# Retrieve Shopping Credit

The shopping credit inquiry process consists of 2 stages. Therefore, it is important to integrate the 2 inquiry methods mentioned below in order to successfully display the result of the credit process to the end user at all stages.

### Steps

1. [Shopping Credit Retrieve (CallbackURL)](#step-1-shopping-credit-retrieve-callbackurl)
2. [Shopping Credit Retrieve (Webhook)](#step-2-shopping-credit-retrieve-webhook)

### Step 1 - Shopping Credit Retrieve (CallbackURL)

Since the Shopping Credit process is an asynchronous process, the credit process may have different statuses. In these cases, when the token value sent to the callbackURL address given when creating the payment form is queried by the merchant, **INIT\_CREDIT** and **PENDING\_CREDIT** statuses will be returned to the **paymentStatus** field from the parameters returned from the service. It is expected that these two values can be read by the workplace and the relevant action can be taken.

When the button continues to the selected bank screen, the bank screen will be redirected and the **paymentStatus** parameter **INIT\_CREDIT** value will be set. This status status, which is initiated when the customer clicks the continue button on the bank screen, will be set as status **FAILURE** by iyzico after a maximum of **20 minutes** if no action is taken on the screens. The validity period of the bank screen is maximum 20 minutes.

If the credit transaction falls into the flow of becoming a new customer on the bank's side, **PENDING\_CREDIT** status will be returned from the service when the **paymentStatus** field is queried. The process of becoming a new customer can take up to 65 minutes on the bank's side.

{% hint style="info" %}
**NOTE :** Depending on the credit response from the bank, it is recommended that our member businesses carry out stock tracking and control within a maximum of 1 hour.
{% endhint %}

#### Retrieve Shopping Credit Request (CallbackURL)

You can access the **Pay with iyzico** Inquiry document, which you will use to inquire about Shopping Credit via callback address, by clicking on the card below.

<table data-card-size="large" data-view="cards"><thead><tr><th data-type="content-ref"></th></tr></thead><tbody><tr><td><a href="../../../payment-methods/paywithiyzico/pwi-implementation/pwi-retrieve">pwi-retrieve</a></td></tr></tbody></table>

For the end user who has successfully completed the shopping credit process via **Pay with iyzico**, when the relevant token value is queried, if the **paymentStatus** value in the response is **SUCCESS**, the shopping credit process has been successfully completed. If the application fails, the relevant value will be returned as **FAILURE**.

### Step 2 - Shopping Credit Retrieve (Webhook)

You can access the document you will use to inquire about Shopping Credit via webhook by clicking on the card below.

<table data-card-size="large" data-view="cards"><thead><tr><th data-type="content-ref"></th></tr></thead><tbody><tr><td><a href="../../../advanced/webhook">webhook</a></td></tr></tbody></table>

The Shopping Credit flow is structurally an asynchronous process. For this reason, it is necessary to successfully monitor the completion of the relevant process during the completion of the process. In this entire process, in addition to the checks to be made by the member business with the **iyzico Webhook Notification system** integration, iyzico sends JSON Payload via HTTP 15 seconds after the transaction for each payment event. This request repeats up to **3 times at 10-minute** intervals unless a **200 response** is received from your application and notifies the merchant of the result of the relevant credit process.

For payments received through the iyzico payment form, since the payment result is transmitted through the browser, payments that cannot be captured due to user/browser or server fluctuations can be captured with the webhook solution. When the webhook is opened for your account, the system also sends the token and payment status to the URL you specify. When the token information received via the browser cannot be accessed, the token information received via notification can be processed into the system. If the token sent through the browser has been captured and processed, the notification may be ignored.

The webhook solution can also be used to activate your services such as analysis, alerting and reporting.

{% hint style="info" %}
**NOTE :** Companies that do not perform Notification Validation must send a retrieve request to verify after receiving the webhook notification.
{% endhint %}

**Notification Validation**

The **X-IYZ-SIGNATURE** value sent in the header can be used to validate that the request came from iyzico.

The **X-IYZ-SIGNATURE** value is obtained by combining and hashing the following parameters as strings in the given order.

**Validation for Shopping Credit**

The Secret Key you have, the eventType and token information sent with the notification are combined as a string and hashed with Sha1. The base64 enconde output of the result received should be equal to the **X-IYZ-SIGNATURE** value.

<table><thead><tr><th width="125">No</th><th width="216">Parameter</th><th>Description</th></tr></thead><tbody><tr><td>1</td><td>secretKey</td><td>Security key owned by the member business</td></tr><tr><td>2</td><td>iyziEventType</td><td><p>Specifies the request type. Values it can take :<br>- CREDIT_PAYMENT_INIT,<br>- CREDIT_PAYMENT_PENDING,</p><p>- CREDIT_PAYMENT_AUTH</p></td></tr><tr><td>3</td><td>token</td><td>Token information produced for the relevant payment</td></tr></tbody></table>

**Hash Structure for "Pay with iyzico" and Shopping Credit**

```
final String stringToBeHashed = new StringBuilder("secretKey")
.append(request.getIyziEventType())
.append(request.getToken()) .toString();
```

The created string is formatted as base64 encode.

```
String hash = Base64.encodeBase64String(DigestUtils.sha1(stringToBeHashed));
```