Skip to main content

FAQ

HPM Link and Sign

Question: Is data.link always a single link?

Answer: Yes, a single payment link is generated for each payment request and returned in the data.link field.

Question: The sign field is not returned separately in JSON, does it only appear inside the link?

Answer: Yes. The sign value is generated in the query string part of the HPM link (e.g., …&sign=xxxxx) and is not returned as a separate field in JSON.

expiryUtc

Question: Is the expiryUtc format always ISO-8601?

Answer: Yes. expiryUtc is always returned in ISO-8601 format with UTC time.

Example "2025-12-01T15:15:13"

Authentication

Question: Is only X-Api-Key used?

Answer: No. Bearer token is used to access HPM services.

This token is obtained from https://pgw.netahsilatdemo.com/auth/api/token/connect using

ApiKey and SecretKey credentials.

To obtain these credentials:

  • The relevant site must have an HPM service license.

  • The relevant endpoint must be active in the Service Permissions section.

User Verification Behavior

Question: What values can userVerificationBy take?

Answer

  • Id

  • Email

  • Tckn

  • Gsm

Question: What does userVerificationFailBehavior do, and what are the possible behaviors?

Answer

  • Throw Error → If verification fails, the transaction results in an error.

  • Create New Customer → ("Create") If the user cannot be found, a new customer record is created in Finrota.

  • Continue with Default User → If the user cannot be found, the transaction is carried out with the predefined default user.

additionalData

Question: What is the additionalData field used for?

Answer: This field is used to fill dynamic fields defined on the portal. Keys are associated with the dynamic field codes/names, and values can be sent as strings.