Getting Started with PayTR Link API Link API Callback

Link API Callback

When a successful payment is made on the payment link you have created, the result of the transaction is notified to the callbak_url you sent for that link in the Create Service.

NOTICE: If you have not set or do not want to specify callbak_url in the Create service, you do not need to do this integration.

NOTICE: PayTR just sends a request to the callback_url you created in the Create Service. This process has no relation with the Notification URL part in your store.

Values to be sent in POST REQUEST to your Notification URL defined for the link by the PayTR system:

Field Name	Description
hash	The hash value created for security purposes to check the accuracy of the values sent from the PayTR system. ( See the sample codes for the calculation.)
merchant_oid	Order reference number generated by PayTR.
status	If the payment is successful, it gets value as success. (In Link API, there is no callback for unsuccessful payments).
total_amount	Total amount charged from customer (The total amount multiplied by 100 is sent. 34.56 =>3456) (Not: For example, if the payment is made in installments, the amount will be different from payment_amount.)
payment_amount	It is the "payment_amount" value that you send in the 1st step.(The total amount multiplied by 100 is sent. 34.56 => 3456)
payment_type	This value indicates which payment method the customer used to pay. ( card, bex etc. )
currency	It indicates which currency is used for payment. (‘TL’, ‘USD’, ‘EUR’, ‘GBP’, ‘RUB’)
callback_id	Callback_id from create service
merchant_id	Your PayTR merchant number.
test_mode	If your merchant is in test mode, it returns as 1

When PayTR sends a request to your notification URL, you only need to return an OK response in plain text format.

Example: (PHP): echo "OK";

Example: (.NET): Response.Write("OK");

IMPORTANT WARNINGS:

You should not restrict access to your Callback URL by any means such as session control, etc. This is vital for the PayTR system to reach the page.
You should not display HTML or any other content before or after the “OK” response.
Callback URL is not a page which users see during payment process, thus there will be no user SESSION at this page and no SESSION values can be used. PayTR system submits a POST which contains relevant information such as callback_id.
For payments which the PayTR system does not receive an OK response from the Callback URL, the status will be displayed as "In Progress" (Devam Ediyor) on the Transactions (İşlemler) page on the Merchant Panel.
When the PayTR system can not connect to the Callback URL or does not receive the OK response from the Callback URL, PayTR system will try again after a minute. This may happen due to network issues, instant overloads on merchant stystems, etc. Thus, multiple notifications for the same payment transaction can be received on Callback URL. For this reason, in such cases, it is very important that recurring notifications should be handled correctly on Callback URL. Only the first notification should be taken into account to approve/cancel the order and the recurring ones should only be responded to by displaying OK. Recurring notifications should be checked based on callback value.

6.It is crucial for security reasons to check that the hash value in POST is the same as the hash value that will be created using the related values in POST. This is necessary to ensure that the POST request comes from the PayTR system and the values do not change during transport. Be warned that if you do not check hash value, you may face financial losses.

If the status of test payment is displayed as "Successful" (Başarılı) on the Transactions (İşlemler) page on PayTR Merchant Panel (Mağaza Paneli), the PayTR integration is complete.

If the status of test payment is displayed as "In Progress" (Devam Ediyor), it means that the PayTR system has not received "OK" response from the Callback URL. Click on the "Detail" (Detay) link of the test payment on the Transactions page and check what response PayTR system receives from the Callback URL to debug.

IMPORTANT NOTICE: Your notification URL is in the Paytr Merchant Panel > Settings > Notification URL settings section, if your site has SSL, you must set the notification URL protocol to HTTPS. If you do not have an SSL certificate, never use HTTPS links. If you have installed SSL on your site after Paytr integration, go to the Notification URL Settings section and change the protocol to HTTPS and save it. If you revoke the SSL certificate on your site after installation, go to the Notification URL Settings section and change the protocol to HTTP and save it.

<?php

    $post = $_POST;

    $merchant_key   = 'XXXXXXXXXXXXXXXX';
    $merchant_salt  = 'XXXXXXXXXXXXXXXX';

    $hash = base64_encode( hash_hmac('sha256', $post['callback_id'].$post['merchant_oid'].$merchant_salt.$post['status'].$post['total_amount'], $merchant_key, true) );

    if( $hash != $post['hash'] )
        die('PAYTR notification failed: bad hash');

    if( $post['status'] == 'success' ) { 

    } else {

    }

    echo "OK";
    exit;

# Python 3.6+

import base64
import hashlib
import hmac
import json

from django.shortcuts import render, HttpResponse
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def callback(request):
    if request.method != 'POST':
        return HttpResponse(str(''))

    post = request.POST

    merchant_key = b'XXXXXXXXXXXXXXXX'
    merchant_salt = 'XXXXXXXXXXXXXXXX'

    hash_str = post['callback_id'] + post['merchant_oid'] + merchant_salt + post['status'] + post['total_amount']
    hash = base64.b64encode(hmac.new(merchant_key, hash_str.encode(), hashlib.sha256).digest())

    if hash != post['hash']:
        return HttpResponse(str('PAYTR notification failed: bad hash'))

    BURADA YAPILMASI GEREKENLER
    1) Ödeme durumunu post['callback_id'] değerini kullanarak veri tabanınızdan sorgulayın.
    2) Eğer ödeme zaten daha önceden onaylandıysa (callback size ulaştıysa) sadece 'OK' yaparak akışı sonlandırın.
    Ödeme durum sorgulama örnek
    durum = SQL

    if(durum == 'onay'){
         return HttpResponse(str('OK'))

    if post['status'] == 'success':

    else:

    return HttpResponse(str('OK'))

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Net.Mail;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class paytr_link_api_callback : System.Web.UI.Page
{

    string merchant_key = "XXXXXXXXXXXXXXXXXXXXXXXXXX";
    string merchant_salt = "YYYYYYYYYYYYYYYYYYYYYYYYY";

    protected void Page_Load(object sender, EventArgs e)
    {

        string callback_id = Request.Form["callback_id"];
        string merchant_oid = Request.Form["merchant_oid"];
        string status = Request.Form["status"];
        string total_amount = Request.Form["total_amount"];
        string hash = Request.Form["hash"];

        string Birlestir = string.Concat(callback_id, merchant_oid, merchant_salt, status, total_amount);
        HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(merchant_key));
        byte[] b = hmac.ComputeHash(Encoding.UTF8.GetBytes(Birlestir));
        string token = Convert.ToBase64String(b);

        if (hash.ToString() != token)
        {
            Response.Write("PAYTR notification failed: bad hash");
            return;
        }

        if (status == "success")
        { 

        }
        else
        { 

        }

        Response.Write("OK");
    }
}

var crypto = require('crypto');
var express = require('express');
var app = express();
var request = require('request');

app.use(express.json());
app.use(express.urlencoded({ extended: true }));

var merchant_id = 'AAAAAA';
var merchant_key = 'XXXXXXXXXXXXXXXX';
var merchant_salt = 'XXXXXXXXXXXXXXXX';

app.get("/create", function (req, res) {

    var name = 'Örnek Ürün / Hizmet Adı';
    var price = '1445'; 
    var currency = 'TL'; 
    var max_installment = '12'; 

    var link_type = 'product';
    var lang = 'tr'; 
    var required = name + price + currency + max_installment + link_type + lang;
    var email = '';
    var min_count = '';
    if (link_type == 'product') {
        min_count = '1';

        required += min_count;
    } else {
        (link_type == 'collection')
        email = 'test@example.com';

        required += email;
    }

    var max_count = '1';

    var expiry_date = '2021-06-23 17:00:00';

    var callback_link = '';

    var callback_id = '';

    var debug_on = '1'; 

    var paytr_token = crypto.createHmac('sha256', merchant_key).update(required + merchant_salt).digest('base64');

    var options = {
        'method': 'POST',
        'url': 'https://www.paytr.com/odeme/api/link/create',
        'headers': {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        form: {
            'merchant_id': merchant_id,
            'name': name,
            'price': price,
            'currency': currency,
            'max_installment': max_installment,
            'link_type': link_type,
            'lang': lang,
            'min_count': min_count,
            'email': email,
            'expiry_date': expiry_date,
            'max_count': max_count,
            'callback_link': callback_link,
            'callback_id': callback_id,
            'debug_on': debug_on,
            'paytr_token': paytr_token,
        }
    };

    request(options, function (error, response, body) {
        if (error) throw new Error(error);
        var res_data = JSON.parse(body);

        if (res_data.status == 'success') {
            res.send(body);
        } else {

            res.end(body);
        }

    });

});

app.get("/delete", function (req, res) {

    var id = 'XXXX'; 
    var debug_on = '1'; 

    var paytr_token = crypto.createHmac('sha256', merchant_key).update(id + merchant_id + merchant_salt).digest('base64');

    var options = {
        'method': 'POST',
        'url': 'https://www.paytr.com/odeme/api/link/delete',
        'headers': {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        form: {
            'merchant_id': merchant_id,
            'id': id,
            'debug_on': debug_on,
            'paytr_token': paytr_token,
        }
    };

    request(options, function (error, response, body) {
        if (error) throw new Error(error);
        var res_data = JSON.parse(body);

        if (res_data.status == 'success') {
            res.send(response.body);

        } else {
            console.log(response.body);
            res.end(response.body);
        }

    });

});

app.get("/sendsms", function (req, res) {

    var id = 'XXXX';  
    var cell_phone = '05555555555'; 
    var debug_on = '1'; 

    var paytr_token = crypto.createHmac('sha256', merchant_key).update(id + merchant_id + cell_phone + merchant_salt).digest('base64');

    var options = {
        'method': 'POST',
        'url': 'https://www.paytr.com/odeme/api/link/send-sms',
        'headers': {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        form: {
            'merchant_id': merchant_id,
            'id': id,
            'cell_phone': cell_phone,
            'debug_on': debug_on,
            'paytr_token': paytr_token,
        }
    };

    request(options, function (error, response, body) {
        if (error) throw new Error(error);
        var res_data = JSON.parse(body);

        if (res_data.status == 'success') {
            res.send(response.body);

        } else {
            console.log(response.body);
            res.end(response.body);
        }

    });

});

app.get("/sendmail", function (req, res) {

    var id = 'XXXX'; 
    var email = ''; 
    var debug_on = '1'; 

    var paytr_token = crypto.createHmac('sha256', merchant_key).update(id + merchant_id + email + merchant_salt).digest('base64');

    var options = {
        'method': 'POST',
        'url': 'https://www.paytr.com/odeme/api/link/send-email',
        'headers': {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        form: {
            'merchant_id': merchant_id,
            'id': id,
            'email': email,
            'debug_on': debug_on,
            'paytr_token': paytr_token,
        }
    };

    request(options, function (error, response, body) {
        if (error) throw new Error(error);
        var res_data = JSON.parse(body);

        if (res_data.status == 'success') {
            res.send(response.body);

        } else {
            console.log(response.body);
            res.end(response.body);
        }

    });

});

app.post("/callback", function (req, res) {
    var callback = req.body;

    token = callback.id + callback.merchant_oid + merchant_salt + callback.status + callback.total_amount;
    var paytr_token = crypto.createHmac('sha256', merchant_key).update(token).digest('base64');

    if (paytr_token != callback.hash) {
        throw new Error("PAYTR notification failed: bad hash");
    }

    if (callback.status == 'success') {

    } else {

    }

    res.send('OK');

});

var port = 3200;
app.listen(port, function () {
    console.log("Server is running. Port:" + port);
});

For Link API Callback service sample codes Click to download.