Payment with GarantiPay

To get paid with GarantiPay, the first step is to initiate a payment on Craftgate. Afterwards, the payment process is completed by the user through BonusFlaş mobile application. Later, the merchant is triggered with the payment status information who has been given callback URL address in the payment initiation request.

Payment initiation with GarantiPay


The endpoint and http method information to make a payment with GarantiPay are stated below.

POST /payment/v1/garanti-pay-payments

Payment initiation request parameters

Parameter Name Type Required Description
conversationId string No "boomerang" value that can be sent with the request and received with the response. It can be used to associate different requests with each other. Usually, the order number is used that is stored in merchant own system.
externalId string No It is generally used as a payment order number or basket number on the merchant side. You can search with this value later by using reporting services.
price decimal Yes Total basket price. The sum of the item prices in the basket must be equal to total basket price.
paidPrice decimal Yes The final amount to be paid from the card by calculating differences such as commissions and discounts. The amount to be collected from the wallet is also included in this amount. If there is an interest in the transaction, the amount with the interest added should be entered in this parameter.
installments GarantiPayInstallment[] No See: GarantiPay Installment Information Installment options that is shown to the user. If not sent, payment processed as cash.
buyerMemberId number No ID of the buyer that is returned from member creation.
currency Currency Yes See: Currencies
paymentGroup PaymentGroup No See: Payment Groups
paymentChannel string No It is generally used to keep information specific to the payment channel on the merchant side. You can search with this value later by using reporting services.
callbackUrl string Yes The URL to be used to send the result returned from the bank to the merchant
bankOrderId string No Order id parameter to be transmitted to the bank when receiving the payment. Since it is optional, it is recommended not to send it and the orderId value is generated by Craftgate.
clientIp string No IP of the buyer.
posAlias string No Represents the POS that payment will be collected.
items PaymentItem[] Yes (See. Payment Item Information) Payment items related to payment. You must send at least one payment item and the sum of prices must be equal to the price field.

GarantiPay Installment Information

Value Description
number Installment number
totalPrice Total amount to be collected

Response Parameters

The parameters returned as a result of the payment transaction with GarantiPay are subject to the rules specified in the Response Formats section of the API documentation home page. In the absence of a systematic or fictional error, the sub-parameters of the object returned in the data parameter are as follows:

Parameter Name Type Always Exist Description
htmlContent string Yes GarantiPay HTML that will be shown to user. Return value must be base64-decoded.

Parameters Forwarded to Callback URL

The following parameters are forwarded as form variables using the HTTP POST method. The parameters included in the request to callbackUrl by Craftgate after validation are as follows:

Parameter Name Type Always Exist Description
status string Yes Represents GarantiPay verification status. Returns SUCCESS or FAILURE.
conversationId string No Value of theconversationId parameter sent in the 3DSecure payment initiation
paymentId number No ID of the payment which is sent when the verification is successful.
callbackStatus string No Sent as a parameter, n case the bank or end user triggers the 3DS verification step again and the payment has been verified before. Status parameter will be FAILURE and callbackStatus parameter will be ALREADY_RETURNED. In case this field comes with the value of ALREADY_RETURNED, the status of the payment should be checked in your system and no action should be taken if it is completed.
conversationData string No Returns this security parameter when response status success. Need to send this value in complete step.
hash string Yes Response parameters hash value with Sha-256 Hex algorithm. You can find details below on "Creating Hash Value".

Creating Hash Value

You can make hash validation response with your hash value. You need to use Sha-256 Hex Algorithm to create hash value.

  • You can reach 32 characters key value from following: Merchant Panel -> Yönetim -> Üye İşyeri Ayarları -> "Üye İşyeri 3DSecure Callback Key"
  • You need to prepare input value as in order. Also you need to put "###" as delimiter between parameters.
  • For null values please put empty string ("").


Example of hashing procedure for following response is below. Assume that Üye İşyeri 3DSecure Callback Key value as "merchantThreeDsCallbackKeySndbox".

    "status": "SUCCESS",
    "conversationId": "456d1297-908e-4bd6-a13b-4be31a6e47d5",
    "paymentId": 1,
    "callbackStatus": null,
    "conversationData": null
    "hash": "e0d434155be00b99dda2c6175e3f66b7853ef352338f2f7077161700d9da262a"

Input value for hashing should be like:


You can hash this value via Sha-256 Hex algorithm with Üye İşyeri 3DSecure Callback Key value. Result must be equal with hash value which contains in response.

Sample Codes

You can review the sample codes in the open source Craftgate API clients.

Payment initiation with GarantiPay