-
Multi Bank Virtual POS
Multi Bank Virtual POS
3D Pre Authorization General Concepts
It ensures that the balance on the card is blocked for the amount specified for the 3d payment to be realized via Tami. The transaction is first initiated from the 3d verification step. After successful 3d verification, a real pre-authorization process is performed in the 3d completion step.
In the pre-authorization process, the amount is blocked from the card. With the pre-authorization closing process, the payment is taken from the card.
Test/Prod Envirenement API User Information
For Virtual POS transactions, merchants can use the merchant information given in the table below for the controls they want to perform in the test environment.
For Virtual POS transactions to be realized from the prod environment via Tami, the merchant number is obtained by making an application.
You can access the Sandbox test portal at https://sandbox-portal.tami.com.tr. When you log in to the test portal with the users provided below, the transactions made by the workplace connected to this user can be viewed. Transactions can be canceled/refunded.
| User Phone Number | User Password | Sms / Email Otp | Workplace Number | Terminal Number | Secret Key |
|---|---|---|---|---|---|
| 5346484700 | 147850 | 147852 | 77006950 | 84006953 | 0edad05a-7ea7-40f1-a80c-d600121ca51b |
| 5346484709 | 147850 | 147852 | 77006951 | 84006954 | c8581bb6-a4b2-4925-8c94-529fc651399e |
| 5346484803 | 147850 | 147852 | 77006952 | 84006955 | ff7d4895-0c32-4f48-86ab-fb9ecca9f3d7 |
| 5346484807 | 147850 | 147852 | 77006953 | 84006956 | 33124ff0-0b19-4cf9-b002-13a35eae865b |
| 5346484800 | 147850 | 147852 | 77006954 | 84006957 | 7daf9631-e136-4164-9ddb-dd1c02df851d |
| 5346484808 | 147850 | 147852 | 77006956 | 84006959 | fe6f3fff-0434-4932-a27d-bb3dac9de49d |
Hash Calculation
The request sent for many transaction types should include the PG-Auth-Token in the header information. The PG-Auth-Token consists of the values "MerchantNumber:TerminalNumber:Hash".
When calculating the hash here, the merchantNumber, terminalNumber, and secretKey information belonging to the merchant are hashed with sha256 and converted to a string.
public class SHA256Example {\n public static String sha256(Long merchantNumber, Long terminalNumber, String secretKey) {\n String text = merchantNumber.toString() + terminalNumber.toString() + secretKey;\n try {\n MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n byte[] hash = digest.digest(text.getBytes(StandardCharsets.UTF_8));\n String sha256Hex = DatatypeConverter.printBase64Binary(hash);\n return sha256Hex;\n } catch (NoSuchAlgorithmException e) {\n e.printStackTrace();\n return null;\n }\n }\n}
TAMİ Test Portal Information
You can access the Tami test portal at https://sandbox-portal.tami.com.tr. From this address, you can view the portal screen with the users specified above.
For your production environment information you can become a member at https://portal.tami.com.tr or You can apply to the e-commerce support unit.
3D Pre Authorization API Informations
In test environment, the "https://sandbox-paymentapi.tami.com.tr/payment/pre-auth" URL will be used.
In production environment, the "https://paymentapi.tami.com.tr/payment/pre-auth" URL will be used.
Request Parameters and Descriptions
The request structure required for Virtual POS Cash/Installment Sales transactions without 3D is indicated in the table below. The information and explanations in the request message should be examined, and the request message should be provided according to the rules specified in this table:
| Field | Format | Maximum Size | (O)ptional/(C)onditional/(M)andatory | Description |
|---|---|---|---|---|
| orderId | String | (2-36) | M | The payment request is a singular communication information used in the interaction between Tami-customer. For the merchant and POS pair, this value must be singular. |
| amount | Decimal | M | The amount is the transaction. The fractional separator must be a period (.). | |
| currency | String | 3 | M | Specifies the currency code of the transaction. Example: TRY should be sent for TL. |
| installmentCount | Number | M | This is the installment information of the desired transaction. For cash transactions, 1 must be sent. Sending 0 is not accepted. | |
| paymentGroup | String | M | Payment group, default PRODUCT should be forwarded | |
| paymentChannel | enum | O | Payment channel. Valid values are provided in the enum: WEB, MOBILE, MOBILE_WEB, MOBILE_IOS, MOBILE_ANDROID, MOBILE_WINDOWS, MOBILE_TABLET, MOBILE_PHONE | |
| callbackUrl | String | C | If a transaction is desired to be carried out in 3D, it must be sent. The address to which the 3D verification result will be returned is the address associated with the merchant. | |
| card | Object | M | ||
| cvv | String | M | The security code of the card from which the payment will be taken. | |
| expireMonth | Number | (1-12) | M | Expiration date and month of the card from which the payment will be taken. |
| expireYear | Number | 4 | M | The expiration date and year of the card from which the payment will be taken. |
| holderName | String | 30 | M | Name and surname of the cardholder from whom the payment will be received. |
| number | String | (5-35) | M | The card number from which the payment will be received. |
| billingAddress | Object | O | ||
| address | String | 400 | O | Billing address information on the merchant side. |
| emailAddress | String | O | E-mail information of the merchant | |
| city | String | 30 | O | Billing address city information on the merchant side. |
| companyName | String | 100 | O | Trade name information of the merchant. |
| country | String | 50 | O | Country of the billing address on the merchant side. |
| contactName | String | 30 | O | Billing address, name and surname information on the merchant side. |
| phone | String | O | GSM number of the buyer on the merchant side. | |
| zipCode | String | 15 | O | Postal code of the billing address on the merchant side. |
| district | String | 50 | O | Neighborhood information of the billing address on the merchant side. |
| shippingAddress | Object | O | ||
| address | String | 400 | O | Delivery address information on the merchant side. |
| emailAddress | String | O | E-mail information of the merchant | |
| city | String | 30 | O | Delivery address city information on the merchant side. |
| country | String | 50 | O | Delivery address country information on the merchant side. |
| contactName | String | 30 | O | Delivery address, name and surname information on the merchant side. |
| zipCode | String | 15 | O | Postal code information of the delivery address on the merchant side. |
| district | String | 50 | O | Delivery address neighborhood information on the merchant side. |
| buyer | Object | M | Contains information about the buyer on the merchant side | |
| ipAddress | String | M | It is the IP address of the buyer on the merchant side. The real IP address of the recipient must be transmitted. | |
| buyerId | String | 50 | M | The buyer's id on the merchant side. |
| name | String | 30 | M | Name of the buyer on the merchant side. |
| surName | String | 30 | M | Last name of the buyer on the merchant side. Buyer object is an optional field, but if any field from the buyer object is sent, surname is required. |
| identityNumber | String | 11 | O | Identification number of the buyer on the merchant side. |
| city | String | 50 | O | City information of the recipient on the merchant side. |
| country | String | 50 | O | Country information of the buyer on the merchant side. |
| emailAddress | String | M | The e-mail information of the recipient on the merchant side. The e-mail address must be a valid and accessible address of the recipient. | |
| phoneNumber | String | M | The GSM number of the buyer on the merchant side. | |
| registrationAddress | String | 400 | O | Recipient's registration address on the merchant side. |
| zipCode | String | 15 | O | Postal code of the recipient on the merchant side. |
| registrationDate | Date | O | Recording date of the buyer on the merchant side. The date format should be 2015-09-17 23:45:06. | |
| lastLoginDate | Date | O | Last receipt date for the merchant-side buyer. The date format should be 2015-09-17 23:45:06. | |
| basket | O | |||
| basketId | String | 50 | C | The id of the basket on the merchant side. If an item is sent in the basket, it is mandatory to send basketId. |
| basket/basketItems | List | 0 | ||
| itemId | String | 50 | C | The id of the product in the basket on the merchant side. If the item is transmitted in the basket, it is mandatory to send itemId. |
| itemType | String | 50 | C | The type of the product in the cart at the merchant. Valid enum values: PHYSICAL and VIRTUAL. If an item is sent in the basket, the itemType must be sent. |
| name | String | 50 | C | The name of the product in the basket on the merchant side. If the item is sent in the basket, it is mandatory to send the name. |
| category | String | 50 | O | The category of the product in the cart on the merchant side. |
| subCategory | String | 100 | O | Subcategory of the product in the cart on the merchant side. |
| unitPrice | Decimal | min 0.0 | O | The single amount of the product in the basket on the merchant side. |
| totalPrice | Decimal | min 0.0 | C | The total amount of the product in the basket on the merchant side. It cannot be 0 and less than 0, the sum of the amounts must be equal to the basket amount. If an item is sent in the basket, totalPrice must be sent. Unitprice * numberOfProducts = totalPrice |
| numberOfProducts | Number | 1-99999 | O | The number of products in the basket on the merchant side. |
| securityHash | String | M | It is the value expected to be calculated and transmitted according in the document. If it is missing or incorrect, the transaction is not routed to the bank, an error is given. |
3D Pre Authorization API Request Example
{\n \"amount\": 15,\n \"orderId\": \"order\",\n \"currency\": \"TRY\",\n \"installmentCount\": 1,\n \"card\": {\n \"holderName\": \"Kemal Sunal\",\n \"cvv\": \"\",\n \"expireMonth\": 4,\n \"expireYear\": 2026,\n \"number\": \"4824910501747014\"\n },\n \"billingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"SirketAdı\",\n \"country\": \"Türkiye\",\n \"district\": \"Bebek Mah.\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05364604016\",\n \"zipCode\": \"343400\"\n },\n \"shippingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"SirketAdı\",\n \"country\": \"Türkiye\",\n \"district\": \"Levent\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05346484777\",\n \"zipCode\": \"3434221\"\n },\n \"buyer\": {\n \"ipAddress\": \"192.168.1.70\",\n \"buyerId\": \"678654\",\n \"name\": \"Adı\",\n \"surName\": \"Soyadı\",\n \"identityNumber\": 28629160374,\n \"city\": \"İstanbul\",\n \"country\": \"Türkiye\",\n \"zipCode\": \"348222\",\n \"emailAddress\": \"email@email.com\",\n \"phoneNumber\": \"05364609963\",\n \"registrationAddress\": \"Ortaköy Mah. Ulus Sok. Beşiktaş\",\n \"lastLoginDate\": \"2022-11-05T13:39:11.332\",\n \"registrationDate\": \"2022-10-11T12:59:11.332\"\n },\n \"basket\": {\n \"basketId\": \"6489494\",\n \"basketItems\": [\n {\n \"itemId\": \"7448\",\n \"name\": \"basketname1\",\n \"itemType\": \"PHYSICAL\",\n \"numberOfProducts\": 1,\n \"totalPrice\": 15,\n \"unitPrice\": 15\n }\n ]\n },\n \"paymentGroup\": \"PRODUCT\",\n \"callbackUrl\": \"https://gbtunelemulator-d.fw.garantibbva.com.tr/secure3d\", \n \"securityHash\": \"647494994F8494H94894849K849==\"\n}
3D Pre Authorization API Response Example
{\n \"success\": true,\n \"systemTime\": \"2024-03-20T09:47:35.290917608\",\n \"correlationId\": \"correlation4584\",\n \"orderId\": \"order\",\n \"securityHash\": \"68493Gedy8F9302HH94040==\",\n \"amount\": 15,\n \"currency\": \"TRY\",\n \"installmentCount\": 1,\n \"card\": {\n \"binNumber\": \"48249105\",\n \"maskedNumber\": \"4824-9105-xxxx-xx14\",\n \"cardBrand\": \"Garanti\",\n \"cardOrganization\": \"VISA\",\n \"cardType\": \"CREDIT\"\n }\n}
3D Pre Authorization API Response Parameters and Descriptions
| Parametre Adı | Format | Açıklama |
|---|---|---|
| success | String | If true, the sale is successful, if false, an error was received. error details are shared in error code and error message fields |
| systemTime | DateTime | Transaction date |
| correlationId | String | Transaction number |
| orderId | String | Order number |
| amount | Number | Transaction amount |
| currency | String | Transaction currency |
| card/binNumber | String | First 8 digits of the card |
| card/maskedNumber | String | Masked card trick |
| card/cardBrand | String | Card brand |
| card/cardOrganization | String | Card organization |
| card/cardType | String | Card type |
| threeDSHtmlContent | Integer | 3d doğrulama sayfasına yönlendirecek html content bilgisidir. Content içeriği base 64'te decode edilerek Html elde edilir. |
| errorCode | String | Error code |
| errorMessage | String | Error message |
| securityHash | String | The value to be used to determine that the result of the operation comes from the correct source. The documentation describes how to calculate it. |
3D Verification
The bank's 3d verification screen will be displayed with the HTML data obtained as a result of 3D Pre-Authorization initiation. After the cardholder enters the password received on their mobile phone, they will be automatically redirected to the address you specified in the callbackUrl parameter. Tami will post the following values to this address.
When the 3D verification result is successful, the card has not yet been charged. When the succes field returned in the response is true, you can proceed to the next 3D sales transaction completion step to convert the transaction to payment. If the 3D sales transaction is not completed, the card will not be charged.
3D Verification Response Parameters and Descriptions
| Field | Format | Description |
|---|---|---|
| cardBrand | String | Card brand |
| cardOrganization | String | Card organization |
| cardType | String | Card type |
| currencyCode | String | Transaction Currency |
| hashedData | String | Value to be used to check the accuracy of the information returned in the answer |
| installmentCount | Number | Number of Transaction Installments |
| maskedNumber | Number | Card number as masked |
| mdStatus | String | It is the mdStatus value returned for informational purposes. It can return 1 for successful cases and 0, 2, 3, 4, 4, 5, 5, 6, 7, 8 for unsuccessful cases. |
| orderId | String | Order number |
| success | String | Reports the result of the 3d verification process. Returns true if the operation is successful, false if the operation is failed |
| systemTime | DateTime | Transaction date |
| txnAmount | Number | Transaction amount |
In case the Success field returned in the 3D Validation response is false, the table below will help with the cause of the error.
| mdStatus | Description |
|---|---|
| mdStatus =0 | 3D Secure signature or verification invalid |
| mdStatus =2 | Cardholder or bank not registered in the system |
| mdStatus =3 | The bank of the card is not registered in the system |
| mdStatus =4 | Verification attempt, cardholder chose to register later in the system |
| mdStatus =5 | Unable to verify |
| mdStatus =6 | 3D Secure error |
| mdStatus =7 | System error |
| mdStatus =8 | Unknown card no |
HashedData Calculation
To verify that the information returned in the 3D Verification response is from the correct source, you can calculate hashedData according to the fields below and compare it with this information in the response. SecretKey is different for each pos belonging to the merchant.
When calculating HashedData, a data is created by bringing all the following parameters side by side in the given order. The secretKey of the merchant is hashed with HMAC sha256 and secretKeySpec is obtained. Two data are sorted in the format specified in the generator below. Base 64 is encrypted and encrypted hashedData is obtained.
NOTE: In advance transactions, "InstallmentCount" is expected to be sent as 1. This information is added to the hashedData.
Parameters used in HashedData calculation;
cardOrg+cardBrand+cardType+maskedNumber+installmentCount+currency+originalAmount+orderID+systemTime+status (success field)
The generator to be used in HashedData calculation is given below;
public static String responseHashGenerate(String systemTime, String status, String maskedNumber, Order order,\n String secretKey) {\n\n String data = order.getCardOrg() + order.getCardBrand() + order.getCardType() +\n maskedNumber + order.getInstallmentCount() + order.getCurrency() +\n order.getOriginalAmount() + order.getOrderId() + systemTime + status;\n String result = \"\";\n try {\n Mac sha256_HMAC = Mac.getInstance(\"HmacSHA256\");\n SecretKeySpec secret_key = new SecretKeySpec(secretKey.getBytes(\"UTF-8\"), \"HmacSHA256\");\n sha256_HMAC.init(secret_key);\n\n result = Base64.encodeBase64String(sha256_HMAC.doFinal(data.getBytes(\"UTF-8\")));\n\n } catch (Exception e) {\n log.error(\"Hash can not be generated \", e);\n }\n return result;\n}
About 3D Pre Authorization Sales Transaction Completion
It is used for Tami merchants to complete transactions that have been successfully 3d verified. By calling this service, the card is not charged for transactions that are not completed in 3d.
3D Pre Authorization Transaction Completion API Information
In test environment, the "https://sandbox-paymentapi.tami.com.tr/payment/complete-3ds" URL will be used.
In production environment, the "https://paymentapi.tami.com.tr/payment/complete-3ds" URL will be used.
3D Pre Authorization Completion Request Parameters and Descriptions
| Field | Format | Max Size | (O)psional / (M)andatory | Description |
|---|---|---|---|---|
| orderId | String | (2-36) | M | Order number information with successful completion of 3d verification |
| securityHash | String | M | It is the value expected to be calculated and transmitted according to the fields specified in the document. If it is missing or incorrect, the transaction is not routed to the bank, an error is given. |
3D Pre Authorization Completion API Request Example
{ \n \"orderId\": \"3dorder\",\n \"securityHash\": \"6488jjnd0993l9399==\"\n}
3D Pre Authorization Completion API Response Example
\n\n{\n \"success\": true,\n \"systemTime\": \"2023-08-10T11:40:02.299\",\n \"correlationId\": \"TEST9962\",\n \"orderId\": \"9a6gsaas4asd9bb7ab46782\",\n \"amount\": 415,\n \"currency\": \"TRY\",\n \"securityHash\": \"7484hdgdgbdn8839393==\",\n \"installmentCount\": 1,\n \"card\": {\n \"binNumber\": \"48249105\",\n \"maskedNumber\": \"4824-9105-xxxx-xx14\",\n \"cardBrand\": \"Garanti\",\n \"cardOrganization\": \"VISA\",\n \"cardType\": \"CREDIT\"\n }\n}
3D Pre Authorization Completion Response Parameters and Descriptions
| Field | Format | Description |
|---|---|---|
| errorCode | String | Error code |
| errorMessage | String | Error message |
| success | String | If true, the sale is successful, if false, an error was received. Error details are shared in error code and error message fields |
| systemTime | dateTime | Transaction date |
| correlationId | String | Transaction number |
| orderId | String | Order number |
| amount | Number | Transaction amount |
| currency | String | Transaction currency information |
| installmentCount | Number | Transaction installment count |
| card/binNumber | String | First 8 digits of the card |
| card/maskedNumber | String | Masked card tric |
| card/cardBrand | String | Card brand |
| card/cardOrganization | String | Card organization |
| card/cardType | String | Card type |
| securityHash | String | The value to be used to determine that the result of the operation comes from the correct source. The documentation describes how to calculate it. |
Security Hash Calculation
You can use the documentation here to calculate the securityHash field in service requests and incoming service responses.
Error Codes
You can access the list of error codees on this page.
Test Cards
You can access the list of test cards on this page.
