Receiving Transfer Instruction Results (Optional)
PAYTR system informs the URL determined by the Merchant after the transfer operations are concluded.
Request (REQUEST) URL: Platform Transfer Result Notification URL (Must be entered by the Merchant
on the Merchant Panel > Settings page)
Values to be sent in POST REQUEST:
| Field Name / Type |
Description |
Mandatory |
Limitations & Notes |
| trans_id |
JSON string containing the trans_id values you specified in the transfer request |
Yes |
- |
| merchant_salt |
A value specific to your store, which you can access through the PayTR Merchant Panel > Information page. |
Yes |
- |
| merchant_key |
A value specific to your store, which you can access through the PayTR Merchant Panel > Information page. |
Yes |
- |
Values to be sent in POST REQUEST:
| Field Name / Type |
Token |
Mandatory |
Description |
Limitations & Notes |
| trans_ids (JSON string) |
Yes |
Yes |
JSON string containing the trans_id values you specified in the transfer request |
|
| hash (string) |
No |
Yes |
paytr_token: The value created to make sure that the request comes from PAYTR and that the content has not changed |
Please check the sample codes for calculation and control |
Example POST:
[hash] => Of0/yvgTii/+lGD3o+J0u8xXriVqlPIrvsZsv4cLhM4=
[trans_ids] => ["dcbbe0b9fd25154d73c","dc8c509efc6450d30","9310d84d3bf"]
Response (RESPONSE):
You need to respond with OK to the request you will receive on your screen from PAYTR. If this response is
not received, the request will be repeated.
<?php
$post = $_POST;
$merchant_key = 'YYYYYYYYYYYYYY';
$merchant_salt = 'ZZZZZZZZZZZZZZ';
$post["trans_ids"]=str_replace("\\", "", $post["trans_ids"]);
$hash = base64_encode( hash_hmac('sha256', $post['trans_ids'].$merchant_salt, $merchant_key, true) );
if( $hash != $post['hash'] )
die('PAYTR notification failed: bad hash');
$trans_ids = json_decode($post['trans_ids'],1);
foreach($trans_ids as $trans_id)
{
}
echo "OK";
exit;
?>
# Python 3.6+
import base64
import hashlib
import hmac
import json
from django.shortcuts import render, HttpResponse
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def callback(request):
if request.method != 'POST':
return HttpResponse(str(''))
post = request.POST
merchant_key = b'YYYYYYYYYYYYYY'
merchant_salt = 'ZZZZZZZZZZZZZZ'
post['trans_ids'] = post['trans_ids'].replace('\\', '')
hash_str = post['trans_ids'] + merchant_salt
hash = base64.b64encode(hmac.new(merchant_key, hash_str.encode(), hashlib.sha256).digest())
if hash != post['hash']:
return HttpResponse(str('PAYTR notification failed: bad hash'))
trans_ids = json.loads(post['trans_ids'])
for ids in trans_ids:
print(ids)
return HttpResponse(str('OK'))
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Net.Mail;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class transfer_sonucu_ornek : System.Web.UI.Page {
string merchant_key = "YYYYYYYY";
string merchant_salt = "ZZZZZZZZ";
protected void Page_Load(object sender, EventArgs e) {
string trans_ids = Request.Form["trans_ids"];
string hash = Request.Form["hash"];
trans_ids = trans_ids.Replace(@"\","");
string Birlestir = string.Concat(trans_ids, merchant_salt);
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(merchant_key));
byte[] b = hmac.ComputeHash(Encoding.UTF8.GetBytes(Birlestir));
string token = Convert.ToBase64String(b);
if (hash.ToString() != token) {
Response.Write("PAYTR notification failed: bad hash");
return;
}
dynamic dynJson = JsonConvert.DeserializeObject(trans_ids);
foreach (var item in dynJson)
{
}
Response.Write("OK");
}
}
var request = require('request');
var crypto = require('crypto');
var express = require('express');
var app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
var merchant_id = 'MAGAZA_NO';
var merchant_key = 'XXXXXXXXXXX';
var merchant_salt = 'YYYYYYYYYYY';
app.get("/send", function (req, res) {
var merchant_oid = '';
var trans_id = '';
var submerchant_amount = '';
var total_amount = '';
var transfer_name = '';
var transfer_iban = '';
var hash_str = merchant_id + merchant_oid + trans_id + submerchant_amount + total_amount + transfer_name + transfer_iban;
var paytr_token = crypto.createHmac('sha256', merchant_key).update(hash_str + merchant_salt).digest('base64');
var options = {
'method': 'POST',
'url': 'https://www.paytr.com/odeme/platform/transfer',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
'merchant_id': merchant_id,
'merchant_oid': merchant_oid,
'trans_id': trans_id,
'submerchant_amount': submerchant_amount,
'total_amount': total_amount,
'transfer_name': transfer_name,
'transfer_iban': transfer_iban,
'paytr_token': paytr_token,
}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
var res_data = JSON.parse(body);
if (res_data.status == 'success') {
res.send(res_data);
} else {
res.end(response.body);
}
});
});
app.post("/callback", function (req, res) {
var callback = req.body;
var trans_ids = callback.trans_ids;
var trans_ids = trans_ids.replace('\\', '');
var paytr_token = crypto.createHmac('sha256', merchant_key).update(trans_ids + merchant_salt).digest('base64');
if (paytr_token != callback.hash) {
throw new Error("PAYTR notification failed: bad hash");
}
var processed_result = JSON.parse(trans_ids);
console.log(processed_result);
res.send("OK");
});
var port = 3200;
app.listen(port, function () {
console.log("Server is running. Port:" + port);
});