1. HASH
Sipay API Documentation
  • Overview
    • Getting Started
    • Status Codes
    • PreAuthorization / Authorization
    • Webhook
  • Authentication
    • Generating Token
      POST
  • Installments
    • Getting Installment Information
      POST
    • Installments
      POST
  • Commissions
    • Commission
      POST
  • Non Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Credit Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure PreAuthorization Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Credit Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure PreAuthorization Payment
      POST
    • 3D Secure PreAuthorization Payment APP
      POST
    • 3D Secure Agriculture Payment
      POST
  • Payment
    • CheckStatus
      POST
    • ConfirmPayment
      POST
    • CompletePayment
      POST
    • Non-Secure and 3D Payment with Sipay
      POST
    • Refund
      POST
  • Cards
    • Card Registration
    • Pay by Card Token
    • Retrieving Saved Card
    • Edit Saved Card
    • Delete Saved Card
    • NonSecure Payment with Hidden Card
  • HASH
    • Hash Information
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Cashout
    • Cashout to bank
  • Report
    • Settlement API
  1. HASH

Hash Information

Hash Validation Example
In 3D payment, after the payment is completed, the user is redirected to the merchant's successful or unsuccessful link. The problem with these links is that they can be accessed by an anonymous person. To prevent this problem, it is recommended that some parameters such as status, invoice_id, order_id, and hash_key are added to the links when redirecting from Sipay, and the request is validated using the hash key.
Also, in recurring payments, a submission request is sent to the merchant webhook in each iteration. Usually, the webhook is an open link. Therefore, the recurring request can also be validated using the hash key. The example code for the validation process is given below.
Here, hashk​eyshouldbeobtainedfromtherequest,andsecret_key is the merchant application's secret key (app_secret) provided by Sipay.
For 3D payment, status = 0 or status = 1
However, for recurring webhooks,
status = COMPLETED or
status = FAIL
Click here to download the sample hash validation file, or review the sample code below.
Modified at 2026-01-19 12:50:28
Previous
NonSecure Payment with Hidden Card
Next
Recurring Query Search
Built with