1. Non-Secure Payment
SA
  • Overview
    • Getting Started
  • Authentication
    • Token Generation
      POST
  • Commission
    • Commission
      POST
  • HASH
    • Hash Creation
    • Hash Validation
  • Non-Secure Payment
    • Non-Secure Payment Flow
    • Non-Secure Card Payment
      POST
    • Non-Secure Pre-Authorization Payment
      POST
    • Confirm Payment
      POST
  • 3D Secure Payment
    • 3D Secure Payment Flow
    • 3D Secure Card Payment
      POST
    • 3D Secure Pre-Authorization Payment
      POST
    • Complete Payment
      POST
    • Confirm Payment
      POST
  • Non-Secure and 3D Payment with Sipay
    • Non-Secure and 3D Secure Payment with Sipay
      POST
  • Check Status
    • Check Status
      POST
  • Refund
    • Refund
      POST
  • Webhook
    • Webhook
  • Status Codes
    • Status Codes
  1. Non-Secure Payment

Non-Secure Pre-Authorization Payment

Testing
POST
/ccpayment/api/paySmart2D
Pre-authorization is a process in which a card's available limit is temporarily reserved for a payment transaction.
The amount is not immediately captured from the card, but it is blocked from the cardholder’s available balance.

1. Initiating Pre-Authorization#

For Non-Secure Payments, all required parameters must be provided.
To initiate a pre-authorization transaction, the transaction_type parameter must be set to PreAuth.
The customer submits a pre-authorization request along with the payment:
The amount to be blocked is specified
Card details are included

Confirm Pre-Authorization Payment#

The payment status will be Pre-Authorization.
After that, the Confirm Payment Endpoint must be called.
The Confirm Payment process should be completed or canceled within approximately 20 days. If not completed or canceled within this period, the payment will be automatically canceled.
If the Confirm Payment endpoint is called, the payment status will be updated to either:
Pre-Auth Approved – if the payment is successfully confirmed.
Pre-Auth Declined – if the payment confirmation fails.

The hash key must be sent in the request.
Sample hash keys can be found in the request form panel on the side, corresponding to the selected programming language.

Request

Authorization
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Body

⚪1Failed
Request Request Example
Shell
JavaScript
Java
Swift
HASH
generate_hash_key() {
  local total="$1"
  local installment="$2"
  local currency_code="$3"
  local merchant_key="$4"
  local invoice_id="$5"
  local app_secret="$6"

  local data="${total}|${installment}|${currency_code}|${merchant_key}|${invoice_id}"

  local rand1
  rand1=$(openssl rand -hex 16)
  local iv
  iv=$(printf "%s" "$rand1" | openssl sha1 | awk '{print $2}' | cut -c1-16)

  local password
  password=$(printf "%s" "$app_secret" | openssl sha1 | awk '{print $2}')

  local rand2
  rand2=$(openssl rand -hex 16)
  local salt
  salt=$(printf "%s" "$rand2" | openssl sha1 | awk '{print $2}' | cut -c1-4)

  local salt_with_password
  salt_with_password=$(printf "%s" "${password}${salt}" | openssl sha256 | awk '{print $2}' | cut -c1-32)

  local key_hex
  key_hex=$(printf "%s" "$salt_with_password" | xxd -p -c 256)

  local iv_hex
  iv_hex=$(printf "%s" "$iv" | xxd -p -c 256)

  local encrypted_base64
  encrypted_base64=$(printf "%s" "$data" | openssl enc -aes-256-cbc -K "$key_hex" -iv "$iv_hex" -base64)

  local msg_encrypted_bundle="${iv}:${salt}:${encrypted_base64}"
  msg_encrypted_bundle="${msg_encrypted_bundle//\//__}"

  echo "$msg_encrypted_bundle"
}

#Parameters

total=""
installment=""
currency_code=""
merchant_key=""
invoice_id=""
app_secret=""

result=$(generate_hash_key "$total" "$installment" "$currency_code" "$merchant_key" "$invoice_id" "$app_secret")
echo "$result"
Response Response Example
200 - Success
{
    "status_code": 100,
    "status_description": "Payment process successful",
    "data": {
        "sipay_status": 1,
        "order_no": "VP17743537462607531",
        "order_id": "VP17743537462607531",
        "invoice_id": "preauth-deneme12345",
        "sipay_payment_method": 1,
        "credit_card_no": "450803****4509",
        "transaction_type": "Pre-Authorization",
        "payment_status": 1,
        "payment_method": 1,
        "error_code": 100,
        "error": "",
        "auth_code": "P38522",
        "merchant_commission": 0.1,
        "user_commission": 0,
        "merchant_commission_percentage": 2,
        "merchant_commission_fixed": 0,
        "installment": 1,
        "amount": 5,
        "payment_reason_code": "",
        "payment_reason_code_detail": "",
        "hash_key": "731092f9125b0a94:4678:3daVYe4QTo5HfV5n48E7Cb42u2LPIY0lpz+KP+ABA5aR0NxMKsBN11yuOx9IJtdR",
        "original_bank_error_code": "",
        "original_bank_error_description": "",
        "host_reference_id": "608300512593"
    }
}
Modified at 2026-04-29 07:29:57
Previous
Non-Secure Card Payment
Next
Confirm Payment
Built with