{ "info": { "_postman_id": "provider-api-collection", "name": "Acid Panel - Provider API", "description": "Provider Integration API endpoints for Acid Panel", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "variable": [ { "key": "base_url", "value": "https://acidpanel.net", "type": "string" }, { "key": "api_key", "value": "YOUR_API_KEY", "type": "string" }, { "key": "secret_key", "value": "YOUR_SECRET_KEY", "type": "string" }, { "key": "credential_key", "value": "YOUR_SITE_CREDENTIAL_KEY", "type": "string" } ], "item": [ { "name": "1. Provider Welcome", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + timestamp)", "const hashInput = apiKey + secretKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{base_url}}/api/provider/welcome", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "welcome" ] }, "description": "Connection test endpoint. Verifies API credentials are working correctly.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + timestamp)\n- X-Timestamp: Unix timestamp" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/welcome", "host": ["{{base_url}}"], "path": ["api", "provider", "welcome"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"message\": \"Welcome, Provider Name!\",\n \"info\": \"Your API credentials have been verified successfully. Hope everything is going well on your end, partner!\",\n \"next_step\": \"You are now ready to proceed with the next steps.\",\n \"provider\": {\n \"id\": 1,\n \"name\": \"Provider Name\",\n \"is_active\": true\n },\n \"timestamp\": \"2025-12-03 12:00:00\"\n}" } ] }, { "name": "2. Provider Sites", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const key = 'your_verification_key'; // Change this value", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + key + timestamp)", "const hashInput = apiKey + secretKey + key + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "pm.request.headers.add({ key: 'X-Key', value: key });", "", "console.log('Timestamp:', timestamp);", "console.log('Key:', key);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{base_url}}/api/provider/sites", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "sites" ] }, "description": "Get all sites associated with your provider account.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + key + timestamp)\n- X-Timestamp: Unix timestamp\n- X-Key: Additional verification key\n\n**Important:** The hash includes the X-Key value!" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/sites", "host": ["{{base_url}}"], "path": ["api", "provider", "sites"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"provider\": {\n \"id\": 1,\n \"name\": \"Provider Name\"\n },\n \"total_sites\": 2,\n \"sites\": [\n {\n \"id\": 1,\n \"name\": \"Site 1\",\n \"is_active\": true,\n \"created_at\": \"2025-01-15 10:30:00\"\n }\n ],\n \"timestamp\": \"2025-12-03 12:00:00\"\n}" } ] }, { "name": "3. Start Manual Deposit", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + credential_key + timestamp)", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('API Key:', apiKey);", "console.log('Credential Key:', credentialKey);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "// Save tracking_code for callback testing", "if (pm.response.code === 200) {", " const response = pm.response.json();", " if (response.data && response.data.tracking_code) {", " pm.collectionVariables.set('last_tracking_code', response.data.tracking_code);", " console.log('Saved tracking_code:', response.data.tracking_code);", " }", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "X-Credential-Key", "value": "{{credential_key}}", "description": "Site Credential Key (must belong to your provider)" } ], "body": { "mode": "raw", "raw": "{\n \"fullname\": \"John Doe\",\n \"username\": \"johndoe123\",\n \"user_id\": \"12345\",\n \"amount\": 500\n}" }, "url": { "raw": "{{base_url}}/api/provider/start-manual-deposit", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "start-manual-deposit" ] }, "description": "Create a new manual IBAN deposit request for a customer.\n\n**2-Step Flow:**\n1. This endpoint creates a deposit record WITHOUT IBAN assignment\n2. Customer visits payment_url, confirms amount, then IBAN is assigned\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + credential_key + timestamp)\n- X-Timestamp: Unix timestamp\n- X-Credential-Key: Your Site Credential Key\n- Content-Type: application/json\n\n**Security:** The Credential Key must belong to your provider account.\n\n**Request Body:**\n- fullname: Customer's full name\n- username: Customer's username\n- user_id: Customer's user ID\n- amount: Deposit amount (minimum: 1)\n\n**Response:** Returns payment_url - redirect customer to this URL" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/start-manual-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "start-manual-deposit"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"message\": \"Manuel yatırım talebi başarıyla oluşturuldu\",\n \"data\": {\n \"tracking_code\": \"MAN-ABCD1234-1733275800\",\n \"payment_url\": \"https://acidpanel.net/deposit/track/abc123def456...\",\n \"site\": {\n \"id\": 12,\n \"name\": \"Hugobet.com\"\n },\n \"customer\": {\n \"fullname\": \"John Doe\",\n \"username\": \"johndoe123\",\n \"user_id\": \"12345\"\n },\n \"amount\": 500,\n \"status\": \"showing\",\n \"expires_at\": \"2025-12-04 02:10:00\",\n \"created_at\": \"2025-12-04 01:50:00\"\n },\n \"timestamp\": \"2025-12-04 01:50:00\"\n}" }, { "name": "Validation Error", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/start-manual-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "start-manual-deposit"] } }, "status": "Unprocessable Entity", "code": 422, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"error\": \"Validation failed\",\n \"messages\": [\n \"Customer full name is required\",\n \"Deposit amount is required\"\n ]\n}" }, { "name": "Invalid Credential Key", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/start-manual-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "start-manual-deposit"] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"error\": \"Invalid Credential Key\",\n \"message\": \"No site found with the provided credential key\"\n}" } ] }, { "name": "4. Start Manual Withdraw", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + credential_key + timestamp)", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('API Key:', apiKey);", "console.log('Credential Key:', credentialKey);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "// Save tracking_code for callback testing", "if (pm.response.code === 200) {", " const response = pm.response.json();", " if (response.data && response.data.tracking_code) {", " pm.collectionVariables.set('last_withdrawal_tracking_code', response.data.tracking_code);", " console.log('Saved withdrawal tracking_code:', response.data.tracking_code);", " }", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "X-Credential-Key", "value": "{{credential_key}}", "description": "Site Credential Key (must belong to your provider)" } ], "body": { "mode": "raw", "raw": "{\n \"fullname\": \"John Doe\",\n \"username\": \"johndoe123\",\n \"user_id\": \"12345\",\n \"iban\": \"TR330006100519786457841326\",\n \"amount\": 1000\n}" }, "url": { "raw": "{{base_url}}/api/provider/start-manual-withdraw", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "start-manual-withdraw" ] }, "description": "Create a new manual withdrawal request for a customer.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + credential_key + timestamp)\n- X-Timestamp: Unix timestamp\n- X-Credential-Key: Your Site Credential Key\n- Content-Type: application/json\n\n**Security:** The Credential Key must belong to your provider account.\n\n**Request Body:**\n- fullname: Customer's full name\n- username: Customer's username\n- user_id: Customer's user ID\n- iban: Recipient's IBAN (15-34 characters)\n- amount: Withdrawal amount (minimum: 1)\n\n**Response:** Returns tracking_code for status tracking" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/start-manual-withdraw", "host": ["{{base_url}}"], "path": ["api", "provider", "start-manual-withdraw"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"message\": \"Manuel çekim talebi başarıyla oluşturuldu\",\n \"data\": {\n \"tracking_code\": \"WIT-ABCD1234-1733275800\",\n \"site\": {\n \"id\": 12,\n \"name\": \"Hugobet.com\"\n },\n \"customer\": {\n \"fullname\": \"John Doe\",\n \"username\": \"johndoe123\",\n \"user_id\": \"12345\"\n },\n \"iban\": \"TR330006100519786457841326\",\n \"amount\": 1000,\n \"status\": \"pending\",\n \"created_at\": \"2025-12-04 01:50:00\"\n },\n \"timestamp\": \"2025-12-04 01:50:00\"\n}" }, { "name": "Validation Error", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/start-manual-withdraw", "host": ["{{base_url}}"], "path": ["api", "provider", "start-manual-withdraw"] } }, "status": "Unprocessable Entity", "code": 422, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"error\": \"Doğrulama hatası\",\n \"messages\": [\n \"Alıcı IBAN zorunludur\",\n \"Çekim tutarı zorunludur\"\n ]\n}" }, { "name": "Unauthorized Credential Key", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/start-manual-withdraw", "host": ["{{base_url}}"], "path": ["api", "provider", "start-manual-withdraw"] } }, "status": "Forbidden", "code": 403, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"error\": \"Yetkisiz Credential Key\",\n \"message\": \"Bu credential key sizin provider hesabınıza ait değil\"\n}" } ] }, { "name": "5. Start E-İBAN Deposit", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ {"key": "Content-Type", "value": "application/json"}, {"key": "Accept", "value": "application/json"}, {"key": "X-Credential-Key", "value": "{{credential_key}}"} ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 1000\n}" }, "url": { "raw": "{{base_url}}/api/provider/start-eiban-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "start-eiban-deposit"] }, "description": "Create E-İBAN deposit request (same as Manual Bank). Tracking code: EIBAN-XXXXXXXX-timestamp" }, "response": [] }, { "name": "6. Start E-İBAN Withdraw", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ {"key": "Content-Type", "value": "application/json"}, {"key": "Accept", "value": "application/json"}, {"key": "X-Credential-Key", "value": "{{credential_key}}"} ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"iban\": \"TR330006100519786457841326\",\n \"amount\": 1000\n}" }, "url": { "raw": "{{base_url}}/api/provider/start-eiban-withdraw", "host": ["{{base_url}}"], "path": ["api", "provider", "start-eiban-withdraw"] }, "description": "Create E-İBAN withdrawal request (same as Manual Bank). Tracking code: EIBAN-WIT-XXXXXXXX-timestamp" }, "response": [] }, { "name": "7. Credit Card Payment", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + timestamp)", "const hashInput = apiKey + secretKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('API Key:', apiKey);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "// Save tracking_code for status check", "if (pm.response.code === 200) {", " const response = pm.response.json();", " if (response.data && response.data.tracking_code) {", " pm.collectionVariables.set('last_cc_tracking_code', response.data.tracking_code);", " console.log('Saved credit card tracking_code:', response.data.tracking_code);", " }", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"credential_key\": \"{{credential_key}}\",\n \"username\": \"johndoe123\",\n \"user_id\": \"12345\",\n \"firstname\": \"John\",\n \"lastname\": \"Doe\",\n \"email\": \"john@example.com\",\n \"phone\": \"5551234567\",\n \"amount\": 500,\n \"description\": \"Deposit\"\n}" }, "url": { "raw": "{{base_url}}/api/provider/credit-card/payment", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "credit-card", "payment" ] }, "description": "Start a credit card payment for a site user.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + timestamp)\n- X-Timestamp: Unix timestamp\n- Content-Type: application/json\n\n**Request Body:**\n- credential_key: Site Credential Key (must belong to your provider)\n- username: User's username\n- user_id: User's unique ID\n- firstname: User's first name\n- lastname: User's last name\n- email: User's email address\n- phone: User's phone number\n- amount: Payment amount (minimum: 1)\n- description: Optional payment description\n\n**Response:** Returns payment_url - redirect user to this URL for payment" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/credit-card/payment", "host": ["{{base_url}}"], "path": ["api", "provider", "credit-card", "payment"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"message\": \"Payment created successfully\",\n \"data\": {\n \"tracking_code\": \"CC-A1B2C3D4-1733356800\",\n \"payment_url\": \"https://payment.gateway.com/pay/xyz123\",\n \"order_id\": \"VL20251204A1B2C3D4\",\n \"amount\": 500.00,\n \"currency\": \"TRY\"\n }\n}" }, { "name": "Invalid Credential Key", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/credit-card/payment", "host": ["{{base_url}}"], "path": ["api", "provider", "credit-card", "payment"] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"message\": \"Invalid credential key\"\n}" }, { "name": "Credit Card Not Enabled", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/credit-card/payment", "host": ["{{base_url}}"], "path": ["api", "provider", "credit-card", "payment"] } }, "status": "Forbidden", "code": 403, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"message\": \"Credit card payment is not enabled for this dealer\"\n}" } ] }, { "name": "8. Credit Card Status", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + timestamp)", "const hashInput = apiKey + secretKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('API Key:', apiKey);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"tracking_code\": \"{{last_cc_tracking_code}}\"\n}" }, "url": { "raw": "{{base_url}}/api/provider/credit-card/status", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "credit-card", "status" ] }, "description": "Check the status of a credit card payment using tracking code.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + timestamp)\n- X-Timestamp: Unix timestamp\n- Content-Type: application/json\n\n**Request Body:**\n- tracking_code: Tracking code from payment creation\n\n**Status Values:**\n- pending: Payment is pending\n- success: Payment completed successfully\n- failed: Payment failed\n- cancelled: Payment was cancelled\n- refunded: Payment was refunded" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/credit-card/status", "host": ["{{base_url}}"], "path": ["api", "provider", "credit-card", "status"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"data\": {\n \"tracking_code\": \"CC-A1B2C3D4-1733356800\",\n \"order_id\": \"VL20251204A1B2C3D4\",\n \"status\": \"success\",\n \"amount\": 500.00,\n \"currency\": \"TRY\",\n \"username\": \"johndoe123\",\n \"user_id\": \"12345\",\n \"created_at\": \"2025-12-04T20:00:00+00:00\",\n \"updated_at\": \"2025-12-04T20:05:00+00:00\"\n }\n}" }, { "name": "Transaction Not Found", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/credit-card/status", "host": ["{{base_url}}"], "path": ["api", "provider", "credit-card", "status"] } }, "status": "Not Found", "code": 404, "_postman_previewlanguage": "json", "body": "{\n \"success\": false,\n \"message\": \"Transaction not found\"\n}" } ] }, { "name": "9. [Method 4] Bank Transfer Deposit", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + credential_key + timestamp)", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('API Key:', apiKey);", "console.log('Credential Key:', credentialKey);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "// Save tracking_code for testing", "if (pm.response.code === 200) {", " const response = pm.response.json();", " if (response.data && response.data.tracking_code) {", " pm.collectionVariables.set('last_third_party_deposit_tracking_code', response.data.tracking_code);", " console.log('Saved tracking_code:', response.data.tracking_code);", " }", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "X-Credential-Key", "value": "{{credential_key}}", "description": "Site Credential Key" } ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 500\n}" }, "url": { "raw": "{{base_url}}/api/provider/third-party/bank/start-deposit", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "third-party", "bank", "start-deposit" ] }, "description": "Create a bank transfer deposit request via third-party gateway.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + credential_key + timestamp)\n- X-Timestamp: Unix timestamp\n- X-Credential-Key: Your Site Credential Key\n- Content-Type: application/json\n\n**Request Body:**\n- user_id: Customer's user ID\n- username: Customer's username\n- fullname: Customer's full name\n- amount: Deposit amount (minimum: 1)\n\n**Flow:**\n1. Customer visits payment_url\n2. System requests IBAN from third-party\n3. Customer receives IBAN details\n4. Customer sends bank transfer\n5. Provider receives callback when completed\n\n**Tracking Code:** TPBD-XXXXXXXX-timestamp\n**Callback:** Uses existing `callback_url`" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/third-party/start-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "start-deposit"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"message\": \"Third-party bank deposit transaction started successfully\",\n \"data\": {\n \"tracking_code\": \"TPBD-ABC12345-1733275800\",\n \"payment_url\": \"https://acidpanel.net/deposit/third-party/bank/track/xxx\",\n \"type\": \"third_party_bank_deposit\",\n \"payment_method\": \"bank\",\n \"site\": {\n \"id\": 12,\n \"name\": \"Hugobet.com\"\n },\n \"customer\": {\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\"\n },\n \"amount\": 500.00,\n \"status\": \"showing\",\n \"expires_at\": \"2025-12-04 02:10:00\",\n \"created_at\": \"2025-12-04 01:50:00\"\n },\n \"timestamp\": \"2025-12-04 01:50:00\"\n}" } ] }, { "name": "10. [Method 4] Bank Transfer Withdrawal", "event": [ { "listen": "prerequest", "script": { "exec": [ "// Get variables", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate hash: sha256(api_key + secret_key + credential_key + timestamp)", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "", "// Set headers", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });", "", "console.log('API Key:', apiKey);", "console.log('Credential Key:', credentialKey);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Generated Hash:', hash);" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "// Save tracking_code for testing", "if (pm.response.code === 200) {", " const response = pm.response.json();", " if (response.data && response.data.tracking_code) {", " pm.collectionVariables.set('last_third_party_withdrawal_tracking_code', response.data.tracking_code);", " console.log('Saved tracking_code:', response.data.tracking_code);", " }", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "X-Credential-Key", "value": "{{credential_key}}", "description": "Site Credential Key" } ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 1000,\n \"gateway_id\": 1,\n \"iban\": \"TR330006100519786457841326\"\n}" }, "url": { "raw": "{{base_url}}/api/provider/third-party/bank/start-withdrawal", "host": [ "{{base_url}}" ], "path": [ "api", "provider", "third-party", "bank", "start-withdrawal" ] }, "description": "Create a bank transfer withdrawal request via third-party gateway.\n\n**Required Headers:**\n- X-Api-Key: Your Provider API Key\n- X-Hash: sha256(api_key + secret_key + credential_key + timestamp)\n- X-Timestamp: Unix timestamp\n- X-Credential-Key: Your Site Credential Key\n- Content-Type: application/json\n\n**Request Body:**\n- user_id: Customer's user ID\n- username: Customer's username\n- fullname: Customer's full name\n- amount: Withdrawal amount (minimum: 1)\n- gateway_id: Third-party gateway ID (from Get Bank Gateways endpoint)\n- iban: Customer's recipient IBAN\n\n**Response:** Returns tracking_code only (NO payment_url for withdrawals)\n\n**Flow:**\n1. System receives withdrawal request with customer IBAN\n2. System sends request to third-party gateway\n3. Third-party processes withdrawal\n4. Provider receives callback when completed\n\n**Tracking Code:** TPBW-XXXXXXXX-timestamp\n**Callback:** Uses existing `withdrawal_callback_url`" }, "response": [ { "name": "Success Response", "originalRequest": { "method": "POST", "url": { "raw": "{{base_url}}/api/provider/third-party/start-withdrawal", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "start-withdrawal"] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "body": "{\n \"success\": true,\n \"message\": \"Third-party bank withdrawal transaction started successfully\",\n \"data\": {\n \"tracking_code\": \"TPBW-DEF98765-1733275800\",\n \"payment_url\": \"https://acidpanel.net/withdrawal/third-party/bank/track/xxx\",\n \"type\": \"third_party_bank_withdrawal\",\n \"payment_method\": \"bank\",\n \"site\": {\n \"id\": 12,\n \"name\": \"Hugobet.com\"\n },\n \"customer\": {\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\"\n },\n \"amount\": 1000.00,\n \"status\": \"showing\",\n \"expires_at\": \"2025-12-04 02:10:00\",\n \"created_at\": \"2025-12-04 01:50:00\"\n },\n \"timestamp\": \"2025-12-04 01:50:00\"\n}" } ] }, { "name": "11. [Method 5] Crypto Deposit", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ {"key": "Content-Type", "value": "application/json"}, {"key": "Accept", "value": "application/json"}, {"key": "X-Credential-Key", "value": "{{credential_key}}"} ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 500\n}" }, "url": { "raw": "{{base_url}}/api/provider/third-party/crypto/start-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "crypto", "start-deposit"] }, "description": "Create a crypto deposit request (BTC, USDT, ETH, etc.).\n\n**Tracking Code:** TPCD-XXXXXXXX-timestamp\n**Callback:** Uses existing `callback_url`" }, "response": [] }, { "name": "12. [Method 5] Crypto Withdrawal", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ {"key": "Content-Type", "value": "application/json"}, {"key": "Accept", "value": "application/json"}, {"key": "X-Credential-Key", "value": "{{credential_key}}"} ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 1000,\n \"gateway_id\": 2,\n \"crypto_type\": \"USDT (TRC20)\",\n \"wallet_address\": \"TXxxxxxxxxxxxxxxxxxxxxxxxxxxx\"\n}" }, "url": { "raw": "{{base_url}}/api/provider/third-party/crypto/start-withdrawal", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "crypto", "start-withdrawal"] }, "description": "Create a crypto withdrawal request via third-party gateway.\n\n**Request Body:**\n- user_id, username, fullname, amount\n- gateway_id: Third-party gateway ID (from Get Crypto Gateways endpoint)\n- crypto_type: e.g., 'USDT (TRC20)', 'BTC', 'ETH'\n- wallet_address: Customer's recipient wallet address\n\n**Response:** Returns tracking_code only (NO payment_url for withdrawals)\n\n**Tracking Code:** TPCW-XXXXXXXX-timestamp\n**Callback:** Uses existing `withdrawal_callback_url`" }, "response": [] }, { "name": "13. [Method 6] Wallet Deposit (Papara)", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ {"key": "Content-Type", "value": "application/json"}, {"key": "Accept", "value": "application/json"}, {"key": "X-Credential-Key", "value": "{{credential_key}}"} ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 500\n}" }, "url": { "raw": "{{base_url}}/api/provider/third-party/wallet/start-deposit", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "wallet", "start-deposit"] }, "description": "Create a wallet deposit request (Papara, PayFix, etc.).\n\n**Tracking Code:** TPWD-XXXXXXXX-timestamp\n**Callback:** Uses existing `callback_url`" }, "response": [] }, { "name": "14. [Method 6] Wallet Withdrawal", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const credentialKey = pm.collectionVariables.get('credential_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + credentialKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ {"key": "Content-Type", "value": "application/json"}, {"key": "Accept", "value": "application/json"}, {"key": "X-Credential-Key", "value": "{{credential_key}}"} ], "body": { "mode": "raw", "raw": "{\n \"user_id\": \"12345\",\n \"username\": \"johndoe123\",\n \"fullname\": \"John Doe\",\n \"amount\": 1000,\n \"gateway_id\": 3,\n \"wallet_number\": \"1234567890\"\n}" }, "url": { "raw": "{{base_url}}/api/provider/third-party/wallet/start-withdrawal", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "wallet", "start-withdrawal"] }, "description": "Create a wallet withdrawal request via third-party gateway (Papara, PayFix, etc.).\n\n**Request Body:**\n- user_id, username, fullname, amount\n- gateway_id: Third-party gateway ID (from Get Wallet Gateways endpoint)\n- wallet_number: Customer's recipient wallet number/account\n\n**Response:** Returns tracking_code only (NO payment_url for withdrawals)\n\n**Tracking Code:** TPWW-XXXXXXXX-timestamp\n**Callback:** Uses existing `withdrawal_callback_url`" }, "response": [] }, { "name": "15. Get Bank Gateways", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ {"key": "Accept", "value": "application/json"} ], "url": { "raw": "{{base_url}}/api/provider/third-party/bank/gateways", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "bank", "gateways"] }, "description": "Get list of available bank gateways for withdrawal operations. Returns gateway ID, name, min/max amounts, and required fields (IBAN, etc.)" }, "response": [] }, { "name": "16. Get Crypto Gateways", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ {"key": "Accept", "value": "application/json"} ], "url": { "raw": "{{base_url}}/api/provider/third-party/crypto/gateways", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "crypto", "gateways"] }, "description": "Get list of available crypto gateways for withdrawal operations. Returns gateway ID, name, supported crypto types (BTC, USDT (TRC20), etc.), min/max amounts, and required fields." }, "response": [] }, { "name": "17. Get Wallet Gateways", "event": [ { "listen": "prerequest", "script": { "exec": [ "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const timestamp = Math.floor(Date.now() / 1000).toString();", "const hashInput = apiKey + secretKey + timestamp;", "const hash = CryptoJS.SHA256(hashInput).toString();", "pm.request.headers.add({ key: 'X-Api-Key', value: apiKey });", "pm.request.headers.add({ key: 'X-Hash', value: hash });", "pm.request.headers.add({ key: 'X-Timestamp', value: timestamp });" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ {"key": "Accept", "value": "application/json"} ], "url": { "raw": "{{base_url}}/api/provider/third-party/wallet/gateways", "host": ["{{base_url}}"], "path": ["api", "provider", "third-party", "wallet", "gateways"] }, "description": "Get list of available wallet gateways (Papara, PayFix, etc.) for withdrawal operations. Returns gateway ID, name, min/max amounts, and required fields (wallet_number, etc.)" }, "response": [] }, { "name": "18. Callback Hash Verification (Helper)", "event": [ { "listen": "prerequest", "script": { "exec": [ "// This is a helper to verify callback hash", "// Simulate what you would receive in a callback", "", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const trackingCode = pm.collectionVariables.get('last_tracking_code') || 'MAN-TEST1234-1733275800';", "const status = 'completed'; // or 'canceled', 'expired'", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate expected hash: sha256(api_key + secret_key + tracking_code + status + timestamp)", "const hashInput = apiKey + secretKey + trackingCode + status + timestamp;", "const expectedHash = CryptoJS.SHA256(hashInput).toString();", "", "console.log('=== Callback Hash Verification ===');", "console.log('API Key:', apiKey);", "console.log('Tracking Code:', trackingCode);", "console.log('Status:', status);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Expected Hash:', expectedHash);", "console.log('');", "console.log('=== What You Will Receive ===');", "console.log('Headers:');", "console.log(' X-Api-Key:', apiKey);", "console.log(' X-Timestamp:', timestamp);", "console.log(' X-Hash:', expectedHash);", "console.log('');", "console.log('Body:');", "console.log(JSON.stringify({", " tracking_code: trackingCode,", " status: status,", " amount: 500.00,", " username: 'johndoe123',", " fullname: 'John Doe',", " user_id: '12345',", " site_id: 12,", " timestamp: parseInt(timestamp),", " hash: expectedHash", "}, null, 2));" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [], "url": { "raw": "https://postman-echo.com/get", "protocol": "https", "host": ["postman-echo", "com"], "path": ["get"] }, "description": "⚠️ **This is a HELPER request** - Not an actual API endpoint!\n\n**Purpose:** This request helps you understand how to verify callback hashes.\n\nOpen the **Console** (View > Show Postman Console) to see:\n1. How the hash is calculated\n2. What headers you will receive\n3. What the callback body will look like\n\n**Callback Hash Formula:**\n```\nhash = SHA256(api_key + secret_key + tracking_code + status + timestamp)\n```\n\n**Callback URL:** Set your `callback_url` in the Provider settings in AcidPanel." }, "response": [] }, { "name": "19. Withdrawal Callback Hash Verification (Helper)", "event": [ { "listen": "prerequest", "script": { "exec": [ "// This is a helper to verify withdrawal callback hash", "// Simulate what you would receive in a withdrawal callback", "", "const apiKey = pm.collectionVariables.get('api_key');", "const secretKey = pm.collectionVariables.get('secret_key');", "const trackingCode = pm.collectionVariables.get('last_withdrawal_tracking_code') || 'WIT-TEST1234-1733275800';", "const status = 'completed'; // or 'rejected', 'failed', 'canceled'", "const timestamp = Math.floor(Date.now() / 1000).toString();", "", "// Generate expected hash: sha256(api_key + secret_key + tracking_code + status + timestamp)", "const hashInput = apiKey + secretKey + trackingCode + status + timestamp;", "const expectedHash = CryptoJS.SHA256(hashInput).toString();", "", "console.log('=== Withdrawal Callback Hash Verification ===');", "console.log('API Key:', apiKey);", "console.log('Tracking Code:', trackingCode);", "console.log('Status:', status);", "console.log('Timestamp:', timestamp);", "console.log('Hash Input:', hashInput);", "console.log('Expected Hash:', expectedHash);", "console.log('');", "console.log('=== What You Will Receive ===');", "console.log('Headers:');", "console.log(' X-Api-Key:', apiKey);", "console.log(' X-Timestamp:', timestamp);", "console.log(' X-Hash:', expectedHash);", "console.log('');", "console.log('Body:');", "console.log(JSON.stringify({", " tracking_code: trackingCode,", " status: status,", " amount: 1000.00,", " username: 'johndoe123',", " fullname: 'John Doe',", " user_id: '12345',", " iban: 'TR330006100519786457841326',", " site_id: 12,", " timestamp: parseInt(timestamp),", " hash: expectedHash", "}, null, 2));" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [], "url": { "raw": "https://postman-echo.com/get", "protocol": "https", "host": ["postman-echo", "com"], "path": ["get"] }, "description": "⚠️ **This is a HELPER request** - Not an actual API endpoint!\n\n**Purpose:** This request helps you understand how to verify withdrawal callback hashes.\n\nOpen the **Console** (View > Show Postman Console) to see:\n1. How the hash is calculated\n2. What headers you will receive\n3. What the callback body will look like\n\n**Callback Hash Formula:**\n```\nhash = SHA256(api_key + secret_key + tracking_code + status + timestamp)\n```\n\n**Withdrawal Status Values:**\n- `completed`: Withdrawal was successfully processed\n- `rejected`: Withdrawal was manually rejected\n- `failed`: Withdrawal failed during processing\n- `canceled`: Withdrawal was canceled\n\n**Callback URL:** Set your `withdrawal_callback_url` in the Provider settings in AcidPanel." }, "response": [] } ] }