Sale - With 3D Secure

- Sale Transaction with 3D secure needs two extra parameters use3d and return_url.
- Please also check the regular Sale Transaction to know how to use TOKEN and installments

- Stage A: you need to send Sale request with use3d and return_url.
- Stage B: you will receive HTML response if 3D secure is established successfully.
- Stage C: you need to render (print) the HTML response to the browser, after that 3D secure OTP bank page will appear, card holder can continue the process.
- Stage D: after the card holder finish the process, Payfull will return and post the results (as JSON) to your return_url.

Important Notes
- if the 3D secure is not established successfully, you will receive JSON response about the results instead of HTML response in Stage B.
- In the results of Stage D there will be a hash parameter contains the hash value from Payfull side to help the merchant in authentication process.

Request parameters

merchant: required

merchant name which you created in your Payfull account.

type: required

Transaction type should be Sale.

total: required

The total amount of the payment EX: 10.23 .

cc_name: required

Card Holder Name

cc_number: required

Card Number 16 digits EX: 4111111111111111

cc_month: required

Card expiry month EX: 05

cc_year: required

Card expiry year EX: 2017

cc_cvc: required

Card cvv/cvc EX: 000

currency: required

Currency can be TRY/USD/EUR/GBP

installments: required

Installments number, for no installment use 1

campaign_id: optional

Set Campaign id if you would like to use extra installments, please check how to get the extra installments and campaign id here

language: required

Response message language can be en / tr

client_ip: required

The client IP who uses the application which sends the request to the API.

payment_title: required

For each sale transaction you have to give a name for it EX: sell cup transaction

use3d: required

This parameter must be set to 1 to have 3D secure transaction, otherwise, it will be regular transaction

return_url: required

The results of 3D secure transaction will be posted to this URL

gateway: optional

For each bank, there is a different gateway in installment mode EX: asseco / iyzico / payU...etc
if there are installments, it will be required

customer_firstname: required

Firstname of the buyer

customer_lastname: required

Lastname of the buyer

customer_email: required

Email of the buyer

customer_phone: required

Phone number of the buyer

customer_tc: optional

TC number of the buyer

passive_data: optional

This parameter can take any passive data, then API will save it and return it to the caller in the response.
(note:please do not use this to send an important data like card numbers or passwords).

merchant_trx_id: optional

This parameter is for defining and sending a unique id value for the operation. You need to use this value for Transaction Status Information that you generated before.

hash: required

Generated hash code on the caller side

To generate the hash code please follow the steps below:

• - Arrange the parameters alphabetically from A to Z
• - Create a parameters string which has the length for each parameters with its value side by side
• - Create the sha256 hash code from the parameters string and pass the merchant password as Shared secret key
• - Add the hash code to the request parameters

Sample request

merchant: merchant name
type: Sale
total: 23.02
cc_name: ALI
cc_number: 4111111111111111
cc_month: 09
cc_year: 2024
cc_cvc: 000
currency: TRY
installments: 1
language: tr
client_ip: 192.168.1.1
payment_title: just payemnt title
use3d: 1
return_url: https://your_Application/return3D bank_id: Akbank
gateway: 160
customer_firstname: ALI
customer_lastname: MUHAMAD
customer_email: alitestemail@gmail.com
customer_phone: 5394659832
customer_tc: 12590326514
passive_data: just any passive data
hash: 14339MjuG01015018

Sample Response

{
"type":"Sale",
"status":1,
"transaction_id":"T4U_7dd053f6b8_d9a58906b",
"ErrorMSG":"Success Transaction",
"ErrorCode":"00",
"passive_data":" just any passive data",
"original_currency":"TRY",
"total":23.02,
"currency":"TRY",
"conversion_rate":1,
"bank_id":"Akbank",
"use3d":1,
"installments":1,
"time":"08-09-2016 02:53:25"
hash: 14339MjuG01015018
}

PHP Example

$api_url = 'https://yourSubDomain.payfull.com/integration/api/v1'; $merchantPassword = 'your merchant password'; $params = array( "merchant" => 'your merchant name', "type" => 'Sale', "total" => '1.01', "cc_name" => 'Mohammad' "cc_number" => '4111111111111111', "cc_month" => '12', "cc_year" => '2030', "cc_cvc" => '000', "currency" => 'TRY', "installments" => 1, "language" => 'tr', "client_ip" => '192.168.1.1', "payment_title" => 'test payment title', "use3d" => '1', "return_url" => 'https://your_Application/return3D', "bank_id" => 'Akbank', "gateway" => '160', "customer_firstname" => 'ALI', "customer_lastname" => 'MUHAMAD', "customer_email" => 'alitestemail@gmail.com', "customer_phone" => '5394659832', "customer_tc" => '12590326514', "passive_data" => 'write here what you like', ); ksort($params); $hashString = ""; foreach ($params as $key=>$val) { $l = mb_strlen($val); if($l) $hashString .= $l . $val; } $params["hash"] = hash_hmac("sha256", $hashString, $merchantPassword); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $api_url); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 60); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params)); $response = curl_exec($ch); $curlerrcode = curl_errno($ch); $curlerr = curl_error($ch); var_dump(json_decode($response));