1. Non-Secure Payment
Sipay API Documentation
  • Overview
    • Getting Started
    • Test Cards
  • Authentication
    • Token Generation
      POST
  • Installments & Commission
    • Installment Details
      POST
    • Merchant Installments
      POST
    • Commission
      POST
  • HASH
    • Hash Creation
    • Hash Validation
  • Non-Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
    • Confirm Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • Complete Payment
      POST
    • Confirm Payment
      POST
    • 3D Secure Agriculture Payment
      POST
  • Non-Secure and 3D Payment with Sipay
    • Non-Secure and 3D Secure Payment with Sipay
      POST
  • Check Status
    • Check Status
  • Payment with Saved Card
    • Card Registration
    • 3D Secure Pay by Card Token
    • Non-Secure Pay by Card Token
    • Retrieving Saved Card
    • Edit Saved Card
    • Delete Saved Card
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Refund
    • Refund
  • Cashout
    • Cashout to Bank
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. Non-Secure Payment

Non-Secure Insurance Payment

Testing
Testing Env
https://provisioning.sipay.com.tr
Testing Env
https://provisioning.sipay.com.tr
POST
/ccpayment/api/paySmart2D

vpos_type#

Type: string
The only accepted value is: insurance.
Used only for insurance merchants to initiate an insurance payment. Any other value will result in an error.

identity_number#

Type: string
Specifies the identity number of the customer.
Must be 10 or 11 digits (e.g., TCKN / VKN / TIN).
The cc_no parameter must be sent in the format: “first_eight_digits + **** + last_four_digits”. For example, if cc_no is 1234567897891234, it must be sent as “12345678****1234”.
The number of asterisks must always be four (4); otherwise, an exception will be thrown.
When the type is insurance, this parameters are optional :
expiry_month
expiry_year
cvv


The hash key must be sent in the request.
Sample hash keys can be found in the request form panel on the side, corresponding to the selected programming language.

Request

Authorization
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Bodyapplication/json

⚪1Validation Error
🟠41Failed
Request Request Example
Shell
JavaScript
Java
Swift
#!/usr/bin/env bash

 

generate_hash_key() {
  local total="$1"
  local installment="$2"
  local currency_code="$3"
  local merchant_key="$4"
  local invoice_id="$5"
  local app_secret="$6"

 

  local data="${total}|${installment}|${currency_code}|${merchant_key}|${invoice_id}"

 

  local rand1
  rand1=$(openssl rand -hex 16)
  local iv
  iv=$(printf "%s" "$rand1" | openssl sha1 | awk '{print $2}' | cut -c1-16)

 

  local password
  password=$(printf "%s" "$app_secret" | openssl sha1 | awk '{print $2}')

 

  local rand2
  rand2=$(openssl rand -hex 16)
  local salt
  salt=$(printf "%s" "$rand2" | openssl sha1 | awk '{print $2}' | cut -c1-4)

 

  local salt_with_password
  salt_with_password=$(printf "%s" "${password}${salt}" | openssl sha256 | awk '{print $2}' | cut -c1-32)

 

  
  local key_hex
  key_hex=$(printf "%s" "$salt_with_password" | xxd -p -c 256)

 

  local iv_hex
  iv_hex=$(printf "%s" "$iv" | xxd -p -c 256)

 

  local encrypted_base64
  encrypted_base64=$(printf "%s" "$data" | openssl enc -aes-256-cbc -K "$key_hex" -iv "$iv_hex" -base64)

 

  local msg_encrypted_bundle="${iv}:${salt}:${encrypted_base64}"
  msg_encrypted_bundle="${msg_encrypted_bundle//\//__}"

 

  echo "$msg_encrypted_bundle"
}

 
#Parameters

total=""
installment=""
currency_code=""
merchant_key=""
invoice_id=""
app_secret=""

 

result=$(generate_hash_key "$total" "$installment" "$currency_code" "$merchant_key" "$invoice_id" "$app_secret")
echo "$result"
Response Response Example
200 - Success
{
    "status_code": 100,
    "status_description": "Payment process successful",
    "data": {
        "sipay_status": 1,
        "order_no": "VP17743529649617286",
        "order_id": "VP17743529649617286",
        "invoice_id": "insurancedeneme_1234",
        "sipay_payment_method": 1,
        "credit_card_no": "402278****8555",
        "transaction_type": "Auth",
        "payment_status": 1,
        "payment_method": 1,
        "error_code": 100,
        "error": "Transaction Successful",
        "auth_code": 138038,
        "merchant_commission": 0,
        "user_commission": 0,
        "merchant_commission_percentage": 0,
        "merchant_commission_fixed": 0,
        "installment": 1,
        "amount": 5,
        "payment_reason_code": "",
        "payment_reason_code_detail": "",
        "hash_key": "7db1b34026128c62:2473:+m4__QqM8BzI7p5TqT6PAyRgePhGU6XTBJlmL__TYrDy__y77962eSGhH+BQwQ5hVKXFu+Am6nH__5oqXPwUFXGgGA==",
        "original_bank_error_code": "",
        "original_bank_error_description": "",
        "host_reference_id": ""
    }
}
Modified at 2026-04-28 07:20:51
Previous
Non-Secure Recurring Payment
Next
Non-Secure Pre-Authorization Payment
Built with