TRANSFER OF INFORMATION FROM PAYMENT FORM
1) The customer starts a new order on the merchant webpage.
2) Merchant redirects the customer to the page where the payment options are presented.
3) After the customer inputs and confirms the information for the payment, the merchant should produce a security token. The data to be used in token production is listed below. Please check sample codes for clarification on token production.
Data to be used in token production
| Field name / type | Description | Mandatory | Limitations & Notes |
|---|---|---|---|
| merchant_id (string) | Merchant ID: Your Merchant ID (Mağaza no) provided by PayTR | Yes | |
| user_ip (string) | User ip: User IP received during the request (Important: Make sure you send the external IP address when you run tests on your local machine) | Yes | Up to 39 characters (ipv4) |
| merchant_oid (string) | Merchant order id: The unique order id you set for the transaction.(Note: Order number is posted back within callback notification | Yes | Up to 64 characters, Alpha numeric |
| email (string) | User email address: The email address which; the user registered with on your system or you received via the order form | Yes | Up to 100 characters |
| payment_amount(integer) | Payment amount: The total amount of the order. | Yes | Brackets only send as dot (.) |
| payment_type(string) | Payment type | Yes | ('card') |
| installment_count(int) | Installment count | Yes | 0, 2, 3, 4, 5, 6, 7, 8, 9, 10,11,12 |
| currency(string) | Currency | No | TL, EUR, USD, GBP, RUB (TL is assumed if not sent) |
| test_mode | When the merchant is in live mode, it can be sent as 1 to run a test | No | 0 or 1 |
| non_3d | For Non3D transactions send this value as 1 | Yes | 0 or 1 |
| request_exp_date(int) | If a value other than zero is sent, payment must be completed within that time. (e.g. You can use it for security purposes in case of price updates etc.) | No | Timestamp |
4) The Merchant system sends the token, and the data used to produce the token, and the data which is not used for the token production but required for payment proccess, to https://www.paytr.com/odeme with POST method (Important Notice: The form on the merchant page must POST only to PayTR URL because it contains sensitive card information. POST should never be sent to the server of the merchant.)
POST REQUEST FIELDS AND VALUES:
| Field name / type | Description | Mandatory | Limitations & Notes |
|---|---|---|---|
| merchant_id (integer) | Merchant ID: Your Merchant ID provided by PayTR | Yes | |
| paytr_token (string) | Paytr_token: It is used to ensure that the request comes from you and the content did not change | Yes | Please check the sample codes for calculation |
| user_ip (string) | User ip: User IP received during the request (Important: Make sure you send the external IP address when you run tests on your local machine) | Yes | Up to 39 characters (ipv4) |
| merchant_oid (string) | Merchant order id: The unique order id you set for the transaction.(Note: Order number is posted back within callback notification | Yes | Up to 64 characters, Alpha numeric |
| email (string) | User email address: The email address which; the user registered with on your system or you received via the order form | Yes | Up to 100 characters |
| payment_amount (double), decimal (.) and two digits after the point | Payment amount: The total amount of the order. | Yes | For example: 100.99 or 150 or 1500.35 |
| payment_type(string) | Payment type | Yes | ('card') |
| installment_count(int) | Installment count | Yes | 0, 2, 3, 4, 5, 6, 7, 8, 9, 10,11,12 |
| card_type(string) | Card type (For installment transactions) | No | advantage, axess, combo, bonus, cardfinans, maximum, paraf, world, saglamkart |
| currency(string) | Currency | No | TL(or TRY), EUR, USDD (TL is assumed if not sent) |
| client_lang(string) | Language to be used on payment process | No | tr for Turkish or en for English (tr is assumed if not sent) |
| test_mode | When the merchant is in live mode, it can be sent as 1 to run a test | No | 0 or 1 |
| non_3d | For Non3D transactions send this value as 1 | Yes | 0 or 1 |
| non3d_test_failed | If you need to test failed Non3D transaction send 1 (non_3d and test_mode values must be both 1) | No | 0 or 1 |
| cc_owner(string) | Card holder name | Yes | Up to 50 characters |
| card_number(string) | Card number | Yes | Up to 16 characters |
| expiry_month(string) | Card expiry date (Month) | Yes | 1, 2, 3, .. , 11, 12 |
| expiry_year(string) | Card expiry date (Year) | Yes | 20, 21, 22,… |
| cvv(string) | Card security code | Yes | Up to 4 characters |
| merchant_ok_url(string) | The page the user will be redirected to after successful payment (e.g. Order status / my orders page)(Warning: the payment may not have been approved yet when the user reaches this page | Yes | Up to 400 characters |
| merchant_fail_url(string) | The page that the user will be redirected to if something unexpected occurs | Yes | Up to 400 characters |
| user_name (string) | User name and surname: First and last name of the user that you have on your system or received via the order form | Yes | Up to 60 characters |
| user_address (string) | User address: The address of the user that you have on your system or received via the order form | Yes | Up to 400 characters |
| user_phone (string) | User phone number: The phone number of the user that you have on your system or received via the order form | Yes | Up to 20 characters |
| user_basket (string) | User basket/order contents | Yes | JSON - Please check the sample codes for structure |
| debug_on (int) | Display errors: If the value is 1, when wrong or incomplete information is transmitted to the API, error message is displayed on the page. | No | 0 or 1(Be sure to send 1 to detect errors during the integration and testing process) |
| sync_mode (int) | Sync Mode: After sending a payment request, the response in JSON format returns directly to the request result without redirecting to the successful or unsuccessful page according to the result of the transaction. In addition; Details of the transaction are sent to the defined Notification URL address. The values that the status field returned as a result of sync mode can receive are “failed”, “wait_callback” and “success Note: The Non3D authorization must be turned on in your store for this operation. | No | 0 or 1 (A request must be sent to us in order for the relevant authorization to be defined to the store. If it is approved by our units, the authorization will be defined to the store.) |
SYNC MODE RESPONSE
| status | msg (Description) | utoken, ctoken (If the card has been stored)) |
|---|---|---|
| failed | “You have a process that is still in progress, you can try it again after it is completed”. or a different error message. | No |
| wait_callback | Checking Payment, Wait for Notification. | Yes |
| success | Successful Payment. | Yes |
5The PAYTR system performs checks and verifications on the sent information and directs the customer to the merchant_ok_url or merchant_fail_url address given by the merchant according to the payment result. In case of redirecting to merchant_ok_url, no data is sent in the POST content.In case of redirecting to merchant_fail_url, the fail_message field in the POST content contains information about why the payment failed. This information is a formatted message that can be displayed directly to the customer.
6)The result of the payment attempt is entered into the Notification URL (Callback URL) on the Merchant website, token, merchant order number and payment status, etc. The member workplace is notified by posting the information.
This step concludes the part of the payment process which the user will interact with. HOWEVER; the integration is not yet complete. STEP 2 must be completed in order to receive the payment result (success / failed) and to confirm / cancel the order.
IMPORTANT NOTICE: PayTR payment infrastructure works asynchronously.Therefore, when the payment is completed, the customer is redirected to merchant_ok_url, while the final result (Successful or Unsuccessful) of the payment is sent to the Notification URL by POST. No data is sent to merchant_ok_url, so you should not take actions such as order confirmation/cancellation on the page you specify as merchant_ok_url.
About Odeabank Cards: Maximum 3 installments are made with Odeabank Axess Bank'O Card cards. Therefore, you can not send more than 3 installments for the relevant cards.
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<?php
$merchant_id = 'MAGAZA_NO';
$merchant_key = 'XXXXXXXXXXX';
$merchant_salt = 'YYYYYYYYYYY';
$merchant_ok_url="http://site-ismi/basarili";
$merchant_fail_url="http://site-ismi/basarisiz";
$user_basket = htmlentities(json_encode(array(
array("Altis Renkli Deniz Yatağı - Mavi", "18.00", 1),
array("Pharmasol Güneş Kremi 50+ Yetişkin & Bepanthol Cilt Bakım Kremi", "33,25", 2),
array("Bestway Çocuklar İçin Plaj Seti Beach Set ÇANTADA DENİZ TOPU-BOT-KOLLUK", "45,42", 1)
)));
srand(time(null));
$merchant_oid = rand();
$test_mode="0";
$non_3d="0";
$client_lang = "tr";
$non3d_test_failed="0";
if( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
$ip = $_SERVER["HTTP_CLIENT_IP"];
} elseif( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
$user_ip = $ip;
$email = "testnon3d@paytr.com";
$payment_amount = "100.99";
$currency="TL";
$payment_type = "card";
$post_url = "https://www.paytr.com/odeme";
$hash_str = $merchant_id . $user_ip . $merchant_oid . $email . $payment_amount . $payment_type . $installment_count. $currency. $test_mode. $non_3d;
$token = base64_encode(hash_hmac('sha256',$hash_str.$merchant_salt,$merchant_key,true));
?>
<body>
<form action="<?php echo $post_url;?>" method="post">
Kart Sahibi Adı: <input type="text" name="cc_owner" value="TEST KARTI"><br>
Kart Numarası: <input type="text" name="card_number" value="9792030394440796"><br>
Kart Son Kullanma Ay: <input type="text" name="expiry_month" value="12" ><br>
Kart Son Kullanma Yıl: <input type="text" name="expiry_year" value="99"><br>
Kart Güvenlik Kodu: <input type="text" name="cvv" value="000"><br>
<input type="hidden" name="merchant_id" value="<?php echo $merchant_id;?>">
<input type="hidden" name="user_ip" value="<?php echo $user_ip;?>">
<input type="hidden" name="merchant_oid" value="<?php echo $merchant_oid;?>">
<input type="hidden" name="email" value="<?php echo $email;?>">
<input type="hidden" name="payment_type" value="<?php echo $payment_type;?>">
<input type="hidden" name="payment_amount" value="<?php echo $payment_amount;?>">
<input type="hidden" name="currency" value="<?php echo $currency;?>">
<input type="hidden" name="test_mode" value="<?php echo $test_mode;?>">
<input type="hidden" name="non_3d" value="<?php echo $non_3d;?>">
<input type="hidden" name="merchant_ok_url" value="<?php echo $merchant_ok_url;?>">
<input type="hidden" name="merchant_fail_url" value="<?php echo $merchant_fail_url;?>">
<input type="hidden" name="user_name" value="Paytr Test">
<input type="hidden" name="user_address" value="test test test">
<input type="hidden" name="user_phone" value="05555555555">
<input type="hidden" name="user_basket" value="<?php echo $user_basket; ?>">
<input type="hidden" name="debug_on" value="1">
<input type="hidden" name="client_lang" value="<?php echo $client_lang; ?>">
<input type="hidden" name="paytr_token" value="<?php echo $token; ?>">
<input type="hidden" name="non3d_test_failed" value="<?php echo $non3d_test_failed; ?>">
<input type="hidden" name="installment_count" value="<?php echo $installment_count; ?>">
<input type="hidden" name="card_type" value="<?php echo $card_type; ?>">
<input type="submit" value="Submit">
</form>
</body>
</html>Direct API Step 1 sample codes click to download