExYjVlNWRjNDBhNGU1YWY5NmQ5NGVhNjFiYTMzOGNmYSIsImF1ZCI6MTAwMDcsInN1YiI6OTMsImNpZCI6MTgzMDksIm5iZiI6MTc2MTI4NTQ5NywiZXhwIjoxNzYxMjk5ODk3LCJpYXQiOjE3NjEyOTI2OTcsInNjb3BlcyI6W10sImRhdGEiOnsianRpIjoiNGViZmMyZjhjYjhmZTM5YWE3OWRkM2JiNTQ3OGViNmYwMzBjY2ZjOWM1OGZhMTdiOTIyYjdiNTUyMGNhM2Q5OTk5NDFmNmUwMjFjYmY5MDExM2I5NmVmZDZlNzZhMWUxMWI1ZTVkYzQwYTRlNWFmOTZkOTRlYTYxYmEzMzhjZmEifX0.UulUz5RRy8HywFp8dX6fHTPi2PESX9bSkO1Z6rORYMGsGYtqeKSGoEl67V2P9s9oIvULWRolfZVI4NaZ83c9uw",
        "is_3d": 1,
        "expires_at": "2025-10-24 12:58:17"
    }
}
Modified at 2026-01-20 13:57:31
Previous
Webhook
Next
Installments
Built with