-
Multi Bank Virtual POS
Multi Bank Virtual POS
3D Sale General Concepts
Payment can be made in 3D via TAMİ. 3D payment process consists of 2 steps. Firstly, 3D sales transaction is initiated, and as a result of this process, the service returns html content information which is decoded from base64 to obtain an html. This html is then directed to the 3D verification page, where the verification code is entered to complete the 3D verification and see the result. To convert a successful 3D verification process into a sale, the 3D Complete service must be called to complete the transaction.
Test/Prod Envirenement API User Information
For Virtual POS transactions, merchants can use the merchant information given in the table below for the controls they want to perform in the test environment.
For Virtual POS transactions to be realized from the prod environment via Tami, the merchant number is obtained by making an application.
You can access the Sandbox test portal at https://sandbox-portal.tami.com.tr. When you log in to the test portal with the users provided below, the transactions made by the workplace connected to this user can be viewed. Transactions can be canceled/refunded.
| User Phone Number | User Password | Sms / Email Otp | Workplace Number | Terminal Number | Secret Key |
|---|---|---|---|---|---|
| 5346484700 | 147854 | 147852 | 77006950 | 84006953 | 0edad05a-7ea7-40f1-a80c-d600121ca51b |
| 5346484709 | 147850 | 147852 | 77006951 | 84006954 | c8581bb6-a4b2-4925-8c94-529fc651399e |
| 5346484803 | 147850 | 147852 | 77006952 | 84006955 | ff7d4895-0c32-4f48-86ab-fb9ecca9f3d7 |
| 5346484807 | 147850 | 147852 | 77006953 | 84006956 | 33124ff0-0b19-4cf9-b002-13a35eae865b |
| 5346484800 | 147850 | 147852 | 77006954 | 84006957 | 7daf9631-e136-4164-9ddb-dd1c02df851d |
| 5346484808 | 147850 | 147852 | 77006956 | 84006959 | fe6f3fff-0434-4932-a27d-bb3dac9de49d |
Hash Calculation
The request sent for many transaction types should include the PG-Auth-Token in the header information. The PG-Auth-Token consists of the values "MerchantNumber:TerminalNumber:Hash".
When calculating the hash here, the merchantNumber, terminalNumber, and secretKey information belonging to the merchant are hashed with sha256 and converted to a string.
public class SHA256Example {\n public static String sha256(Long merchantNumber, Long terminalNumber, String secretKey) {\n String text = merchantNumber.toString() + terminalNumber.toString() + secretKey;\n try {\n MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n byte[] hash = digest.digest(text.getBytes(StandardCharsets.UTF_8));\n String sha256Hex = DatatypeConverter.printBase64Binary(hash);\n return sha256Hex;\n } catch (NoSuchAlgorithmException e) {\n e.printStackTrace();\n return null;\n }\n }\n}
TAMİ Test Portal Information
You can access the Tami test portal at https://sandbox-portal.tami.com.tr. From this address, you can view the portal screen with the users specified above.
For your production environment information you can become a member at https://portal.tami.com.tr or You can apply to the e-commerce support unit.
Starting the 3D Sales Transaction
The first step of a 3D secure sales transaction. The 3D secure sales transaction is initiated by adding the member merchant's callbackUrl address as shown in the example request format below. At the end of the process, the member merchant receives html content information. This content is decoded in base64 to obtain an html. The obtained html is redirected to the 3D authentication page, where the authentication code is entered and the result of the 3D authentication is seen.
3D Sale Initiation API Information
In test environment, the "https://sandbox-paymentapi.tami.com.tr/payment/auth" URL will be used.
In production environment, the "https://paymentapi.tami.com.tr/payment/auth" URL will be used.
Request Parameters and Descriptions
The request structure required for Virtual POS Cash/Installment Sales transactions without 3D is indicated in the table below. The information and explanations in the request message should be examined, and the request message should be provided according to the rules specified in this table:
| Field | Format | Maximum Size | (O)ptional/(C)onditional/(M)andatory | Description |
|---|---|---|---|---|
| orderId | String | (2-36) | M | The payment request is a singular communication information used in the interaction between Tami-customer. For the merchant and POS pair, this value must be singular. |
| amount | Decimal | M | The amount is the transaction. The fractional separator must be a period (.). | |
| currency | String | 3 | M | Specifies the currency code of the transaction. Example: TRY should be sent for TL. |
| installmentCount | Number | M | This is the installment information of the desired transaction. For cash transactions, 1 must be sent. Sending 0 is not accepted. | |
| paymentGroup | String | M | Payment group, default PRODUCT should be forwarded | |
| paymentChannel | enum | O | Payment channel. Valid values are provided in the enum: WEB, MOBILE, MOBILE_WEB, MOBILE_IOS, MOBILE_ANDROID, MOBILE_WINDOWS, MOBILE_TABLET, MOBILE_PHONE | |
| callbackUrl | String | C | If a transaction is desired to be carried out in 3D, it must be sent. The address to which the 3D verification result will be returned is the address associated with the merchant. | |
| card | Object | M | ||
| cvv | String | M | The security code of the card from which the payment will be taken. | |
| expireMonth | Number | (1-12) | M | Expiration date and month of the card from which the payment will be taken. |
| expireYear | Number | 4 | M | The expiration date and year of the card from which the payment will be taken. |
| holderName | String | 30 | M | Name and surname of the cardholder from whom the payment will be received. |
| number | String | (5-35) | M | The card number from which the payment will be received. |
| billingAddress | Object | O | ||
| address | String | 400 | O | Billing address information on the merchant side. |
| emailAddress | String | O | E-mail information of the merchant | |
| city | String | 30 | O | Billing address city information on the merchant side. |
| companyName | String | 100 | O | Trade name information of the merchant. |
| country | String | 50 | O | Country of the billing address on the merchant side. |
| contactName | String | 30 | O | Billing address, name and surname information on the merchant side. |
| phone | String | O | GSM number of the buyer on the merchant side. | |
| zipCode | String | 15 | O | Postal code of the billing address on the merchant side. |
| district | String | 50 | O | Neighborhood information of the billing address on the merchant side. |
| shippingAddress | Object | O | ||
| address | String | 400 | O | Delivery address information on the merchant side. |
| emailAddress | String | O | E-mail information of the merchant | |
| city | String | 30 | O | Delivery address city information on the merchant side. |
| country | String | 50 | O | Delivery address country information on the merchant side. |
| contactName | String | 30 | O | Delivery address, name and surname information on the merchant side. |
| zipCode | String | 15 | O | Postal code information of the delivery address on the merchant side. |
| district | String | 50 | O | Delivery address neighborhood information on the merchant side. |
| buyer | Object | M | Contains information about the buyer on the merchant side | |
| ipAddress | String | M | It is the IP address of the buyer on the merchant side. The real IP address of the recipient must be transmitted. | |
| buyerId | String | 50 | M | The buyer's id on the merchant side. |
| name | String | 30 | M | Name of the buyer on the merchant side. |
| surName | String | 30 | M | Last name of the buyer on the merchant side. Buyer object is an optional field, but if any field from the buyer object is sent, surname is required. |
| identityNumber | String | 11 | O | Identification number of the buyer on the merchant side. |
| city | String | 50 | O | City information of the recipient on the merchant side. |
| country | String | 50 | O | Country information of the buyer on the merchant side. |
| emailAddress | String | M | The e-mail information of the recipient on the merchant side. The e-mail address must be a valid and accessible address of the recipient. | |
| phoneNumber | String | M | The GSM number of the buyer on the merchant side. | |
| registrationAddress | String | 400 | O | Recipient's registration address on the merchant side. |
| zipCode | String | 15 | O | Postal code of the recipient on the merchant side. |
| registrationDate | Date | O | Recording date of the buyer on the merchant side. The date format should be 2015-09-17 23:45:06. | |
| lastLoginDate | Date | O | Last receipt date for the merchant-side buyer. The date format should be 2015-09-17 23:45:06. | |
| basket | O | |||
| basketId | String | 50 | C | The id of the basket on the merchant side. If an item is sent in the basket, it is mandatory to send basketId. |
| basket/basketItems | List | 0 | ||
| itemId | String | 50 | C | The id of the product in the basket on the merchant side. If the item is transmitted in the basket, it is mandatory to send itemId. |
| itemType | String | 50 | C | The type of the product in the cart at the merchant. Valid enum values: PHYSICAL and VIRTUAL. If an item is sent in the basket, the itemType must be sent. |
| name | String | 50 | C | The name of the product in the basket on the merchant side. If the item is sent in the basket, it is mandatory to send the name. |
| category | String | 50 | O | The category of the product in the cart on the merchant side. |
| subCategory | String | 100 | O | Subcategory of the product in the cart on the merchant side. |
| unitPrice | Decimal | min 0.0 | O | The single amount of the product in the basket on the merchant side. |
| totalPrice | Decimal | min 0.0 | C | The total amount of the product in the basket on the merchant side. It cannot be 0 and less than 0, the sum of the amounts must be equal to the basket amount. If an item is sent in the basket, totalPrice must be sent. Unitprice * numberOfProducts = totalPrice |
| numberOfProducts | Number | 1-99999 | O | The number of products in the basket on the merchant side. |
| securityHash | String | M | It is the value expected to be calculated and transmitted according in the document. If it is missing or incorrect, the transaction is not routed to the bank, an error is given. |
3D Sale Initiation API Request Example
{\n \"amount\": 15,\n \"orderId\": \"order\",\n \"currency\": \"TRY\",\n \"installmentCount\": 1,\n \"card\": {\n \"holderName\": \"KemalSunal\",\n \"cvv\": \"\",\n \"expireMonth\": 4,\n \"expireYear\": 2026,\n \"number\": \"4824910501747014\"\n },\n \"billingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşiktaş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"SirketAdı\",\n \"country\": \"Türkiye\",\n \"district\": \"Bebek Mah.\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05364604016\",\n \"zipCode\": \"343400\"\n },\n \"shippingAddress\": {\n \"emailAddress\": \"email@email.com\",\n \"address\": \"Nisbetiye Barbaros Bulvarı Boulevard, No:96, 34340 Beşik taş/İstanbul\",\n \"city\": \"İstanbul\",\n \"companyName\": \"SirketAdı\",\n \"country\": \"Türkiye\",\n \"district\": \"Levent\",\n \"contactName\": \"İsim Soyisim\",\n \"phoneNumber\": \"05346484777\",\n \"zipCode\": \"3434221\"\n },\n \"buyer\": {\n \"ipAddress\": \"192.168.1.70\",\n \"buyerId\": \"678654\",\n \"name\": \"Adı\",\n \"surName\": \"Soyadı\",\n \"identityNumber\": 28629160374,\n \"city\": \"İstanbul\",\n \"country\": \"Türkiye\",\n \"zipCode\": \"348222\",\n \"emailAddress\": \"email@email.com\",\n \"phoneNumber\": \"05364609963\",\n \"registrationAddress\": \"Ortaköy Mah. Ulus Sok. Beşiktaş\",\n \"lastLoginDate\": \"2022-11-05T13:39:11.332\",\n \"registrationDate\": \"2022-10-11T12:59:11.332\"\n },\n \"basket\": {\n \"basketId\": \"6489494\",\n \"basketItems\": [\n {\n \"itemId\": \"7448\",\n \"name\": \"basketname1\",\n \"itemType\": \"PHYSICAL\",\n \"numberOfProducts\": 1,\n \"totalPrice\": 15,\n \"unitPrice\": 15\n }\n ]\n },\n \"paymentGroup\": \"PRODUCT\",\n \"callbackUrl\": \"https://gbtunelemulator-d.fw.garantibbva.com.tr/secure3d\",\n \"securityHash\": \"647494994F8494H94894849K849==\"\n}
3D Sale Initiation API Response Example
{\n \"success\": true,\n \"systemTime\": \"2024-03-20T12:14:17.403758918\",\n \"correlationId\": \"TEST6184\",\n \"orderId\": \"order7506858867o86894\",\n \"amount\": 10.0,\n \"currency\": \"TRY\",\n \"securityHash\": \"84yrk94994llsl00033==\",\n \"installmentCount\": 4,\n \"card\": {\n \"binNumber\": \"48249105\",\n \"maskedNumber\": \"4824--910-xxxx-xx-x\",\n \"cardBrand\": \"Garanti\",\n \"cardOrganization\": \"VISA\",\n \"cardType\": \"CREDIT\"\n },\n \"threeDSHtmlContent\": \"PCFET0NUWVBFIEhUTUw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgPG1ldGEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiLz4KICA8bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz4KICA8bWV0YSBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSwgc2hyaW5rLXRvLWZpdD1ubyIgbmFtZT0idmlld3BvcnQiPgogIDx0aXRsZT5QYWdvIE9kZW1lIEFyYWNpIEt1cnVsdXN1IHwgR2FyYW50aSDDlmRlbWUgU2lzdGVtbGVyaTwvdGl0bGU+CjwvaGVhZD4KPGJvZHkgb25sb2FkPSJzdWJtaXRGb3JtKCkiPgo8ZGl2PgogIDxkaXY+CiAgPGZvcm0gaWQ9ImZvcm0zZCIgbWV0aG9kPSJQT1NUIiBuYW1lPSJteWZvcm0iCiAgICAgICAgYWN0aW9uPSJodHRwczovL3NhbmFscG9zcHJvdnRlc3QuZ2FyYW50aWJidmEuY29tLnRyL3NlcnZsZXQvZ3QzZGVuZ2luZSI+CiAgICA8aW5wdXQgbmFtZT0ic2VjdXJlM2RzZWN1cml0eWxldmVsIiB2YWx1ZT0iM2QiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9ImNhcmRudW1iZXIiIHZhbHVlPSI0ODI0OTEwNTAxNzQ3MDE0IiB0eXBlPSJoaWRkZW4iPjxicj4KICAgIDxpbnB1dCBuYW1lPSJjYXJkZXhwaXJlZGF0ZW1vbnRoIiB2YWx1ZT0iMDQiCiAgICAgICAgICAgdHlwZT0iaGlkZGVuIj48YnI+CiAgICA8aW5wdXQgbmFtZT0iY2FyZGV4cGlyZWRhdGV5ZWFyIiB2YWx1ZT0iMjYiCiAgICAgICAgICAgdHlwZT0iaGlkZGVuIj48YnI+CiAgICA8aW5wdXQgbmFtZT0ibW9kZSIgdmFsdWU9IlRFU1QiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9Im9yZGVyaWQiIHZhbHVlPSJFQzQ5OTA0NDREOEI0ODkzQjk1MERCNzkxNDk1NDAxOSIgdHlwZT0iaGlkZGVuIj48YnI+CiAgICA8aW5wdXQgbmFtZT0iY2FyZGN2djIiIHZhbHVlPSIiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9ImFwaXZlcnNpb24iIHR5cGU9ImhpZGRlbiIgdmFsdWU9InYxLjAiPjxicj4KICAgIDxpbnB1dCBuYW1lPSJ0ZXJtaW5hbHByb3Z1c2VyaWQiIHZhbHVlPSJQUk9WQVVUIiB0eXBlPSJoaWRkZW4iPjxicj4KICAgIDxpbnB1dCBuYW1lPSJ0ZXJtaW5hbGlkIiB2YWx1ZT0iMzA2OTEyOTciIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9InRlcm1pbmFsbWVyY2hhbnRpZCIgdmFsdWU9IjcwMDA2NzkiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9InRlcm1pbmFsdXNlcmlkIiB2YWx1ZT0iUFJPVkFVVCIgdHlwZT0iaGlkZGVuIj48YnI+CiAgICA8aW5wdXQgbmFtZT0iY3VzdG9tZXJpcGFkZHJlc3MiIHZhbHVlPSIxOTIuMTY4LjEuNzAiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9ImN1c3RvbWVyZW1haWxhZGRyZXNzIiB2YWx1ZT0ibWVzdXRzYXJpdGFzMjRAZ21haWwuY29tIiB0eXBlPSJoaWRkZW4iPjxicj4KICAgIDxpbnB1dCBuYW1lPSJ0eG50eXBlIiB2YWx1ZT0ic2FsZXMiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9InR4bmFtb3VudCIgdmFsdWU9IjEwMDAiIHR5cGU9ImhpZGRlbiI+PGJyPgogICAgPGlucHV0IG5hbWU9InR4bmN1cnJlbmN5Y29kZSIgdmFsdWU9Ijk0OSIKICAgICAgICAgICB0eXBlPSJoaWRkZW4iPjxicj4KICAgIDxpbnB1dCBuYW1lPSJjb21wYW55bmFtZSIgdmFsdWU9IiIgdHlwZT0iaGlkZGVuIj48YnI+CiAgICA8aW5wdXQgbmFtZT0idHhuaW5zdGFsbG1lbnRjb3VudCIgdmFsdWU9IjQiCiAgICAgICAgICAgdHlwZT0iaGlkZGVuIj4KICAgIAogICAgCiAgICA8aW5wdXQgbmFtZT0ic3VjY2Vzc3VybCIgdmFsdWU9Imh0dHBzOi8vcGFnb2FwaS10LmdhcmFudGliYnZhLmNvbS50ci8zZC9lbmdpbmU/b3JkZXJJZD1FQzQ5OTA0NDREOEI0ODkzQjk1MERCNzkxNDk1NDAxOSZhbXA7bWVyY2hhbnRJZD03MDAwNjc5JmFtcDt0ZXJtaW5hbElkPTMwNjkxMjk3IiB0eXBlPSJoaWRkZW4iPjxicj4KICAgIDxpbnB1dCBuYW1==\"\n}
3D Sale Initiation Response Parameters and Descriptions
| Parametre Adı | Format | Description |
|---|---|---|
| success | String | If True, the sale is successful. If False is returned, an error was received. Error details are shared in errorCode and errorMessage fields. |
| systemTime | DateTime | Transaction date |
| correlationId | String | Transaction number |
| orderId | String | Order number |
| amount | Number | Transaction amount |
| currency | String | Transaction currency |
| card/binNumber | String | First 8 digits of the card |
| card/maskedNumber | String | Masked card trick |
| card/cardBrand | String | Card brand |
| card/cardOrganization | String | Card organization |
| card/cardType | String | Card type |
| threeDSHtmlContent | It is the html content information that will redirect to the 3d validation page. The content is decoded in base 64 to get Html. | |
| errorCode | String | Error code |
| errorMessage | String | Error message |
| securityHash | String | The value to be used to determine that the result of the operation comes from the correct source. The documentation describes how to calculate it. |
3D Verification
After starting the 3D Secure process, the bank's 3D verification screen will be displayed with the HTML data obtained. After the cardholder enters the code sent to their mobile phone, they will be automatically redirected to the address specified in the callbackUrl parameter. Tami will post the following values to this address. If the 3D verification is successful, no money has been withdrawn from the card yet. When the returned success field is true in the response, you can proceed to the next step to convert the transaction into payment for the next 3D secure sales transaction.
3D Verification Response Parameters and Descriptions
| Parametre Adı | Format | Açıklama |
|---|---|---|
| cardBrand | String | Card Brand |
| cardOrganization | String | Card Organization |
| cardType | String | Card Type |
| currencyCode | String | Transaction Currency |
| hashedData | String | Value to be used to check the accuracy of the information returned in the answer |
| installmentCount | Number | Number of Transaction Installments |
| maskedNumber | Number | Card number as masked |
| mdStatus | String | It is the mdStatus value returned for informational purposes. It can return 1 for successful cases and 0, 2, 3, 4, 4, 5, 5, 6, 7, 8 for unsuccessful cases. |
| orderId | String | Order number |
| success | String | Reports the result of the 3d verification process. Returns true if the operation is successful, false if the operation is failed |
| systemTime | DateTime | Transaction date |
| txnAmount | Number | Transaction amount |
In case the Success field returned in the 3D Validation response is false, the table below will help with the cause of the error.
| mdStatus | Format |
|---|---|
| mdStatus = 0 | 3D Secure signature or verification invalid |
| mdStatus = 2 | Cardholder or bank not registered in the system |
| mdStatus = 3 | The bank of the card is not registered in the system |
| mdStatus = 4 | Verification attempt, cardholder chose to register later in the system |
| mdStatus = 5 | Unable to verify |
| mdStatus = 6 | 3D Secure error |
| mdStatus = 7 | System error |
| mdStatus = 8 | Unknown card no |
HashedData Calculation
To verify that the information returned in the 3D Verification response is from the correct source, you can calculate hashedData according to the fields below and compare it with this information in the response. SecretKey is different for each pos belonging to the merchant.
When calculating HashedData, a data is created by bringing all the following parameters side by side in the given order. The secretKey of the merchant is hashed with HMAC sha256 and secretKeySpec is obtained. Two data are sorted in the format specified in the generator below. Base 64 is encrypted and encrypted hashedData is obtained.
NOTE: In advance transactions, "InstallmentCount" is expected to be sent as 1. This information is added to the hashedData.
Parameters used in HashedData calculation;
cardOrg+cardBrand+cardType+maskedNumber+installmentCount+currency+originalAmount+orderID+systemTime+status (success field)
The generator to be used in HashedData calculation is given below;
public static String responseHashGenerate(String systemTime, String status, String maskedNumber, Order order,\n String secretKey) {\n\n String data = order.getCardOrg() + order.getCardBrand() + order.getCardType() +\n maskedNumber + order.getInstallmentCount() + order.getCurrency() +\n order.getOriginalAmount() + order.getOrderId() + systemTime + status;\n String result = \"\";\n try {\n Mac sha256_HMAC = Mac.getInstance(\"HmacSHA256\");\n SecretKeySpec secret_key = new SecretKeySpec(secretKey.getBytes(\"UTF-8\"), \"HmacSHA256\");\n sha256_HMAC.init(secret_key);\n\n result = Base64.encodeBase64String(sha256_HMAC.doFinal(data.getBytes(\"UTF-8\")));\n\n } catch (Exception e) {\n log.error(\"Hash can not be generated \", e);\n }\n return result;\n}
About 3D Sales Transaction Completion
It is used for Tami merchants to complete transactions that have been successfully 3d verified. By calling this service, the card is not charged for transactions that are not completed in 3d.
3D Transaction Completion API Information
In test environment, the "https://sandbox-paymentapi.tami.com.tr/payment/complete-3ds" URL will be used.
In production environment, the "https://paymentapi.tami.com.tr/payment/complete-3ds" URL will be used.
3D Sales Completion Request Parameters and Descriptions
| Field | Format | Max Size | (O)psiyonel / (M)andatory | Description |
|---|---|---|---|---|
| orderId | String | (2-36) | M | Order number information with successful completion of 3d verification |
| securityHash | String | M | It is the value expected to be calculated and transmitted according to the fields specified in the document. If it is missing or incorrect, the transaction is not routed to the bank, an error is given. |
3D Sales Completion API Request Example
{ \n \"orderId\": \"order3d\",\n \"securityHash\": \"748dnskwo404040lel==\"\n}
3D Sales Completion API Response Example
{\n \"success\": true,\n \"systemTime\": \"2023-08-10T11:40:02.299\",\n \"correlationId\": \"TEST9962\",\n \"orderId\": \"order3d\",\n \"amount\": 415,\n \"currency\": \"TRY\",\n \"securityHash\": \"9WWrcKiDy7INGmUHlfzi63uonaolFJCeml04nJDRbGY=\"\n \"installmentCount\": 1,\n \"card\": {\n \"binNumber\": \"48249105\",\n \"maskedNumber\": \"4824-9105-xxxx-xx14\",\n \"cardBrand\": \"Garanti\",\n \"cardOrganization\": \"VISA\",\n \"cardType\": \"CREDIT\"\n }\n}
3D Sales Completion Response Parameters and Descriptions
| Field | Format | Description |
|---|---|---|
| errorCode | String | Error code |
| errorMessage | String | Error message |
| success | String | If true, the sale is successful, if false, an error was received. Error details are shared in error code and error message fields |
| systemTime | dateTime | Transaction date |
| correlationId | String | Transaction number |
| orderId | String | Order number |
| amount | Number | Transaction amount |
| currency | String | Transaction currency information |
| installmentCount | Number | Transaction installment count |
| card/binNumber | String | First 8 digits of the card |
| card/maskedNumber | String | Masked card trick |
| card/cardBrand | String | Card brand |
| card/cardOrganization | String | Card organization |
| card/cardType | String | Card type |
| securityHash | String | Hash information to check that the transaction has returned from the correct source |
Security Hash Calculation
You can use the documentation here to calculate the securityHash field in service requests and incoming service responses.
Error Codes
You can access the list of error codees on this page.
Test Cards
You can access the list of test cards on this page.
Frequently Asked Questions
1- Which fields should I pass in the header when sending requests to services?
| Key | Value |
|---|---|
| correlationId | PG-Auth-Token |
| Correlation{{randomNumber}} | {{merchantNumber}}:{{terminalNumber}}:{{hash}} |
In the header section, correlationId and PG-Auth-Token parameters are expected to be transmitted. correlationId must be transmitted as a string unique value for each transaction. PG-Auth-Token parameter consists of merchantNumber, terminalNumber and hash information of the merchant as stated in the table. For hash information, merchantNumber, terminalNumber and secretKey information of the merchant is obtained by hashing with sha256 and converting it to string.
2- In the sales process, when we receive an error message in the ErrorMessage tag "The Security Hash field must be passed. Check and try again" error message, what should we do?
Response
{
"errorCode": 4003,
"errorMessage": " Inconsistent hash value sent in header",
"success": false,
"systemTime": "2024-03-30T12:08:40.526596076",
"correlationId": "correlation9975",
"SecurityHash": "qSHq2JE7cmxqYx+2x4FSBaR6q2fqRhUFlA9uVmuinL4="
}
"PG-Auth-Token" parameter should be passed in the header in all sales, cancellation/refund, pre-authorization, pre-authorization closure, 3D sales and 3D sales completion requests.
This information consists of "merchantNumber:TerminalNumber:Hash" information of the merchant. The hash information is expected to be calculated according to the requested values and added to the PG-Auth-Token parameter.
3- What should we do when we receive the error message "The hash value sent in the header is inconsistent" in the ErrorMessage tag in the sales process?
Response
{
"errorCode": 4003,
"errorMessage": " Inconsistent hash value sent in header",
"success": false,
"systemTime": "2024-03-30T12:08:40.526596076",
"correlationId": "correlation9975",
"SecurityHash": "qSHq2JE7cmxqYx+2x4FSBaR6q2fqRhUFlA9uVmuinL4="
}
"PG-Auth-Token" parameter should be passed in the header in all sales, cancellation/refund, pre-authorization, pre-authorization closure, 3D sales and 3D sales completion requests.
This information consists of "merchantNumber:TerminalNumber:Hash" information of the merchant. The hash information is expected to be calculated according to the requested values and added to the PG-Auth-Token parameter.
