Authentication for iyzico services aligns with Basic Auth principles, while enhancing security through a precise sequence of encryption techniques, including PKI string, Base64, and SHA-1 hashing.
To access our API securely, authentication is required. Authentication is achieved through the inclusion of an API Keyand pkiStringtogether in the header of your HTTP requests.
POST /payment/iyzipos/checkoutform/initialize/auth/ecom HTTP/1.1Host:sandbox-api.iyzipay.comAuthorization:IYZWS sandbox-Uc8cxE7Y2c1kXdJ7JyiSgkyCSW8m8pth:mo75MZlJ73ycrsRzuIK2WVrPb9c=Content-Type:application/json
Overview
Here's a breakdown of the required components:
apiKey: Your unique API key assigned to your account.
x-iyzi-rnd: A randomly generated number included in the request header for each API call.
secretKey: Your secret key associated with your account.
requestString: The serialized version of the request payload parameters.
Authentication can be divided into three sequential steps:
requestString
SHA1 and base64
Authorization
1. requestString
The requestString represents a parsed version of the request payload, having undergone combined parsing operations. These operations include clearing all null spaces, converting colons (:) to equals (=), and removing any occurrences of double quotation marks (").
iyzico API services require the use of dots (.) for decimal numbers.
With in a sample, below you may find a dummy Bin Check request curl;
Assuming that the requestString has been generated correctly, it is now time for SHA1 and Base64 encryptions. The pkiString process entails generating a hash using SHA1 encryption and subsequently encoding it in Base64.
The signature is generated using the following formula, relatively;