iFrame API Step 1

1- Send the information specified in the table to the POST to related URL so that it can be found when the iFrame requests a Token: https://www.paytr.com/odeme/api/get-token
This request occurs in the background (server-side) using the POST method.


Value/Type Mandatory Token Description Limitation
merchant_id(string) Yes Yes Merchant ID: Your Merchant ID (Mağaza no) provided by PayTR
user_ip (string) Yes Yes User ip: User IP received during the request (Important: Make sure you send the external IP address when you run tests on your local machine) Up to 39 characters (ipv4)
merchant_oid(string) Yes Yes Merchant order id: The unique order id you set for the transaction. (Note: Order number is posted back within callback notification - on STEP 2) Up to 64 characters, Alpha numeric
email (string) Yes Yes User email address: The email address which; a) the user registered with on your system b) or you received via the order form Up to 100 characters
payment_amount(integer) Yes Yes Payment amount: The total amount of the order. (Multiply the amount by 100) *For example, 3456 should be sent for 34.56 (34.56 100 = 3456)**
currency(string) Evet Evet Currency TL (or TRY), EUR, USD, GBP, RUB (TL is assumed if not sent)
user_basket(string) Yes Yes User basket/order contents Please check the sample codes for structure
no_installment(int) Yes Yes Do not display the installment option: If you send as 1, the installment options are not displayed (example usage: installment ban for mobile phone sales) 0 veya 1
max_installment(int) Yes Yes Maximum number of installments: Specifies the maximum number of installments to be displayed (example usage: up to 4 installments is allowed for jewellery expenditures) 0,2,3,4,5,6,7,8,9,10,11,12 If zero (0) is sent, the maximum available installment number is used
paytr_token(string) Yes No Paytr_token: It is used to ensure that the request comes from you and the content did not change Please check the sample codes for calculation
user_name(string) Yes No User name and surname: First and last name of the user that you have on your system or received via the order form Up to 60 characters
user_address(string) Yes No User address: The address of the user that you have on your system or received via the order form Up to 400 characters
user_phone(string) Yes No User phone number: The phone number of the user that you have on your system or received via the order form Up to 20 characters
merchant_ok_url Yes No The page the user will be redirected to after successful payment (e.g. Order status / my orders page) (Warning: the payment may not have been approved yet when the user reaches this page) Up to 400 characters
merchant_fail_url Yes No The page that the user will be redirected to if something unexpected occurs Up to 400 characters
test_mode No Yes Mağaza canlı modda iken test işlem yapmak için 1 olarak gönderilebilir 0 veya 1
debug_on (int) No No Display errors: If the value is 1, when wrong or incomplete information is transmitted to the API, error message is displayed on the page 0 or 1 (Be sure to send 1 to detect errors during the integration and testing process)
timeout_limit(int) No No If a value other than zero is sent, payment must be completed within that time. (e.g. You can use it for security purposes in case of price updates etc.) In minutes (30 minutes is assumed if not sent)
lang(string) No No Language to be used on pages during payment process tr for Turkish or en for English (tr is assumed if not sent)

The response to the iframe_token request is in JSON format:

- Successful response example: (includes iframe_token)
- Successful response example: (includes iframe_token)

The following HTML code block should be used to open the payment form. The iframe_token received in the successful response (explained above) is used in “src” attribute of iFrame.

<script src="https://www.paytr.com/js/iframeResizer.min.js"></script> 
<iframe src="https://www.paytr.com/odeme/guvenli/iframe_token" id="paytriframe" frameborder="0"
scrolling="no" style="width: 100%;"></iframe>

IMPORTANT: Upon completion of the steps described above, the payment form should appear on the screen. This step concludes the part of the payment process which the user will interact with. HOWEVER; the integration is not yet complete. STEP 2 must be completed in order to receive the payment result (success / failed) and to confirm / cancel the order. To complete the integration, please see the document inside STEP 2 folder.

<!doctype html>
<html lang="tr">
    <meta charset="UTF-8">
    <title>Sample Payment Form</title>

    <h1>Sample Payment Form</h1>
    <p>STEP 1 Sample Codes</p>

<div style="width: 100%;margin: 0 auto;display: table;">


    $merchant_id    = 'XXXXXX';
    $merchant_key   = 'YYYYYYYYYYYYYY';
    $merchant_salt  = 'ZZZZZZZZZZZZZZ';

    $email = "XXXXXXXX";
    $payment_amount = "";
    $merchant_oid = "";
    $user_name = "";
    $user_address = "";
    $user_phone = "";
    $merchant_ok_url = "http://www.example.com/success.php";
    $merchant_fail_url = "http://www.example.com/error.php";
    $user_basket = "";

    $user_basket = base64_encode(json_encode(array(
        array("Sample Product 1", "18.00", 1), 
        array("Sample Product 2", "33.25", 2), 
        array("Sample Product 3", "45.42", 1)  

    if( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
        $ip = $_SERVER["HTTP_CLIENT_IP"];
    } elseif( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
        $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
    } else {
        $ip = $_SERVER["REMOTE_ADDR"];

    $timeout_limit = "30";
    $debug_on = 1;
    $test_mode = 0;
    $no_installment = 0; 
    $max_installment = 0;
    $currency = "TL";

    $hash_str = $merchant_id .$user_ip .$merchant_oid .$email .$payment_amount .$user_basket.$no_installment.$max_installment.$currency.$test_mode;

    curl_setopt($ch, CURLOPT_URL, "https://www.paytr.com/odeme/api/get-token");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1) ;
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_vals);
    curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 20);

    $result = @curl_exec($ch);

        die("PAYTR IFRAME connection error. err:".curl_error($ch));



        die("PAYTR IFRAME failed. reason:".$result['reason']);


  <script src="https://www.paytr.com/js/iframeResizer.min.js"></script>
  <iframe src="https://www.paytr.com/odeme/guvenli/<?php echo $token;?>" id="paytriframe" frameborder="0" scrolling="no" style="width: 100%;"></iframe>



iFrame API Step 1 sample codes click to download.