Webhooks
When a payment attemt is made, it is possible to receive the transaction result via notification. iyzico is able to send a notification for every payment event. First notification is sent after 15 seconds later of processing the payment. It is a JSON Payload and server to server HTTP request. iyzico keeps continue sending notification every 10 minutes until your server respond with a status of 200. Each notification has to stop after 3 attempts after payment attempt.
NOTIFICATION FOR API AUTH and 3DS AUTH PAYMENTS
The post body contains below parameters.
| Parametere | Type | Description |
|---|---|---|
| iyziEventTime | long | Unix timestamp value of first notification. |
| iyziEventType | string | Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH |
| iyziReferenceCode | string | A unique reference code for the notification |
| paymentId | long | Unique iyzico reference code of realted payment |
| paymentConversationId | string | Merchant's reference id for the related payment |
| status | string | Payment status. Values: SUCCESS, FAILURE |
NOTIFICATION FOR CHECKOUT FORM AND BANK TRANSFER
The post body contains below parameters.
| Parameter | Type | Description |
|---|---|---|
| iyziEventTime | long | Unix timestamp value of first notification |
| iyziEventType | string | Shows the request type. VALUES: API_AUTH, THREE_DS_AUTH, BKM_AUTH |
| iyziReferenceCode | string | A unique reference code for the notification |
| token | string | The token generated for the related payment |
| status | string | Payment status. Values: SUCCESS, FAILURE |
VALIDATION OF NOTIFICATIONS
In order to understand that the request is coming from iyzico, you can use "X-IYZ-SIGNATURE" value in header.
iyzico puts X-IYZ-SIGNATURE parameter to the header and its value can be created with only merchant's secret key.
VALIDATION OF INCOMING NOTIFICATION(API AUTH ve 3DS AUTH)
A string with secret Key, eventType and paymentId should be created with the given order below. This string should be encrypted with Sha1 and the result should be encoded with base 64. Final value should should be equal to X-IYZ-SIGNATURE in the header
| Order | Parameter | Description |
|---|---|---|
| 1 | secretKey | Merchant's secret key |
| 2 | iyziEventType | Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH |
| 3 | paymentId | Unique iyzico reference code of realted payment |
final String stringToBeHashed = new StringBuilder("secretKey")
.append(request.getIyziEventType())
.append(request.getPaymentId())
.toString();String should be encoded with base64 after SHA1 encryption.
String hash = Base64.encodeBase64String(DigestUtils.sha1(stringToBeHashed));
VALIDATION OF INCOMING NOTIFICATION(CHECKOUT FORM AND BANK TRANSFER)
A string with secret Key, eventType and token should be created with the given order below. This string should be encrypted with Sha1 and the result should be encoded with base 64. Final value should should be equal to X-IYZ-SIGNATURE in the header
| Order | Parameter | Description |
|---|---|---|
| 1 | secretKey | Merchant's secret key |
| 2 | iyziEventType | Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH |
| 3 | token | The token generated for the related payment |
final String stringToBeHashed = new StringBuilder("secretKey")
.append(request.getIyziEventType())
.append(request.getPaymentId())
.toString();String should be encoded with base64 after SHA1 encryption.
String hash = Base64.encodeBase64String(DigestUtils.sha1(stringToBeHashed));
Activating Webhook
To be able to get notfication, please go to Settings -> Merchant Settings on iyzico merchant panel, enter the url(https) that you want to get notifications and activate Merchant Notifications setting.
