Getting Started with PayTR Transfer/EFT iFrame API Transfer/EFT iFrame API Step 1

Transfer/EFT iFrame API Step 1

Integration and process flow:

1) Merchant should first request an iframe_token. A server-side POST request is needed.

Request URL: https://www.paytr.com/odeme/api/get-token

POST REQUEST FIELDS AND VALUES:

Field name / type	Description	Mandatory	Limitations
merchant_id (string)	Merchant ID: Your Merchant ID (Mağaza no) provided by PayTR	Yes
user_ip (string)	User ip: User IP received during the request (Important: Make sure you send the external IP address when you run tests on your local machine)	Yes	Up to 39 characters (ipv4)
merchant_oid (string)	Merchant order id: The unique order id you set for the transaction. (Note: Order number is posted back within callback notification - on STEP 2)	Yes	Up to 64 characters, Alpha numeric
email (string)	User email address: The email address which; a) the user registered with on your system b) or you received via the order form	Yes	Up to 100 characters
payment_amount(integer)	Payment amount: The total amount of the order. (Multiply the amount by 100)	Yes	For example, 3456 should be sent for 34.56 (34.56 100 = 3456)
paytr_token(string)	PayTR Token: It is the value that you will create to make sure that the request comes from you and that the content has not changed	Yes	(You should look at the sample codes regarding the calculation)
user_name	User name and surname: In case of sending, Name-Surname information is filled in the payment notification form in the IFrame and cannot be changed.	No	Up to 30 characters
user_phone	User phone number:In case of sending, phone information is filled in the payment notification form in the IFrame and cannot be changed.	No	11 characters, numeric
payment_type(string)	Ödeme tipi	Evet	('eft')
tc_no_last5	TC Number Last 5 digits:In case of sending, TC Number Last 5 digits information is filled in the payment notification form in the IFrame and cannot be changed.	No	5 characters, numeric
bank	Bank:In case of sending, the bank cannot be selected in the IFrame, only the sent bank is displayed.	No	isbank, akbank, denizbank, finansbank,halkbank, ptt, teb, vakifbank, yapikredi,ziraat one of these options
test_mode	The store can be sent as 1 to perform a test transaction while in live mode	No	0 or 1
debug_on (int)	Error return: 1 must be sent to return an error message if incorrect or incomplete information is transmitted	No	0 or 1
timeout_limit(int)	If a non-zero value is sent, the payment must be completed within this period (You can use it for security purposes in case there is a price update in your system during payment)	Hayır	In minutes (defined as 30 minutes if not sent)

The response to the request is in JSON format. For detailed information, see the sample code.

Merchant opens the payment notification form using an iframe with the iframe_token in the successful response.

NOTE: Upon completion of the transactions described above, the payment notification form to be used by the customer will appear on the screen.

The step that the customer will interact with in the payment process is thus completed in integration. HOWEVER; Your integration is not yet complete, completion of step 2 is required to deliver the payment result (successful/unsuccessful) to the merchant.

2) When the customer makes a payment notification by filling out the form opened with the iframe in the first step, the PayTR operations team sees the notification and checks the payment.After control, in the background by PayTR system (server-side) the result of the control is sent to the store notification page (notification URL) by the POST method. Based on this notification, the merchant approves or cancels the order.

POST REQUEST FIELDS AND VALUES:

Field name	Description
merchant_oid	Merchant order id: The unique order id you set for the transaction
status	Result of the payment transaction(success/failed)
total_amount	Total amount collected from the user (Multiplied by 100: e.g. 34.56 => 3456)
hash	The hash value generated to check the received values are intact for security purposes
failed_reason_code	Sent if payment is not approved
failed_reason_msg	Explains why the payment is not approved
test_mode	Sent as 1 in test mode or while running a test in live mode

<!doctype html>
<html lang="tr">
<head>
    <meta charset="UTF-8">
    <title>Örnek Ödeme Sayfası</title>
</head>
<body>

<div>
    <h1>Örnek Ödeme Sayfası</h1>
</div>
<br><br>

<div style="width: 100%;margin: 0 auto;display: table;">

    <?php 

$merchant_id='XXXXXX'; 
$merchant_key='YYYYYYYYYYYYYY'; 
$merchant_salt='ZZZZZZZZZZZZZZ'; 

if( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
       $ip = $_SERVER["HTTP_CLIENT_IP"];
} elseif( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
       $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
       $ip = $_SERVER["REMOTE_ADDR"];
}

$user_ip=$ip;  

$merchant_oid=time();
$email="musteri@saglayici.com"; 
$payment_amount="999";
$payment_type='eft';
$debug_on=1;

$timeout_limit = "30";

$test_mode = 0;

$hash_str=$merchant_id.$user_ip.$merchant_oid.$email.$payment_amount.$payment_type.$test_mode;
$paytr_token=base64_encode(hash_hmac('sha256',$hash_str.$merchant_salt,$merchant_key,true));

$post_vals=array(
        'merchant_id'=>$merchant_id,
        'user_ip'=>$user_ip,
        'merchant_oid'=>$merchant_oid,
        'email'=>$email,
        'payment_amount'=>$payment_amount,
        'payment_type'=>$payment_type,
        'paytr_token'=>$paytr_token,
        'debug_on'=>$debug_on,
        'timeout_limit'=>$timeout_limit,
        'test_mode'=>$test_mode
);

$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.paytr.com/odeme/api/get-token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1) ;
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_vals);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);

$result = @curl_exec($ch);

if(curl_errno($ch))
{
    die("PAYTR EFT IFRAME connection error. err:".curl_error($ch));
}
curl_close($ch);

$result=json_decode($result,1);

if($result['status']=='success')
{
    $token=$result['token'];
}
else
{
    die("PAYTR EFT IFRAME failed. reason:".$result['reason']);
}

    ?>

    <script src="https://www.paytr.com/js/iframeResizer.min.js"></script>
    <iframe src="https://www.paytr.com/odeme/api/<?php echo $token;?>" id="paytriframe" frameborder="0" scrolling="no" style="width: 100%;"></iframe>
    <script>iFrameResize({},'#paytriframe');</script>

</div>

<br><br>
</body>
</html>

# Python 3.6+

import base64
import hashlib
import hmac
import json
import requests

merchant_id = 'XXXXXX'
merchant_key = b'YYYYYYYYYYYYYY'
merchant_salt = 'ZZZZZZZZZZZZZZ'

user_ip = ''

merchant_oid = ''

email = 'musteri@saglayici.com'

payment_amount = ''

payment_type = 'eft'

debug_on = '1'

timeout_limit = '30'

test_mode = '0'

hash_str = merchant_id + user_ip + merchant_oid + email + payment_amount + payment_type + test_mode + merchant_salt
paytr_token = base64.b64encode(hmac.new(merchant_key, hash_str.encode(), hashlib.sha256).digest())

params = {
    'merchant_id': merchant_id,
    'user_ip': user_ip,
    'merchant_oid': merchant_oid,
    'email': email,
    'payment_amount': payment_amount,
    'payment_type': payment_type,
    'paytr_token': paytr_token,
    'debug_on': debug_on,
    'timeout_limit': timeout_limit,
    'test_mode': test_mode
}

result = requests.post('https://www.paytr.com/odeme/api/get-token', params)
res = json.loads(result.text)

if res['status'] == 'success':
    print(res['token'])
else:
    print('PAYTR EFT IFRAME failed. reason:' + res['reason'])

    """
# Ödeme formunun açılması için gereken HTML kodlar / Başlangıç #

<script src="https://www.paytr.com/js/iframeResizer.min.js"></script>
<iframe src="https://www.paytr.com/odeme/api/{ token }" id="paytriframe" frameborder="0" scrolling="no" style="width: 100%;"></iframe>
<script>iFrameResize({},'#paytriframe');</script>

# Ödeme formunun açılması için gereken HTML kodlar / Bitiş #
"""


using Newtonsoft.Json.Linq; 
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.Script.Serialization;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class iframe_ornek : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e) {

            string merchant_id = "XXXXXX";
            string merchant_key = "YYYYYY";
            string merchant_salt = "ZZZZZZ";

            string emailstr = "";

            int payment_amountstr = 999;

            string merchant_oid = "";

            string user_ip = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
            if (user_ip == "" || user_ip == null)
            {
                user_ip = Request.ServerVariables["REMOTE_ADDR"];
            }

            string timeout_limit = "30";

            string debug_on = "1";

            string test_mode = "0";

            string payment_type = "eft";

            NameValueCollection data = new NameValueCollection();
            data["merchant_id"] = merchant_id;
            data["user_ip"] = user_ip;
            data["merchant_oid"] = merchant_oid;
            data["email"] = emailstr;
            data["payment_amount"] = payment_amountstr.ToString();
            data["payment_type"] = payment_type;

            string Birlestir = string.Concat(merchant_id, user_ip, merchant_oid, emailstr, payment_amountstr.ToString(), payment_type, test_mode, merchant_salt);
            HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(merchant_key));
            byte[] b = hmac.ComputeHash(Encoding.UTF8.GetBytes(Birlestir));
            data["paytr_token"] = Convert.ToBase64String(b);
            //
            data["debug_on"] = debug_on;
            data["test_mode"] = test_mode;
            data["timeout_limit"] = timeout_limit;

            using (WebClient client = new WebClient())
            {
                client.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
                byte[] result = client.UploadValues("https://www.paytr.com/odeme/api/get-token", "POST", data);
                string ResultAuthTicket = Encoding.UTF8.GetString(result);
                dynamic json = JValue.Parse(ResultAuthTicket);

                if (json.status == "success")
                {
                    ViewBag.Src = "https://www.paytr.com/odeme/api/" + json.token + "";
                }
                else
                {
                    Response.Write("PAYTR EFT IFRAME failed. reason:" + json.reason + "");
                }
            }

    }
}

var express = require('express');
var ejsLayouts = require('express-ejs-layouts');
var microtime = require('microtime');
var crypto = require('crypto');
var app = express();
var nodeBase64 = require('nodejs-base64-converter');
var request = require('request');
var path = require('path');

app.set('views', path.join(__dirname, '/app_server/views'));

app.set('view engine', 'ejs');
app.use(ejsLayouts);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

var merchant_id = 'XXXXXX'; 
var merchant_key = 'YYYYYYYYYYYYYY';
var merchant_salt = 'ZZZZZZZZZZZZZZ';
var merchant_oid = "IN" + microtime.now(); 

var user_ip = '';
var email = 'musteri@saglayici.com';
var payment_amount = 100;
var payment_type ='eft';
var test_mode = '0';
var timeout_limit = 30; 
var debug_on = 1;

app.get("/", function (req, res) {

    var hashSTR = `${merchant_id}${user_ip}${merchant_oid}${email}${payment_amount}${payment_type}${test_mode}`;
    var paytr_token = hashSTR + merchant_salt;
    var token = crypto.createHmac('sha256', merchant_key).update(paytr_token).digest('base64');

    var options = {
        method: 'POST',
        url: 'https://www.paytr.com/odeme/api/get-token',
        headers:
            { 'content-type': 'application/x-www-form-urlencoded' },
        formData: {
            merchant_id: merchant_id,
            user_ip: user_ip,
            merchant_oid: merchant_oid,
            email: email,
            payment_amount: payment_amount,
            payment_type: payment_type,
            paytr_token: token,
            debug_on: debug_on,
            timeout_limit: timeout_limit, 
            test_mode: test_mode,

        }
    };

    request(options, function (error, response, body) {
        if (error) throw new Error(error);
        var res_data = JSON.parse(body);

        if (res_data.status == 'success') {
            res.render('layout', { iframetoken: res_data.token });
        } else {

            res.end(body);
        }

    });

});

app.post("/callback", function (req, res) {
    var callback = req.body;

    paytr_token = callback.merchant_oid + merchant_salt + callback.status + callback.total_amount;
    var token = crypto.createHmac('sha256', merchant_key).update(paytr_token).digest('base64');

    if (token != callback.hash) {
        throw new Error("PAYTR notification failed: bad hash");
    } 

    if (callback.status == 'success') {

    } else {

    }

    res.send('OK');

});

var port = 3000;
app.listen(port, function () {
    console.log("Server is running. Port:" + port);
});

Transfer/EFT iFrame API Step 1 sample codes click to download