Transfer/EFT iFrame API Step 1

Integration and process flow:

1) Merchant should first request an iframe_token. A server-side POST request is needed.

Request URL:


Field name / type Description Mandatory Limitations
merchant_id (string) Merchant ID: Your Merchant ID (Mağaza no) provided by PayTR Yes
user_ip (string) User ip: User IP received during the request (Important: Make sure you send the external IP address when you run tests on your local machine) Yes Up to 39 characters (ipv4)
merchant_oid (string) Merchant order id: The unique order id you set for the transaction. (Note: Order number is posted back within callback notification - on STEP 2) Yes Up to 64 characters, Alpha numeric
email (string) User email address: The email address which; a) the user registered with on your system b) or you received via the order form Yes Up to 100 characters
payment_amount(integer) Payment amount: The total amount of the order. (Multiply the amount by 100) Yes For example, 3456 should be sent for 34.56 (34.56 100 = 3456)
paytr_token(string) PayTR Token: It is the value that you will create to make sure that the request comes from you and that the content has not changed Yes (You should look at the sample codes regarding the calculation)
user_name User name and surname: In case of sending, Name-Surname information is filled in the payment notification form in the IFrame and cannot be changed. No Up to 30 characters
user_phone User phone number:In case of sending, phone information is filled in the payment notification form in the IFrame and cannot be changed. No 11 characters, numeric
tc_no_last5 TC Number Last 5 digits:In case of sending, TC Number Last 5 digits information is filled in the payment notification form in the IFrame and cannot be changed. No 5 characters, numeric
bank Bank:In case of sending, the bank cannot be selected in the IFrame, only the sent bank is displayed. No isbank, akbank, denizbank, finansbank,halkbank, ptt, teb, vakifbank, yapikredi,ziraat one of these options
test_mode The store can be sent as 1 to perform a test transaction while in live mode No 0 or 1
debug_on (int) Error return: 1 must be sent to return an error message if incorrect or incomplete information is transmitted No 0 or 1
timeout_limit(int) If a non-zero value is sent, the payment must be completed within this period (You can use it for security purposes in case there is a price update in your system during payment) Hayır In minutes (defined as 30 minutes if not sent)

The response to the request is in JSON format. For detailed information, see the sample code.

Merchant opens the payment notification form using an iframe with the iframe_token in the successful response.

NOTE: Upon completion of the transactions described above, the payment notification form to be used by the customer will appear on the screen.

The step that the customer will interact with in the payment process is thus completed in integration. HOWEVER; Your integration is not yet complete, completion of step 2 is required to deliver the payment result (successful/unsuccessful) to the merchant.

2) When the customer makes a payment notification by filling out the form opened with the iframe in the first step, the PayTR operations team sees the notification and checks the payment.After control, in the background by PayTR system (server-side) the result of the control is sent to the store notification page (notification URL) by the POST method. Based on this notification, the merchant approves or cancels the order.


Field name Description
merchant_oid Merchant order id: The unique order id you set for the transaction
status Result of the payment transaction(success/failed)
total_amount Total amount collected from the user (Multiplied by 100: e.g. 34.56 => 3456)
hash The hash value generated to check the received values are intact for security purposes
failed_reason_code Sent if payment is not approved
failed_reason_msg Explains why the payment is not approved
test_mode Sent as 1 in test mode or while running a test in live mode

<!doctype html>
<html lang="tr">
    <meta charset="UTF-8">
    <title>Örnek Ödeme Sayfası</title>

    <h1>Örnek Ödeme Sayfası</h1>

<div style="width: 100%;margin: 0 auto;display: table;">



if( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
       $ip = $_SERVER["HTTP_CLIENT_IP"];
} elseif( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
       $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
       $ip = $_SERVER["REMOTE_ADDR"];



$timeout_limit = "30";

$test_mode = 0;



curl_setopt($ch, CURLOPT_URL, "");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1) ;
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_vals);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);

$result = @curl_exec($ch);

    die("PAYTR EFT IFRAME connection error. err:".curl_error($ch));


    die("PAYTR EFT IFRAME failed. reason:".$result['reason']);


    <script src=""></script>
    <iframe src="<?php echo $token;?>" id="paytriframe" frameborder="0" scrolling="no" style="width: 100%;"></iframe>



Transfer/EFT iFrame API Step 1 sample codes click to download