iFrame API Step 1
1- Send the information specified in the table to the POST to related URL so that it can be found when the iFrame requests a Token: https://www.paytr.com/odeme/api/get-token
This request occurs in the background (server-side) using the POST method.
POST REQUEST FIELDS AND VALUES:
| Value/Type | Mandatory | Token | Description | Limitation |
|---|---|---|---|---|
| merchant_id(string) | Yes | Yes | Merchant ID: Your Merchant ID (Mağaza no) provided by PayTR | |
| user_ip (string) | Yes | Yes | User ip: User IP received during the request (Important: Make sure you send the external IP address when you run tests on your local machine) | Up to 39 characters (ipv4) |
| merchant_oid(string) | Yes | Yes | Merchant order id: The unique order id you set for the transaction. (Note: Order number is posted back within callback notification - on STEP 2) | Up to 64 characters, Alpha numeric |
| email (string) | Yes | Yes | User email address: The email address which; a) the user registered with on your system b) or you received via the order form | Up to 100 characters |
| payment_amount(integer) | Yes | Yes | Payment amount: The total amount of the order. (Multiply the amount by 100) | *For example, 3456 should be sent for 34.56 (34.56 100 = 3456)** |
| currency(string) | Evet | Evet | Currency | TL (or TRY), EUR, USD, GBP, RUB (TL is assumed if not sent) |
| user_basket(string) | Yes | Yes | User basket/order contents | Please check the sample codes for structure |
| no_installment(int) | Yes | Yes | Do not display the installment option: If you send as 1, the installment options are not displayed (example usage: installment ban for mobile phone sales) | 0 veya 1 |
| max_installment(int) | Yes | Yes | Maximum number of installments: Specifies the maximum number of installments to be displayed (example usage: up to 4 installments is allowed for jewellery expenditures) | 0,2,3,4,5,6,7,8,9,10,11,12 If zero (0) is sent, the maximum available installment number is used |
| paytr_token(string) | Yes | No | Paytr_token: It is used to ensure that the request comes from you and the content did not change | Please check the sample codes for calculation |
| user_name(string) | Yes | No | User name and surname: First and last name of the user that you have on your system or received via the order form | Up to 60 characters |
| user_address(string) | Yes | No | User address: The address of the user that you have on your system or received via the order form | Up to 400 characters |
| user_phone(string) | Yes | No | User phone number: The phone number of the user that you have on your system or received via the order form | Up to 20 characters |
| merchant_ok_url | Yes | No | The page the user will be redirected to after successful payment (e.g. Order status / my orders page) (Warning: the payment may not have been approved yet when the user reaches this page) | Up to 400 characters |
| merchant_fail_url | Yes | No | The page that the user will be redirected to if something unexpected occurs | Up to 400 characters |
| test_mode | No | Yes | Mağaza canlı modda iken test işlem yapmak için 1 olarak gönderilebilir | 0 veya 1 |
| debug_on (int) | No | No | Display errors: If the value is 1, when wrong or incomplete information is transmitted to the API, error message is displayed on the page | 0 or 1 (Be sure to send 1 to detect errors during the integration and testing process) |
| timeout_limit(int) | No | No | If a value other than zero is sent, payment must be completed within that time. (e.g. You can use it for security purposes in case of price updates etc.) | In minutes (30 minutes is assumed if not sent) |
| lang(string) | No | No | Language to be used on pages during payment process | tr for Turkish or en for English (tr is assumed if not sent) |
The response to the iframe_token request is in JSON format:
- Successful response example: (includes iframe_token)
{"status":"success","token":"28cc613c3d7633cfa4ed0956fdf901e05cf9d9cc0c2ef8db54fa"}- Successful response example: (includes iframe_token)
{"status":"success","token":"28cc613c3d7633cfa4ed0956fdf901e05cf9d9cc0c2ef8db54fa"}The following HTML code block should be used to open the payment form. The iframe_token received in the successful response (explained above) is used in “src” attribute of iFrame.
<script src="https://www.paytr.com/js/iframeResizer.min.js"></script>
<iframe src="https://www.paytr.com/odeme/guvenli/iframe_token" id="paytriframe" frameborder="0"
scrolling="no" style="width: 100%;"></iframe>
<script>iFrameResize({},'#paytriframe');</scriptIMPORTANT: Upon completion of the steps described above, the payment form should appear on the screen. This step concludes the part of the payment process which the user will interact with. HOWEVER; the integration is not yet complete. STEP 2 must be completed in order to receive the payment result (success / failed) and to confirm / cancel the order. To complete the integration, please see the document inside STEP 2 folder.
<!doctype html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<title>Sample Payment Form</title>
</head>
<body>
<div>
<h1>Sample Payment Form</h1>
<p>STEP 1 Sample Codes</p>
</div>
<br><br>
<div style="width: 100%;margin: 0 auto;display: table;">
<?php
$merchant_id = 'XXXXXX';
$merchant_key = 'YYYYYYYYYYYYYY';
$merchant_salt = 'ZZZZZZZZZZZZZZ';
$email = "XXXXXXXX";
$payment_amount = "";
$merchant_oid = "";
$user_name = "";
$user_address = "";
$user_phone = "";
$merchant_ok_url = "http://www.example.com/success.php";
$merchant_fail_url = "http://www.example.com/error.php";
$user_basket = "";
$user_basket = base64_encode(json_encode(array(
array("Sample Product 1", "18.00", 1),
array("Sample Product 2", "33.25", 2),
array("Sample Product 3", "45.42", 1)
)));
if( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
$ip = $_SERVER["HTTP_CLIENT_IP"];
} elseif( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
$user_ip=$ip;
$timeout_limit = "30";
$debug_on = 1;
$test_mode = 0;
$no_installment = 0;
$max_installment = 0;
$currency = "TL";
$hash_str = $merchant_id .$user_ip .$merchant_oid .$email .$payment_amount .$user_basket.$no_installment.$max_installment.$currency.$test_mode;
$paytr_token=base64_encode(hash_hmac('sha256',$hash_str.$merchant_salt,$merchant_key,true));
$post_vals=array(
'merchant_id'=>$merchant_id,
'user_ip'=>$user_ip,
'merchant_oid'=>$merchant_oid,
'email'=>$email,
'payment_amount'=>$payment_amount,
'paytr_token'=>$paytr_token,
'user_basket'=>$user_basket,
'debug_on'=>$debug_on,
'no_installment'=>$no_installment,
'max_installment'=>$max_installment,
'user_name'=>$user_name,
'user_address'=>$user_address,
'user_phone'=>$user_phone,
'merchant_ok_url'=>$merchant_ok_url,
'merchant_fail_url'=>$merchant_fail_url,
'timeout_limit'=>$timeout_limit,
'currency'=>$currency,
'test_mode'=>$test_mode
);
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.paytr.com/odeme/api/get-token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1) ;
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_vals);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
$result = @curl_exec($ch);
if(curl_errno($ch))
die("PAYTR IFRAME connection error. err:".curl_error($ch));
curl_close($ch);
$result=json_decode($result,1);
if($result['status']=='success')
$token=$result['token'];
else
die("PAYTR IFRAME failed. reason:".$result['reason']);
?>
<script src="https://www.paytr.com/js/iframeResizer.min.js"></script>
<iframe src="https://www.paytr.com/odeme/guvenli/<?php echo $token;?>" id="paytriframe" frameborder="0" scrolling="no" style="width: 100%;"></iframe>
<script>iFrameResize({},'#paytriframe');</script>
</div>
<br><br>
</body>
</html>
iFrame API Step 1 sample codes click to download.