1. HASH
SA
  • Overview
    • Getting Started
  • Authentication
    • Token Generation
      POST
  • Commission
    • Commission
      POST
  • HASH
    • Hash Creation
    • Hash Validation
  • Non-Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
    • Confirm Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • Complete Payment
      POST
    • Confirm Payment
      POST
  • Non-Secure and 3D Payment with Sipay
    • Non-Secure and 3D Secure Payment with Sipay
      POST
  • Check Status
    • Check Status
      POST
  • Refund
    • Refund
      POST
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. HASH

Hash Validation

This guide explains how to validate hash key.
In 3D Secure payments, after the transaction is completed, the user is redirected to the merchant’s success or failure URL. Since this URL may be publicly accessible and can be triggered by unauthorized users. including parameters such as status, invoice_id, order_id, and hash_key in the redirect URL is recommended and and incoming requests should be verified using the hash_key.
For recurring payments, a POST request is sent to the merchant webhook for each renewal transaction. Since webhook URLs are typically publicly accessible, these requests should also be verified using the hash_key to ensure request authenticity.
For 3D Secure payments, the status parameter can be set to 0 or 1.
For the Recurring Webhook, the $status parameter can be Completed or Fail.
For Refund Webhook, the status parameter can be Completed or Fail.
Python
Shell
Go
JavaScript
Java
Swift
C
C#
Ruby
Dart
R
Modified at 2026-04-29 07:20:15
Previous
Hash Creation
Next
Non-Secure Payment
Built with