Skip to main content

Payment Initiation and Completion

  • Endpoint: /pws/payment
  • HTTP Method: POST
  • Request Content-Type: application/json
  • Response Content-Type: application/json
  • Authorization: Valid AccessToken is required. (See: 2. Authentication – Obtaining AccessToken)

Description

This service initiates a card payment.

  • 3D Payment: Returns redirectUrl for the bank OTP (3D Secure) step; the user completes OTP on the bank's page. Then the transaction is automatically finalized via autoCommit (success/failure).

  • Non-3D Payment: If the bank-side authorization is successful, the transaction is completed immediately without OTP (autoCommit happens instantly); redirectUrl is not returned.

Important: The transactionStatusId field indicates the flow status (see “Status Codes” section).

Header Information

Header NameRequiredDescription
AuthorizationYesValid token in Bearer {AccessToken} format.
Content-TypeNoapplication/json

Request Body

Top-Level Fields

FieldTypeRequiredDescription
agentCodestringYesTransaction owner agent/sub-agent/customer code (mandatory per system rules)
amountnumberYesTransaction amount
installmentintYesNumber of installments (1 for single payment)
tenantPosIdstringYesTenant ID of the POS to be used (GUID)
paymentSetDefinitionIdstringYesPayment set ID (GUID)
currencyCodestringYesCurrency (e.g., TRY)
use3DbooleanYesWhether to use 3D Secure
returnUrlstringYes for 3DReturn URL after OTP completion in 3D flow
clientOrderReferenceCodestringNoMerchant/app order reference (recommended for idempotency tracking)
contactobjectYesCardholder contact information (below)
cardobjectYesCard information (below)

contact Field

FieldTypeRequiredDescription
namestringYesFirst name
surnamestringYesLast name
emailstringYesEmail
tcknstringNoNational ID (may be mandatory per local regulations)
descriptionstringNoDescription
phonestringNoMobile number

card Field

FieldTypeRequiredDescription
cardNumberstringYesCard number (PAN)
cardHolderNamestringYesName on the card
cvvstringYesSecurity code
expMonthintYesExpiration month (1–12)
expYearintYesExpiration year (YYYY)

Response Structure

Root Fields

FieldTypeDescription
messagestring/nullGeneral message
statusCodeintHTTP-like status code (transactional)
exceptionsanyError details (if any)
dataobjectTransaction result
oldDataanyHistorical data (if any)
errorsanyList of errors (if any)

data Object

FieldTypeDescription
redirectUrlstring/nullRedirect URL for OTP in 3D flow; null in non-3D flow
referenceNumberstringSystem reference number (e.g., NTH2P00000002248)
transactionStatusIdintTransaction status code (see “Status Codes”)
errorMessagestring/nullBank/transaction error message (if any)
errorCodestring/nullBank/transaction error code (if any)
isMembershipCompletedbooleanStatus related to membership/registration (if any)
currentAccountIdstring/nullRelated current account ID (if any)
bonusTextstring/nullBonus/points information (if any)
memberIdstring (GUID)Member/customer ID
transactionIdstring (GUID)Transaction ID
remainingErrorCountint/nullRemaining retry count (if any)

Flows (Step by Step)

3D Payment Flow (use3D: true)

  1. Payment Request (POST /pws/payment)

    If the request is valid, the response returns data.redirectUrl and referenceNumber; transactionStatusId is typically 4: “Waiting for 3D verification”.

  2. OTP Step (Bank’s 3D Page)

    Customer is redirected to redirectUrl and completes OTP verification on the bank's page. Bank communicates the result (success/failure) to the payment system.

  3. AutoCommit (Automatic Completion)

    • If OTP is successful: Transaction is successfully completed.
    • If OTP is unsuccessful: Transaction fails.

  4. Query Final Status (Recommended)

    Confirm transaction status via /pws/payment/transaction or subsequent steps like cancel/refund.

**`POST https://pgw.netahsilatdemo.com/pws/payment`** 

{  
"contact": {  
"name": "John",  
"surname": "Doe",  
"email": "[email protected]",  
"tckn": "00000000000",  
"description": "test",  
"phone": "5000000000"  
},  
"card": {  
"cardNumber": "4155650100416111",  
"cardHolderName": "Test Test",  
"cvv": "715",  
"expMonth": 1,  
"expYear": 2050  
},  
"agentCode": "NT53240185",  
"amount": 52,  
"installment": 1,  
"tenantPosId": "384badef-11ec-ee11-98f2-005056b0d2e5",  
"paymentSetDefinitionId": "504978bf-bebd-40c5-89aa-b76f3a20341c",  
"currencyCode": "TRY",  
"use3D": true,  
"returnUrl": "https://google.com",  
"clientOrderReferenceCode": "11001122010"  
}

Post-OTP

  • OTP successful → system autoCommits and transaction is completed.
  • OTP failed → transaction cannot be completed.

Non-3D Payment Flow (use3D: false)

  1. Payment Request (POST /pws/payment)

    Bank authorization is evaluated instantly. If successful, transaction is completed immediately (redirectUrl = null).

  2. AutoCommit (Instant)

    No OTP because 3D is not used; transaction immediately transitions to success/failure final status based on bank response.

  3. Query Final Status (Optional/Recommended)

    Use /pws/payment/transaction for confirmation/reporting.

POST https://pgw.netahsilatdemo.com/pws/payment  
{  
"contact": {  
"name": "John",  
"surname": "Doe",  
"email": "[email protected]",  
"tckn": "00000000000",  
"description": "test",  
"phone": "5000000000"  
},  
"card": {  
"cardNumber": "4155650100416111",  
"cardHolderName": "Test Test",  
"cvv": "715",  
"expMonth": 1,  
"expYear": 2050  
},  
"agentCode": "NT53240185",  
"amount": 53,  
"installment": 1,  
"tenantPosId": "384badef-11ec-ee11-98f2-005056b0d2e5",  
"paymentSetDefinitionId": "504978bf-bebd-40c5-89aa-b76f3a20341c",  
"currencyCode": "TRY",  
"use3D": false,  
"returnUrl": "https://google.com",  
"clientOrderReferenceCode": "11001122011"  
}

Note: In non-3D flow, there is no OTP. transactionStatusId mostly returns 1 (Success); in failure cases, appropriate error details (errorCode, errorMessage) may be returned.

Status Codes (transactionStatusId) – Example Mapping

Note: Actual/final values may vary depending on system setup; the mapping below is for documentation purposes.

CodeStatusDescription
1Payment SuccessfulAuthorization + capture completed
2Payment FailedBank/transaction error
3Pending / In ProgressAsynchronous/intermediate state
4Waiting for 3D VerificationredirectUrl returned, OTP result pending
5CancelledCancelled afterwards
6Refunded / Partial RefundRefunded afterwards

### Notes & Best Practices {#notes-and-best-practices}

  • 3D (OTP) Flow: If use3D=true, returnUrl must be valid. OTP result is captured by the system and finalized via autoCommit.

  • Non-3D Flow: No OTP; finalized immediately based on bank response.

  • Authorized Payment: If Payment Set “Payment Type” is set to Authorization, the transaction occurs as authorized.

  • POS/Set Sync: tenantPosId and paymentSetDefinitionId must align with /pws/paymentOptions outputs (installment/commission selection is determined here).

  • Idempotency: If multiple attempts for the same order are possible, clientOrderReferenceCode should be unique.

  • Installment Rules: There may be installment restrictions based on card program/BIN; pre-validation via /pws/paymentOptions/{bin} is recommended.

  • Error Handling: errorCode + errorMessage fields provide root cause of bank/transaction errors. Retry policies should be based on these codes.

  • Security: Send card data only over TLS 1.2+; comply with PCI-DSS; do not log card data.

  • Status Query: If transaction outcome is critical, verify final status using /pws/payment/transaction via reference number.

  • Next Steps: For successful transactions requiring cancel/refund, use /pws/payment/cancel and /pws/payment/refund endpoints.