Skip to main content

Dealer Payment Initiation and Completion

  • Endpoint: /vpws/payment
  • HTTP Method: POST
  • Request Content-Type: application/json
  • Response Content-Type: application/json
  • Authorization: Valid AccessToken required.
    (See: 2. Authentication – Obtaining AccessToken)

Description

This service initiates a card payment through the POS assigned to the dealer.

The service supports

  • 3D (OTP verification)
  • Non-3D (direct, without OTP verification)

payment flows.

Within VPWS scope, the transaction is performed under the dealer identity linked to the AccessToken, not on behalf of the company.

Note: A dealer can only initiate transactions with tenantPosId values assigned to them.

Header Information

Header NameRequiredDescription
AuthorizationYesBearer {AccessToken}
Content-TypeYesapplication/json

Request Body

Top-Level Fields

FieldTypeRequiredDescription
amountnumberYesTransaction amount
installmentintYesNumber of installments (use 1 for single payment)
tenantPosIdstring (GUID)YesPOS identifier to be used
currencyCodestringYesISO 4217 currency code
use3DbooleanYesWhether to use 3D Secure
returnUrlstringYes for 3DRedirect URL after OTP
clientOrderReferenceCodestringNoDealer order reference (idempotency recommended)
contactobjectYesCardholder information
cardobjectYesCard information

contact Field

FieldTypeRequiredDescription
namestringYesFirst name
surnamestringYesLast name
emailstringYesEmail
tcknstringNoNational ID (regulation dependent)
descriptionstringNoDescription
phonestringNoMobile phone

card Field

FieldTypeRequiredDescription
cardNumberstringYesCard number (PAN)
cardHolderNamestringYesName on card
cvvstringYesSecurity code
expMonthintYesExpiration month (1–12)
expYearintYesExpiration year (YYYY)
{
  "contact": {
    "name": "test",
    "surname": "surname",
    "email": "[email protected]",
    "tckn": "23671373136",
    "description": "est",
    "phone": "5002583519"
  },
  "card": {
    "cardNumber": "4155650100416111",
    "cardHolderName": "Emre Çağlar",
    "cvv": "000",
    "expMonth": 12,
    "expYear": 2030
  },
  "amount": 250,
  "installment": 1,
  "tenantPosId": "03cbbf3e-ff9e-ee11-98ef-005056b0d2e5",
  "currencyCode": "TRY",
  "use3D": true,
  "clientOrderReferenceCode": "46548545646565",
  "returnUrl": "https://google.com"
}

Response Structure

data Fields

FieldTypeDescription
redirectUrlstring/nullOTP page URL for 3D flow
referenceNumberstringSystem reference number
transactionStatusIdintTransaction status code
errorMessagestring/nullError message
errorCodestring/nullError code
transactionIdstring (GUID)Transaction identifier

Flow Scenarios

3D Payment (use3D: true)

  1. /vpws/payment is called.
  2. redirectUrl is returned.
  3. User is redirected to bank's OTP page.
  4. OTP result is sent to the system.
  5. Transaction is automatically finalized (AutoCommit).

Non-3D Payment (use3D: false)

  1. Bank provision is obtained immediately.
  2. redirectUrl = null is returned.
  3. Transaction immediately enters final state.

Status Codes (transactionStatusId)

CodeDescription
1Successful
2Failed
3Processing / Pending

Example cURL

curl --location 'https://pgw.netahsilatdemo.com/vpws/payment' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {AccessToken}' \
--data '{ ... }'

Notes & Best Practices

  • A dealer can only transact with tenantPosId assigned to them.

  • In 3D flow, returnUrl is required.

  • For idempotency, clientOrderReferenceCode should be unique.

  • Card data must not be logged (PCI-DSS).

  • If the transaction result is critical, verification should be done with the 3.4 – Transaction Query service.

  • BIN-based validation (3.2) is recommended before payment.