Webhooks

When a payment attemt is made, it is possible to receive the transaction result via notification. iyzico is able to send a notification for every payment event. First notification is sent after 15 seconds later of processing the payment. It is a JSON Payload and server to server HTTP request. iyzico keeps continue sending notification every 15 minutes until your server respond with a status of 200. Every notification is forced to stop after 24 hours later from payment attempt.

NOTIFICATION FOR API AUTH and 3DS AUTH PAYMENTS

The post body contains below parameters.

Parametere Type Description
iyziEventTime long Unix timestamp value of first notification.
iyziEventType string Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH
iyziReferenceCode string A unique reference code for the notification
paymentId long Unique iyzico reference code of realted payment
paymentConversationId string Merchant's reference id for the related payment
status string Payment status. Values: SUCCESS, FAILED

NOTIFICATION FOR CHECKOUT FORM AND BANK TRANSFER

The post body contains below parameters.

Parameter Type Description
iyziEventTime long Unix timestamp value of first notification
iyziEventType string Shows the request type. VALUES: API_AUTH, THREE_DS_AUTH, BKM_AUTH
iyziReferenceCode string A unique reference code for the notification
token string The token generated for the related payment
status string Payment status. Values: SUCCESS, FAILED

VALIDATION OF NOTIFICATIONS

In order to understand that the request is coming from iyzico, you can use "X-IYZ-SIGNATURE" value in header.

iyzico puts X-IYZ-SIGNATURE parameter to the header and its value can be created with only merchant's secret key.

VALIDATION OF INCOMING NOTIFICATION(API AUTH ve 3DS AUTH)

A string with secret Key, eventType and paymentId should be created with the given order below. This string should be encrypted with Sha1 and the result should be encoded with base 64. Final value should should be equal to X-IYZ-SIGNATURE in the header

Order Parameter Description
1 secretKey Merchant's secret key
2 iyziEventType Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH
3 paymentId Unique iyzico reference code of realted payment
final String stringToBeHashed = new StringBuilder("secretKey")
                .append(request.getIyziEventType())
                .append(request.getPaymentId())
                .toString();

String should be encoded with base64 after SHA1 encryption.

String hash = Base64.encodeBase64String(DigestUtils.sha1(stringToBeHashed));

VALIDATION OF INCOMING NOTIFICATION(CHECKOUT FORM AND BANK TRANSFER)

A string with secret Key, eventType and token should be created with the given order below. This string should be encrypted with Sha1 and the result should be encoded with base 64. Final value should should be equal to X-IYZ-SIGNATURE in the header

Order Parameter Description
1 secretKey Merchant's secret key
2 iyziEventType Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH
3 token The token generated for the related payment
final String stringToBeHashed = new StringBuilder("secretKey")
                .append(request.getIyziEventType())
                .append(request.getPaymentId())
                .toString();

String should be encoded with base64 after SHA1 encryption.
String hash = Base64.encodeBase64String(DigestUtils.sha1(stringToBeHashed));

Activating Webhook

To be able to get notfication, please go to Settings -> Merchant Settings on iyzico merchant panel, enter the url(https) that you want to get notifications and activate Merchant Notifications setting.