-
Multi Bank Virtual POS
Multi Bank Virtual POS
Sale Transaction General Concepts
Payment is taken from the specified credit card via a single or installment sale transaction through Tami. Tami returns the successful or unsuccessful status of the transaction through this service.
Test/Prod Envirenement API User Information
For Virtual POS transactions, merchants can use the merchant information given in the table below for the controls they want to perform in the test environment.
For Virtual POS transactions to be realized from the prod environment via Tami, the merchant number is obtained by making an application.
You can access the Sandbox test portal at https://sandbox-portal.tami.com.tr. When you log in to the test portal with the users provided below, the transactions made by the workplace connected to this user can be viewed. Transactions can be canceled/refunded.
| User Phone Number | User Password | Sms / Email Otp | Workplace Number | Terminal Number | Secret Key |
|---|---|---|---|---|---|
| 5346484700 | 147854 | 147852 | 77006950 | 84006953 | 0edad05a-7ea7-40f1-a80c-d600121ca51b |
| 5346484709 | 147850 | 147852 | 77006951 | 84006954 | c8581bb6-a4b2-4925-8c94-529fc651399e |
| 5346484803 | 147850 | 147852 | 77006952 | 84006955 | ff7d4895-0c32-4f48-86ab-fb9ecca9f3d7 |
| 5346484807 | 147850 | 147852 | 77006953 | 84006956 | 33124ff0-0b19-4cf9-b002-13a35eae865b |
| 5346484800 | 147850 | 147852 | 77006954 | 84006957 | 7daf9631-e136-4164-9ddb-dd1c02df851d |
| 5346484808 | 147850 | 147852 | 77006956 | 84006959 | fe6f3fff-0434-4932-a27d-bb3dac9de49d |
Hash Calculation
The request sent for many transaction types should include the PG-Auth-Token in the header information. The PG-Auth-Token consists of the values "MerchantNumber:TerminalNumber:Hash".
When calculating the hash here, the merchantNumber, terminalNumber, and secretKey information belonging to the merchant are hashed with sha256 and converted to a string.
public class SHA256Example {\n public static String sha256(Long merchantNumber, Long terminalNumber, String secretKey) {\n String text = merchantNumber.toString() + terminalNumber.toString() + secretKey;\n try {\n MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n byte[] hash = digest.digest(text.getBytes(StandardCharsets.UTF_8));\n String sha256Hex = DatatypeConverter.printBase64Binary(hash);\n return sha256Hex;\n } catch (NoSuchAlgorithmException e) {\n e.printStackTrace();\n return null;\n }\n }\n}
TAMİ Test Portal Information
You can access the Tami test portal at https://sandbox-portal.tami.com.tr. From this address, you can view the portal screen with the users specified above.
For your production environment information you can become a member at https://portal.tami.com.tr or You can apply to the e-commerce support unit.
Sale Transaction API Information
In test environment, the "https://sandbox-paymentapi.tami.com.tr/payment/auth" URL will be used.
In production environment, the "https://paymentapi.tami.com.tr/payment/auth" URL will be used.
Request Parameters and Descriptions
The request structure required for Virtual POS Cash/Installment Sales transactions without 3D is indicated in the table below. The information and explanations in the request message should be examined, and the request message should be provided according to the rules specified in this table:
| Field | Format | Maximum Size | (O)ptional/(C)onditional/(M)andatory | Description |
|---|---|---|---|---|
| orderId | String | (2-36) | M | The payment request is a singular communication information used in the interaction between Tami-customer. For the merchant and POS pair, this value must be singular. |
| amount | Decimal | M | The amount is the transaction. The fractional separator must be a period (.). | |
| currency | String | 3 | M | Specifies the currency code of the transaction. Example: TRY should be sent for TL. |
| installmentCount | Number | M | This is the installment information of the desired transaction. For cash transactions, 1 must be sent. Sending 0 is not accepted. | |
| paymentGroup | String | M | Payment group, default PRODUCT should be forwarded | |
| paymentChannel | enum | O | Payment channel. Valid values are provided in the enum: WEB, MOBILE, MOBILE_WEB, MOBILE_IOS, MOBILE_ANDROID, MOBILE_WINDOWS, MOBILE_TABLET, MOBILE_PHONE | |
| callbackUrl | String | C | If a transaction is desired to be carried out in 3D, it must be sent. The address to which the 3D verification result will be returned is the address associated with the merchant. | |
| card | Object | M | ||
| cvv | String | M | The security code of the card from which the payment will be taken. | |
| expireMonth | Number | (1-12) | M | Expiration date and month of the card from which the payment will be taken. |
| expireYear | Number | 4 | M | The expiration date and year of the card from which the payment will be taken. |
| holderName | String | 30 | M | Name and surname of the cardholder from whom the payment will be received. |
| number | String | (5-35) | M | The card number from which the payment will be received. |
| billingAddress | Object | O | ||
| address | String | 400 | O | Billing address information on the merchant side. |
| emailAddress | String | O | E-mail information of the merchant | |
| city | String | 30 | O | Billing address city information on the merchant side. |
| companyName | String | 100 | O | Trade name information of the merchant. |
| country | String | 50 | O | Country of the billing address on the merchant side. |
| contactName | String | 30 | O | Billing address, name and surname information on the merchant side. |
| phone | String | O | GSM number of the buyer on the merchant side. | |
| zipCode | String | 15 | O | Postal code of the billing address on the merchant side. |
| district | String | 50 | O | Neighborhood information of the billing address on the merchant side. |
| shippingAddress | Object | O | ||
| address | String | 400 | O | Delivery address information on the merchant side. |
| emailAddress | String | O | E-mail information of the merchant | |
| city | String | 30 | O | Delivery address city information on the merchant side. |
| country | String | 50 | O | Delivery address country information on the merchant side. |
| contactName | String | 30 | O | Delivery address, name and surname information on the merchant side. |
| zipCode | String | 15 | O | Postal code information of the delivery address on the merchant side. |
| district | String | 50 | O | Delivery address neighborhood information on the merchant side. |
| buyer | Object | M | Contains information about the buyer on the merchant side | |
| ipAddress | String | M | It is the IP address of the buyer on the merchant side. The real IP address of the recipient must be transmitted. | |
| buyerId | String | 50 | M | The buyer's id on the merchant side. |
| name | String | 30 | M | Name of the buyer on the merchant side. |
| surName | String | 30 | M | Last name of the buyer on the merchant side. Buyer object is an optional field, but if any field from the buyer object is sent, surname is required. |
| identityNumber | String | 11 | O | Identification number of the buyer on the merchant side. |
| city | String | 50 | O | City information of the recipient on the merchant side. |
| country | String | 50 | O | Country information of the buyer on the merchant side. |
| emailAddress | String | M | The e-mail information of the recipient on the merchant side. The e-mail address must be a valid and accessible address of the recipient. | |
| phoneNumber | String | M | The GSM number of the buyer on the merchant side. | |
| registrationAddress | String | 400 | O | Recipient's registration address on the merchant side. |
| zipCode | String | 15 | O | Postal code of the recipient on the merchant side. |
| registrationDate | Date | O | Recording date of the buyer on the merchant side. The date format should be 2015-09-17 23:45:06. | |
| lastLoginDate | Date | O | Last receipt date for the merchant-side buyer. The date format should be 2015-09-17 23:45:06. | |
| basket | O | |||
| basketId | String | 50 | C | The id of the basket on the merchant side. If an item is sent in the basket, it is mandatory to send basketId. |
| basket/basketItems | List | 0 | ||
| itemId | String | 50 | C | The id of the product in the basket on the merchant side. If the item is transmitted in the basket, it is mandatory to send itemId. |
| itemType | String | 50 | C | The type of the product in the cart at the merchant. Valid enum values: PHYSICAL and VIRTUAL. If an item is sent in the basket, the itemType must be sent. |
| name | String | 50 | C | The name of the product in the basket on the merchant side. If the item is sent in the basket, it is mandatory to send the name. |
| category | String | 50 | O | The category of the product in the cart on the merchant side. |
| subCategory | String | 100 | O | Subcategory of the product in the cart on the merchant side. |
| unitPrice | Decimal | min 0.0 | O | The single amount of the product in the basket on the merchant side. |
| totalPrice | Decimal | min 0.0 | C | The total amount of the product in the basket on the merchant side. It cannot be 0 and less than 0, the sum of the amounts must be equal to the basket amount. If an item is sent in the basket, totalPrice must be sent. Unitprice * numberOfProducts = totalPrice |
| numberOfProducts | Number | 1-99999 | O | The number of products in the basket on the merchant side. |
| securityHash | String | M | It is the value expected to be calculated and transmitted according in the document. If it is missing or incorrect, the transaction is not routed to the bank, an error is given. |
API Request Example
{\n \"amount\": 15,\n \"orderId\": \"order\",\n \"currency\": \"TRY\",\n \"installmentCount\": 1,\n \"card\": {\n \"holderName\": \"Kemal Sunal\",\n \"cvv\": \"\",\n \"expireMonth\": 4,\n \"expireYear\": 2026,\n \"number\": \"4824910501747014\"\n },\n \"billingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"SirketAdı\",\n \"country\": \"Türkiye\",\n \"district\": \"Bebek Mah.\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05364604016\",\n \"zipCode\": \"343400\"\n },\n \"shippingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"SirketAdı\",\n \"country\": \"Türkiye\",\n \"district\": \"Levent\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05346484777\",\n \"zipCode\": \"3434221\"\n },\n \"buyer\": {\n \"ipAddress\": \"192.168.1.70\",\n \"buyerId\": \"678654\",\n \"name\": \"Adı\",\n \"surName\": \"Soyadı\",\n \"identityNumber\": 28629160374,\n \"city\": \"İstanbul\",\n \"country\": \"Türkiye\",\n \"zipCode\": \"348222\",\n \"emailAddress\": \"email@email.com\",\n \"phoneNumber\": \"05364609963\",\n \"registrationAddress\": \"Ortaköy Mah. Ulus Sok. Beşiktaş\",\n \"lastLoginDate\": \"2022-11-05T13:39:11.332\",\n \"registrationDate\": \"2022-10-11T12:59:11.332\"\n },\n \"basket\": {\n \"basketId\": \"6489494\",\n \"basketItems\": [\n {\n \"itemId\": \"7448\",\n \"name\": \"basketname1\",\n \"itemType\": \"PHYSICAL\",\n \"numberOfProducts\": 1,\n \"totalPrice\": 15,\n \"unitPrice\": 15\n }\n ]\n },\n \"paymentGroup\": \"PRODUCT\",\n \"securityHash\": \"647494994F8494H94894849K849==\"\n}
API Response Example
{\n \"success\": true,\n \"systemTime\": \"2024-03-20T09:47:35.290917608\",\n \"correlationId\": \"correlation4584\",\n \"orderId\": \"order\",\n \"securityHash\": \"68493Gedy8F9302HH94040==\",\n \"amount\": 15,\n \"currency\": \"TRY\",\n \"installmentCount\": 1,\n \"card\": {\n \"binNumber\": \"48249105\",\n \"maskedNumber\": \"4824-9105-xxxx-xx14\",\n \"cardBrand\": \"Garanti\",\n \"cardOrganization\": \"VISA\",\n \"cardType\": \"CREDIT\"\n }\n}
Response Parameters and Descriptions
| Field | Format | Description |
|---|---|---|
| errorCode | String | Error code |
| errorMessage | String | Error message |
| success | String | If true, the sale is successful, if false, an error was received. error details are shared in error code and error message fields |
| systemTime | dateTime | Transaction date |
| correlationId | String | Transaction number |
| orderId | String | Order number |
| amount | Number | Transaction amount |
| currency | String | Transaction currency |
| installmentCount | Number | Number of transaction installments |
| card/binNumber | String | First 8 digits of the card |
| card/maskedNumber | String | Masked card trick |
| card/cardBrand | String | Card brand |
| card/cardOrganization | String | Card organization |
| card/cardType | String | Card type |
| securityHash | String | The value to be used to determine that the result of the operation comes from the correct source. The documentation describes how to calculate it. |
POST
Merchant ID
Terminal ID
Secret Key
{\n \"amount\": 40,\n \"orderId\": \"\",\n \"currency\": \"TRY\",\n \"installmentCount\": 1,\n \"card\": {\n \"holderName\": \"İsim Soyisim\",\n \"cvv\": \"\",\n \"expireMonth\": 4,\n \"expireYear\": 2026,\n \"number\": \"4824910501747014\"\n },\n \"billingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"Sirket Adı\",\n \"country\": \"Türkiye\",\n \"district\": \"Bebek Mah.\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05364604016\",\n \"zipCode\": \"343400\"\n },\n \"shippingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"Sirket Adı\",\n \"country\": \"Türkiye\",\n \"district\": \"Levent\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05346484777\",\n \"zipCode\": \"3434221\"\n },\n \"buyer\": {\n \"ipAddress\": \"192.168.1.70\",\n \"buyerId\": \"678654\",\n \"name\": \"Adı\",\n \"surName\": \"Soyadı\",\n \"identityNumber\": 28629160374,\n \"city\": \"İstanbul\",\n \"country\": \"Türkiye\",\n \"zipCode\": \"348222\",\n \"emailAddress\": \"email@email.com\",\n \"phoneNumber\": \"05364609963\",\n \"registrationAddress\": \"Ortaköy Mah. Ulus Sok. Beşiktaş\",\n \"lastLoginDate\": \"2022-11-05T13:39:11.332\",\n \"registrationDate\": \"2022-10-11T12:59:11.332\"\n },\n \"basket\": {\n \"basketId\": \"sepet1\",\n \"basketItems\": [\n {\n \"itemId\": \"673999949\",\n \"name\": \"Yapboz\",\n \"itemType\": \"PHYSICAL\",\n \"category\": \"oyuncak\",\n \"subCategory\": \"alt oyuncak\",\n \"numberOfProducts\": 3,\n \"totalPrice\": 30,\n \"unitPrice\": 10\n },\n {\n \"itemId\": \"78390290\",\n \"name\": \"Lego\",\n \"itemType\": \"PHYSICAL\",\n \"category\": \"oyuncak\",\n \"subCategory\": \"alt oyuncak\",\n \"numberOfProducts\": 1,\n \"totalPrice\": 10,\n \"unitPrice\": 10\n }\n ]\n },\n \"paymentGroup\": \"PRODUCT\"\n}
Hata Oluştu
Başarılı
Security Hash Calculation
You can use the documentation here to calculate the securityHash field in service requests and incoming service responses.
Error Codes
You can access the list of error codees on this page.
Test Cards
You can access the list of test cards on this page.
Frequently Asked Questions
1- Which fields should I pass in the header when sending requests to services?
| Key | Value |
|---|---|
| correlationId | PG-Auth-Token |
| Correlation{{randomNumber}} | {{merchantNumber}}:{{terminalNumber}}:{{hash}} |
In the header section, correlationId and PG-Auth-Token parameters are expected to be transmitted. correlationId must be transmitted as a string unique value for each transaction. PG-Auth-Token parameter consists of merchantNumber, terminalNumber and hash information of the merchant as stated in the table. For hash information, merchantNumber, terminalNumber and secretKey information of the merchant is obtained by hashing with sha256 and converting it to string.
2- In the sales process, when we receive an error message in the ErrorMessage tag "The Security Hash field must be passed. Check and try again" error message, what should we do?
Response
{
"errorCode": 4015,
"errorMessage": " The Security Hash field must be transmitted. Check and try again",
"success": false,
"systemTime": "2024-03-30T12:08:40.526596076",
"correlationId": "correlation9975",
"SecurityHash": "qSHq2JE7cmxqYx+2x4FSBaR6q2fqRhUFlA9uVmuinL4="
}
The error received is the error received when the SecurityHash value expected to be sent in the request is not sent. In the request, the "securityHash" parameter is expected to be calculated and transmitted according to the desired values. We recommend that you check these fields and try the operation again and If the error continues, we kindly ask you to send us the fields that make up the SecurityHash value and the hash value you created.
3- What should we do when we receive the error message "The hash value sent in the header is inconsistent" in the ErrorMessage tag in the sales process?
Response
{
"errorCode": 4003,
"errorMessage": " Inconsistent hash value sent in header",
"success": false,
"systemTime": "2024-03-30T12:08:40.526596076",
"correlationId": "correlation9975",
"SecurityHash": "qSHq2JE7cmxqYx+2x4FSBaR6q2fqRhUFlA9uVmuinL4="
}
"PG-Auth-Token" parameter should be passed in the header in all sales, cancellation/refund, pre-authorization, pre-authorization closure, 3D sales and 3D sales completion requests.
This information consists of "merchantNumber:TerminalNumber:Hash" information of the merchant. The hash information is expected to be calculated according to the requested values and added to the PG-Auth-Token parameter.
