-
Hosted Payment Page
Hosted Payment Page
Common Payment Page
Tami co-payment page is a co-payment page provided for merchants who have a website to list products but do not have a payment page. The flow is as follows:
If you want to be integrated into our Common Payment product, where we offer Masterpass wallet service, in a prod environment, you should send an e-mail to TeknikDestek@tami.com.tr.
- The merchant receives a url token from the Tami token service.
- The merchant calls the common payment page url with full token information.
- Common payment page opens, the page lists the amount, merchant information and masterpass/payment field.
- The customer clicks on the “Payment” button by selecting from the cards registered in masterpass, if any, or by entering new card information.
- The payment is passed by masterpass by redirecting to Tami pos, if successful, it is redirected to the callback url page transmitted by the merchant in the token service.
- If it receives an error, the page will display the corresponding message.
- In case the workplace does not receive a response, it is expected to query the transaction status with tami/Query service.
- If no action is taken within the time specified on the page, the process will not be allowed (test: 15 min, prod: 6 min)
1. A tami/token service is called by the workplace:
Merchant calls the tami/token service, receives the token information of the common payment page by feeding the amount, order id, callback url information. Token is generated one time, expiration time in the test is 15 minutes.
Parameters expected to be sent in the header field:
| Parameter Name | (O)ptional/(M)andatory | Description |
|---|---|---|
| correlationId | M | correlation id |
| PG-Auth-Token | M | merchantNumber:terminalNumber:hash |
HashGenerator for PG-Auth-Token:
public class SHA256Example {\n public static String sha256(Long merchantNumber, Long terminalNumber, String secretKey) {\n String text = merchantNumber.toString() + terminalNumber.toString() + secretKey;\n try {\n MessageDigest digest = MessageDigest.getInstanc e(\"SHA-256\");\n byte[] hash = digest.digest(text.getBytes(StandardCharsets.UTF_8));\n String sha256Hex = DatatypeConverter.printBase64Binary(hash);\n return sha256Hex;\n } catch (NoSuchAlgorithmException e) {\n e.printStackTrace();\n return null;\n }\n }\n}
Endpoint/ test credentials information:
| TEST | |
|---|---|
| Endpoint | https://sandbox-paymentapi.tami.com.tr/hosted/create-one-time-hosted-token |
| Test credentials | It was communicated under the heading “Test workplaces and User Information”. |
| PROD | |
|---|---|
| Endpoint | https://paymentapi.tami.com.tr/hosted/create-one-time-hosted-token |
Request Parameters:
| Field | Format | Length | (O)ptional (M)andatory (C)onditional | Description |
|---|---|---|---|---|
| Amount | Decimal | M | Amount of product for which payment is requested | |
| OrderID | String | 50 | M | order number |
| successCallbackUrl | String | 300 | M | Merchant page to be redirected to when the payment is completed successfully |
| failCallbackUrl | String | 300 | M | The merchant page to be redirected when encountering an error in payment (currently this redirection is not done, it can be fed the same as the sucess url) |
| mobilePhoneNumber | String | 100 | M | Customer phone number (mandatory for Masterpass verification) |
| Data/key areas | String | 100 | O | Additional information requested |
Response Parameters:
| Field | Format | Description |
|---|---|---|
| oneTimeToken | String | Token information required for page invocation |
| tokenCreateTime | String | Token creation time, the token is valid for a certain period of time |
Example Request:
{\n \"amount\": 10,\n \"orderId\": \"hosted-payment-35\",\n \"successCallbackUrl\": \"www.google.com.tr\",\n \"mobilePhoneNumber\": \"05343000201\",\n \"failCallbackUrl\": \"www.google.com.tr\",\n \"data\": {\n \"key-1\": \"xxx\"\n }\n}
Example Response:
{\n \"oneTimeToken\": \"8wz8KLjrDI4B5aEKUGeGdOXSvk3mOCjf9Ns1vE5j7Ec=\",\n \"tokenCreateTime\": \"2024-07-09T16:18:50.243003602\"\n}
2. Invocation of the page by the workplace:
The token information in the url is filled in and the url is called as follows;
TEST: https://sandbox-portal.tami.com.tr/hostedPaymentPage?token=8wz8KLjrDI4B5aEKUGeGdOXSvk3mOCjf9Ns1vE5j7Ec=
PROD: https://portal.tami.com.tr/hostedPaymentPage?token=uljH69/LreFWmOEsfxFNkJTM0FFtiSmdk+diG6mLVRs=
3. Payment and redirection to the results page:
The user pays by using Masterpass card information or by entering new card information in the payment field. If the payment result is successful, the user is redirected to the sucess call back url provided by the merchant. If an error is received, an error message is displayed on the screen, the user can try the transaction again if desired from the “try again” step. If the transaction result information is not received by the workplace, the transaction should be queried by calling the Query service at the end of the time out period. Query service information can be found in the previous sections of the document.
Test workplaces and User Information
You can access the Sandbox test portal at https://sandbox-portal.tami.com.tr. When you log in to the test portal with the users provided below, the transactions made by the workplace connected to this user can be viewed. Transactions can be canceled/refunded.
| User Phone Number | User Password | Sms / Email Otp | Workplace Number | Terminal Number | Secret Key |
|---|---|---|---|---|---|
| 5346484700 | 147852 | 147852 | 77006866 | 84006869 | 8e6883ba-e73b-4de2-b58c-aad37d34bc72 |
| 5346484709 | 147852 | 147852 | 77006870 | 84006873 | 7db5e4a8-fbe1-4b41-8454-81243be79334 |
| 5346484803 | 147852 | 147852 | 77006867 | 84006870 | e952ea73-5d0e-4b57-800b-8233e2fb8eb5 |
| 5346484807 | 147852 | 147852 | 77006868 | 84006871 | d6fa3cd5-4a2c-4cb0-973a-1c3ebeaddcab |
| 5346484800 | 147852 | 147852 | 77006869 | 84006872 | f3f5fb7e-a58b-4e8f-90b8-347a01394bad |
| 5346484808 | 147852 | 147852 | 77006871 | 84006874 | 4448cb84-3697-49a1-99ab-57695b51360e |
