This guide explains how to generate and use the hash key required for secure API communication. The hash mechanism ensures that requests are authenticated and have not been altered during transmission.Hash_key should be obtained from the request, and secret_key is the merchant application's secret key (app_secret) provided by Sipay.The hash key is a mandatory parameter and must be included in the request.
Required parameters may vary depending on the endpoint being used.
When the relevant endpoint is accessed and a preferred programming language is selected in the request section, a sample HASH implementation can be found and copied directly from there.The following parameters must be sent in the same order as specified.
Important Notes#
Each request should generate a new hash key.
Ensure that all parameters are sent in the correct order.
Any mismatch in parameter values will result in hash validation errors.
Common Errors#
Incorrect parameter order.
Using different hash/encryption algorithms.
The parameters required to decrypt the hash are as follows:#
HASH VALIDATION#
In 3D Secure payments, after the transaction is completed, the user is redirected to the merchant’s success or failure URL. Since this URL may be publicly accessible and can be triggered by unauthorized users. including parameters such as status, invoice_id, order_id, and hash_key in the redirect URL is recommended and and incoming requests should be verified using the hash_key.For recurring payments, a POST request is sent to the merchant webhook for each renewal transaction. Since webhook URLs are typically publicly accessible, these requests should also be verified using the hash_key to ensure request authenticity.For 3D Secure payments, the status parameter can be set to 0 or 1.
For the Recurring Webhook, the $status parameter can be Completed or Fail.
For Refund Webhook, the status parameter can be Completed or Fail.
