Returning Payments Callback
After the transfer request you create from the returned payments, you receive a Success response, and your request to send from the account is received successfully by the PayTR system.The PayTR system will process your request in an average of 5 minutes, check the trans_info content you send, and make the transfers. If incorrect information is detected during the check, the relevant transaction is marked as unsuccessful. The resulting result is notified by POST to the address you defined as PayTR Mağaza Paneli > Ayarlar > Platform Transfer Sonucu Bildirim URL in JSON format. Please review the sample codes (paytr_back_donen_odeme_callback_example.php).
The result of each payment process (success or failed) will be sent separately to the Callback URL by PAYTR system. You can process according to the demand result by considering the result value contained in the incoming values.
POST REQUEST FIELDS AND VALUES sent to the Callback URL by the PayTR system:
| Field name |
Description |
Value |
| mode |
It comes with cashout value as constant |
cashout |
| hash |
It will be used in Hash control |
Example: wszlFsC7nrfCPvP77kdEzzE4smGdV4FWvDibKlXIpRM= |
| trans_id |
A unique value that you send to Paytr when making a request to send a returned payment from the account |
Example: 12345aaabbb |
| processed_result |
The values that you send to PayTR when making a request to send the returned payment from the account |
Example: [{\"amount\":484.48,\"receiver\":\"XYZ LTD STI\",\"iban\":\"TRXXXXXXXXXXXXXXXXXX\",\"result\":\"success\"}] |
| success_total |
Number of successfully transferred transactions (in processed_result,number of result:success) |
Example: 1 |
| failed_total |
Number of processes that receive an error (in processed_result,number of result:failed) |
Example: 0 |
| transfer_total |
Total amount of successfully transferred transactions |
Example: 484.48 |
| account_balance |
Your remaining sub-account balance after transfers |
Example: 75 |
The RESPONSE that the Callback URL gives to the PayTR system should be plain text OK.
Example (PHP): echo "OK";
Example (.NET): Response.Write("OK");
IMPORTANT NOTICES
-
You should not restrict access to your Callback URL by any means such as session control, etc. This is vital for the PayTR system to reach the page.
-
ou should not display HTML or any other content before or after the “OK” response.
-
Callback URL is not a page which users see during payment process, thus there will be no user SESSION at this page and no SESSION values can be used. PayTR system submits a POST which contains relevant information such as “merchant_oid”
-
It is crucial for security reasons to check that the hash value in POST is the same as the hash value that will be created using the related values in POST. This is necessary to ensure that the POST request comes from the PayTR system and the values do not change during transport. Be warned that if you do not check hash value, you may face financial losses.
<?php
$post = $_POST;
$merchant_key = 'YYYYYYYYYYYYYY';
$merchant_salt = 'ZZZZZZZZZZZZZZ';
$hash = base64_encode( hash_hmac('sha256', $post['merchant_id'].$post['trans_id'].$merchant_salt, $merchant_key, true) );
if( $hash != $post['hash'] )
die('PAYTR notification failed: bad hash');
$processed_result = json_decode($post['processed_result'],1);
foreach($processed_result as $trans)
{
}
echo "OK";
exit;
?>
# Python 3.6+
import base64
import hashlib
import hmac
import json
from django.shortcuts import render, HttpResponse
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def callback(request):
if request.method != 'POST':
return HttpResponse(str(''))
post = request.POST
merchant_key = b'YYYYYYYYYYYYYY'
merchant_salt = 'ZZZZZZZZZZZZZZ'
hash_str = post['merchant_id'] + post['trans_id'] + merchant_salt
hash = base64.b64encode(hmac.new(merchant_key, hash_str.encode(), hashlib.sha256).digest())
if hash != post['hash']:
return HttpResponse(str('PAYTR notification failed: bad hash'))
processed_result = json.loads(post['processed_result'])
for trans in processed_result:
print(trans)
return HttpResponse(str('OK'))
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Net.Mail;
using System.Web.UI;
using System.Web.UI.WebControls;
using Newtonsoft;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using System.IO;
public partial class paytr_geri_donen_odemeler_callback_ornek : System.Web.UI.Page {
string merchant_key = "AAAAAA";
string merchant_salt = "XXXXXXXXXXXXXXXX";
protected void Page_Load(object sender, EventArgs e)
{
string trans_id = Request.Form["trans_id"];
string merchant_id = Request.Form["merchant_id"];
string hash = Request.Form["hash"];
string processed_result = Request.Form["processed_result"];
string Birlestir = string.Concat(merchant_id, trans_id, merchant_salt);
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(merchant_key));
byte[] b = hmac.ComputeHash(Encoding.UTF8.GetBytes(Birlestir));
string token = Convert.ToBase64String(b);
if (hash.ToString() != token)
{
Response.Write("PAYTR notification failed: bad hash");
return;
}
dynamic dynJson = JsonConvert.DeserializeObject(processed_result);
foreach (var item in dynJson)
{
}
Response.Write("OK");
}
}
var request = require('request');
var crypto = require('crypto');
var express = require('express');
var app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
var merchant_id = 'XXXXXX';
var merchant_key = 'XXXXXXXXYYYYYYYY';
var merchant_salt = 'XXXXXXXXYYYYYYYY';
app.get("/list", function (req, res) {
var start_date = '2020-11-01 00:00:00';
var end_date = '2020-11-29 23:59:59';
var paytr_token = crypto.createHmac('sha256', merchant_key).update(merchant_id + start_date + end_date + merchant_salt).digest('base64');
var options = {
'method': 'POST',
'url': 'https://www.paytr.com/odeme/geri-donen-transfer',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
'merchant_id': merchant_id,
'start_date': start_date,
'end_date': end_date,
'paytr_token': paytr_token,
}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
var res_data = JSON.parse(body);
if (res_data.status == 'success') {
res.send(res_data);
} else {
console.log(response.body);
res.end(response.body);
}
});
});
app.get("/send", function (req, res) {
var trans_id = '';
var trans_info = [{
'amount': '1283',
'receiver': 'XYZ LTD ŞTİ',
'iban': 'TRXXXXXXXXXXXXXXXXXXXXX'
}];
var paytr_token = crypto.createHmac('sha256', merchant_key).update(merchant_id + trans_id + merchant_salt).digest('base64');
var options = {
'method': 'POST',
'url': 'https://www.paytr.com/odeme/hesaptan-gonder',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
'trans_info': JSON.stringify(trans_info),
'trans_id': trans_id,
'paytr_token': paytr_token,
'merchant_id': merchant_id,
}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
var res_data = JSON.parse(body);
if (res_data.status == 'success') {
res.send(response.body);
} else {
res.end(response.body);
}
});
});
app.post("/callback", function (req, res) {
var callback = req.body;
var paytr_token = crypto.createHmac('sha256', merchant_key).update(callback.merchant_id + callback.trans_id + merchant_salt).digest('base64');
if (paytr_token != callback.hash) {
throw new Error("PAYTR notification failed: bad hash");
}
var processed_result = JSON.parse(callback.processed_result);
for (const [key, value] of Object.entries(processed_result)) {
console.log(`${key}: ${value}`);
}
res.send("OK");
});
var port = 3200;
app.listen(port, function () {
console.log("Server is running. Port:" + port);
});