1. HASH
Sipay API Documentation
  • Overview
    • Getting Started
  • Authentication
    • Token Generation
      POST
  • Installments & Commission
    • Installment Details
      POST
    • Merchant Installments
      POST
    • Commission
      POST
  • HASH
    • Hash Creation
    • Hash Validation
  • Non - Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
    • Confirm Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • Complete Payment
      POST
    • Confirm Payment
      POST
    • 3D Secure Agriculture Payment
      POST
  • Non-Secure and 3D Payment with Sipay
    • Non-Secure and 3D Payment with Sipay
      POST
  • Check Status
    • Check Status
      POST
  • Payment with Saved Card
    • Card Registration
    • 3D Secure Pay by Card Token
    • Non-Secure Pay by Card Token
    • Retrieving Saved Card
    • Edit Saved Card
    • Delete Saved Card
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Refund
    • Refund
  • Cashout
    • Cashout to Bank
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. HASH

Hash Validation

This guide explains how to validate hash key.
In 3D Secure payments, after the transaction is completed, the user is redirected to the merchant’s success or failure URL. Since this URL may be publicly accessible and can be triggered by unauthorized users. including parameters such as status, invoice_id, order_id, and hash_key in the redirect URL is recommended and and incoming requests should be verified using the hash_key.
For recurring payments, a POST request is sent to the merchant webhook for each renewal transaction. Since webhook URLs are typically publicly accessible, these requests should also be verified using the hash_key to ensure request authenticity.
For 3D Secure payments, the status parameter can be set to 0 or 1.
For the Recurring Webhook, the $status parameter can be Completed or Fail.
For Refund Webhook, the status parameter can be Completed or Fail.
Python
Shell
Go
JavaScript
Java
Swift
C
C#
Ruby
Dart
R
Modified at 2026-04-22 11:55:25
Previous
Hash Creation
Next
Non - Secure Payment
Built with