1. Payment with Saved Card
Sipay API Documentation
  • Overview
    • Getting Started
  • Authentication
    • Generating Token
      POST
  • Installments
    • Getting Installment Information
      POST
    • Installments
      POST
  • Commissions
    • Commission
      POST
  • HASH
    • Hash Information
  • Non Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Recurring Payment
      POST
    • Non-Secure Insurance Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Recurring Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • 3D Secure Agriculture Payment
      POST
  • Payment
    • Check Status
    • Confirm Payment
    • Complete Payment
    • Non-Secure and 3D Payment with Sipay
    • Refund
  • Payment with Saved Card
    • Card Registration
      POST
    • Pay by Card Token
      POST
    • Retrieving Saved Card
      GET
    • Edit Saved Card
      POST
    • Delete Saved Card
      POST
    • Non-Secure Payment with Hidden Card
      POST
  • Recurring
    • Recurring Query Search
    • Recurring Plan Process
    • Recurring Plan Update
  • Cashout
    • Cashout to Bank
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. Payment with Saved Card

Pay by Card Token

Testing
Testing Env
https://provisioning.sipay.com.tr
Testing Env
https://provisioning.sipay.com.tr
POST
/ccpayment/api/payByCardToken
The stored card payment service is used to place orders using previously saved card information. After completing and submitting the payment form on the merchant’s website, the user is redirected directly to the bank’s authentication page.
The payment is verified at the bank gateway through an SMS-based verification code or another 3D Secure authentication method defined by the bank.
Once the payment is successfully completed, the user is redirected to the merchant’s success URL. In case of failure or cancellation, the user is redirected to the cancellation URL specified by the merchant. Unlike other payment APIs, this flow does not require an additional call to the getPos API.
The hash key must be send in the request.
Sample hash keys can be found in the request form panel on the side, corresponding to the selected programming language.
An example of the hash algorithm is included in the request.

Hash Parameters#

The parameters and their order to be used for the hash algorithm are as follows.
total
installment
currency_code
merchant_key
invoice_id
app_secret

Request

Authorization
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Body

Request Request Example
Shell
JavaScript
Java
Swift
#!/usr/bin/env bash

 

generate_hash_key() {
  local total="$1"
  local installment="$2"
  local currency_code="$3"
  local merchant_key="$4"
  local invoice_id="$5"
  local app_secret="$6"

 

  local data="${total}|${installment}|${currency_code}|${merchant_key}|${invoice_id}"

 

  local rand1
  rand1=$(openssl rand -hex 16)
  local iv
  iv=$(printf "%s" "$rand1" | openssl sha1 | awk '{print $2}' | cut -c1-16)

 

  local password
  password=$(printf "%s" "$app_secret" | openssl sha1 | awk '{print $2}')

 

  local rand2
  rand2=$(openssl rand -hex 16)
  local salt
  salt=$(printf "%s" "$rand2" | openssl sha1 | awk '{print $2}' | cut -c1-4)

 

  local salt_with_password
  salt_with_password=$(printf "%s" "${password}${salt}" | openssl sha256 | awk '{print $2}' | cut -c1-32)

 

  # Python kodunda key ve iv doğrudan ASCII byte olarak veriliyor.
  local key_hex
  key_hex=$(printf "%s" "$salt_with_password" | xxd -p -c 256)

 

  local iv_hex
  iv_hex=$(printf "%s" "$iv" | xxd -p -c 256)

 

  local encrypted_base64
  encrypted_base64=$(printf "%s" "$data" | openssl enc -aes-256-cbc -K "$key_hex" -iv "$iv_hex" -base64)

 

  local msg_encrypted_bundle="${iv}:${salt}:${encrypted_base64}"
  msg_encrypted_bundle="${msg_encrypted_bundle//\//__}"

 

  echo "$msg_encrypted_bundle"
}

 

total="100"
installment="1"
currency_code="TRY"
merchant_key="merchant_key"
invoice_id="invoice_id"
app_secret="app_secret"

 

result=$(generate_hash_key "$total" "$installment" "$currency_code" "$merchant_key" "$invoice_id" "$app_secret")
echo "$result"
Response Response Example
{}
Modified at 2026-04-16 15:18:21
Previous
Card Registration
Next
Retrieving Saved Card
Built with