ACIDPANEL
Active

Contents

Postman Collection

Provider Integration

Download the Postman collection to quickly test all Provider API endpoints.

Download JSON

Provider Integration API

For payment service providers connecting banking infrastructure

What is Provider Integration?

Provider Integration enables you to connect a complete payment orchestration system to your existing services. This powerful API allows you to offer seamless payment panel access to anyone who wants to work with you — without requiring manual setup, support calls, or technical assistance.

What You Get

Payment Orchestration

Connect your banking infrastructure to a unified payment system that handles deposits, withdrawals, and credit card transactions.

Self-Service Panels

Your clients can create and manage their own payment panels without needing support or direct communication with you.

Simple API Integration

RESTful API with clear documentation, Postman collections, and hash-based authentication for secure communication.

Real-time Callbacks

Receive instant notifications for all transaction status changes via secure webhook callbacks to your system.

How It Works

1

Register

Get your API credentials

2

Integrate

Connect via our API

3

Create Sites

Add your client sites

4

Go Live

Start processing payments

Key Benefits

Zero Support Overhead

Clients manage everything themselves through intuitive panels. No support tickets, no phone calls.

Unlimited Scalability

Add unlimited sites and process unlimited transactions. The system scales with your business.

Enterprise Security

SHA-256 hash verification, timestamp validation, and IP whitelisting for maximum security.

Supported Payment Methods

Bank Transfer (IBAN) Credit Card (3D Secure) Manual Deposits Manual Withdrawals

Base URL

https://acidpanel.net/api/provider

Who Is This For?

  • Payment service providers looking to expand their offerings
  • Financial institutions wanting to offer white-label payment solutions
  • Banks seeking to integrate modern payment orchestration
  • Aggregators managing multiple merchant accounts

Independent Payment Methods

This API provides 6 independent payment methods. Each method operates separately and can be integrated individually based on your needs.

Method 1

Manual Bank Transactions

Method 2

E-İBAN Transactions

Method 3

Credit Card Transactions

Method 4

Third-Party Bank

Method 5

Third-Party Crypto

Method 6

Third-Party Wallet

You can integrate one, multiple, or all payment methods depending on your business requirements. Each method has its own endpoints and operates independently.

Authentication

All Provider API requests require authentication using API Key, Secret Key, and a SHA-256 Hash.

Required Headers

Header Description
X-Api-Key Your Provider API Key
X-Hash SHA-256 hash (see below)
X-Timestamp Unix timestamp (valid for 5 minutes)
Content-Type application/json

Hash Generation (PHP)

$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';
$timestamp = time();

// For basic endpoints (e.g., /welcome)
$hash = hash('sha256', $apiKey . $secretKey . $timestamp);

// For endpoints requiring additional key (e.g., /sites)
$key = 'additional_key_value';
$hash = hash('sha256', $apiKey . $secretKey . $key . $timestamp);

Provider Welcome

POST

Connection test endpoint. Use this to verify your API credentials are working correctly.

Endpoint
/api/provider/welcome
Method
POST

Required Headers

Header Value
X-Api-Key Your API Key
X-Hash sha256(api_key + secret_key + timestamp)
X-Timestamp Unix timestamp

Request Body

Empty request body - no parameters required

Success Response

{
  "success": true,
  "message": "Welcome, Provider Name!",
  "info": "Your API credentials have been verified successfully. Hope everything is going well on your end, partner!",
  "next_step": "You are now ready to proceed with the next steps.",
  "provider": {
    "id": 1,
    "name": "Provider Name",
    "is_active": true
  },
  "timestamp": "2025-12-03 12:00:00"
}

PHP Example

$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';
$timestamp = time();
$hash = hash('sha256', $apiKey . $secretKey . $timestamp);

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => 'https://acidpanel.net/api/provider/welcome',
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'X-Api-Key: ' . $apiKey,
        'X-Hash: ' . $hash,
        'X-Timestamp: ' . $timestamp
    ]
]);

$response = curl_exec($ch);
curl_close($ch);

$result = json_decode($response, true);
print_r($result);

Provider Sites

POST

Get all sites associated with your provider account.

Endpoint
/api/provider/sites
Method
POST

Required Headers

Header Value
X-Api-Key Your API Key
X-Hash sha256(api_key + secret_key + key + timestamp)
X-Timestamp Unix timestamp
X-Key Additional verification key
Important: The hash for this endpoint includes the X-Key value: sha256(api_key + secret_key + key + timestamp)

Success Response

{
  "success": true,
  "provider": {
    "id": 1,
    "name": "Provider Name"
  },
  "total_sites": 2,
  "sites": [
    {
      "id": 1,
      "name": "Site 1",
      "is_active": true,
      "created_at": "2025-01-15 10:30:00"
    },
    {
      "id": 2,
      "name": "Site 2",
      "is_active": true,
      "created_at": "2025-02-20 14:15:00"
    }
  ],
  "timestamp": "2025-12-03 12:00:00"
}

PHP Example

$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';
$key = 'your_verification_key';
$timestamp = time();

// Hash includes the key parameter
$hash = hash('sha256', $apiKey . $secretKey . $key . $timestamp);

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => 'https://acidpanel.net/api/provider/sites',
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'X-Api-Key: ' . $apiKey,
        'X-Hash: ' . $hash,
        'X-Timestamp: ' . $timestamp,
        'X-Key: ' . $key
    ]
]);

$response = curl_exec($ch);
curl_close($ch);

$result = json_decode($response, true);
print_r($result);

Method 1: Manual Bank Transactions

This is an independent payment method for manual IBAN-based deposits and withdrawals.

Start Manual Deposit

POST

Create a new manual IBAN deposit request for a customer. This endpoint requires both Provider authentication and Site Credential Key.

Endpoint
/api/provider/start-manual-deposit
Method
POST
Security: The Credential Key must belong to your provider account. You cannot access sites from other providers.

Hash Calculation

hash = SHA256(api_key + secret_key + credential_key + timestamp)

The credential_key is included in hash calculation for additional security.

Required Headers

Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + credential_key + timestamp)
X-Timestamp Unix timestamp (max 5 min old)
X-Credential-Key Your Site Credential Key
Content-Type application/json

Request Body

Parameter Type Required Description
fullname string Yes Customer's full name
username string Yes Customer's username
user_id string Yes Customer's user ID in your system
amount number Yes Deposit amount (minimum: 1)

Request Example

{
  "fullname": "John Doe",
  "username": "johndoe123",
  "user_id": "12345",
  "amount": 500
}

Success Response

{
  "success": true,
  "message": "Manuel yatırım talebi başarıyla oluşturuldu",
  "data": {
    "tracking_code": "MAN-ABCD1234-1733275800",
    "payment_url": "https://acidpanel.net/deposit/track/abc123...",
    "site": {
      "id": 12,
      "name": "Hugobet.com"
    },
    "customer": {
      "fullname": "John Doe",
      "username": "johndoe123",
      "user_id": "12345"
    },
    "amount": 500,
    "status": "showing",
    "expires_at": "2025-12-04 02:10:00",
    "created_at": "2025-12-04 01:50:00"
  },
  "timestamp": "2025-12-04 01:50:00"
}

Note: payment_url is the address to redirect the customer. On this page, the customer can edit the amount and click "Continue" to view the IBAN details.

cURL Example

curl -X POST https://acidpanel.net/api/provider/start-manual-deposit \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "X-Hash: SHA256_HASH" \
  -H "X-Timestamp: UNIX_TIMESTAMP" \
  -H "X-Credential-Key: YOUR_SITE_CREDENTIAL_KEY" \
  -d '{
    "fullname": "John Doe",
    "username": "johndoe123",
    "user_id": "12345",
    "amount": 500
  }'

Start Manual Withdraw

POST
POST /api/provider/start-manual-withdraw

Create a new manual withdrawal request for a customer. The withdrawal will be processed by the assigned dealer.

Required Headers

Header Description
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + credential_key + timestamp)
X-Timestamp Current Unix timestamp (seconds)
X-Credential-Key Your Site Credential Key

Request Body

Parameter Type Required Description
fullname string Yes Customer's full name
username string Yes Customer's username
user_id string Yes Customer's user ID in your system
iban string Yes Recipient's IBAN (15-34 characters)
amount number Yes Withdrawal amount (minimum: 1)

Request Example

{
  "fullname": "John Doe",
  "username": "johndoe123",
  "user_id": "12345",
  "iban": "TR330006100519786457841326",
  "amount": 1000
}

Success Response

{
  "success": true,
  "message": "Manuel çekim talebi başarıyla oluşturuldu",
  "data": {
    "tracking_code": "WIT-ABCD1234-1733275800",
    "site": {
      "id": 12,
      "name": "Hugobet.com"
    },
    "customer": {
      "fullname": "John Doe",
      "username": "johndoe123",
      "user_id": "12345"
    },
    "iban": "TR330006100519786457841326",
    "amount": 1000,
    "status": "pending",
    "created_at": "2025-12-04 01:50:00"
  },
  "timestamp": "2025-12-04 01:50:00"
}

Error Responses

401 Unauthorized Credential Key 
{
  "success": false,
  "error": "Yetkisiz Credential Key",
  "message": "Bu credential key sizin provider hesabınıza ait değil"
}
422 Validation Error 
{
  "success": false,
  "error": "Doğrulama hatası",
  "messages": [
    "Alıcı IBAN zorunludur",
    "Çekim tutarı zorunludur"
  ]
}

cURL Example

curl -X POST "https://acidpanel.net/api/provider/start-manual-withdraw" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "X-Hash: SHA256_HASH" \
  -H "X-Timestamp: UNIX_TIMESTAMP" \
  -H "X-Credential-Key: YOUR_SITE_CREDENTIAL_KEY" \
  -d '{
    "fullname": "John Doe",
    "username": "johndoe123",
    "user_id": "12345",
    "iban": "TR330006100519786457841326",
    "amount": 1000
  }'

Method 2: E-İBAN Transactions

This is an independent payment method for E-İBAN based deposits and withdrawals (same logic as Manual Bank).

Start E-İBAN Deposit

POST

Create a deposit request using E-İBAN (same flow as Manual Bank).

Endpoint POST
/api/provider/start-eiban-deposit
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + credential_key + timestamp)
X-Timestamp Unix timestamp
X-Credential-Key Site Credential Key
Request Body
Parameter Type Required Description
user_id string Yes Customer's user ID
username string Yes Customer's username
fullname string Yes Customer's full name
amount number Yes Deposit amount (minimum: 1)
Success Response (200) 
{
  "success": true,
  "message": "E-İBAN deposit request created successfully",
  "data": {
    "tracking_code": "EIBAN-ABC12345-1733947200",
    "payment_url": "https://acidpanel.net/deposit/eiban/track/xxx",
    "site": {
      "id": 12,
      "name": "Example Site"
    },
    "customer": {
      "fullname": "John Doe",
      "username": "johndoe123",
      "user_id": "12345"
    },
    "amount": 1000.00,
    "status": "showing",
    "expires_at": "2025-12-11 19:30:00"
  }
}

Callback

Uses existing deposit_callback_url

Start E-İBAN Withdraw

POST

Create a withdrawal request using E-İBAN (same flow as Manual Bank).

Endpoint POST
/api/provider/start-eiban-withdraw
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + credential_key + timestamp)
X-Timestamp Unix timestamp
X-Credential-Key Site Credential Key
Request Body
Parameter Type Required Description
user_id string Yes Customer's user ID
username string Yes Customer's username
fullname string Yes Customer's full name
iban string Yes Recipient IBAN (customer's bank account)
amount number Yes Withdrawal amount (minimum: 1)
Success Response (200) 
{
  "success": true,
  "message": "E-İBAN withdrawal request created successfully",
  "data": {
    "tracking_code": "EIBAN-WIT-DEF98765-1733947200",
    "site": {
      "id": 12,
      "name": "Example Site"
    },
    "customer": {
      "fullname": "John Doe",
      "username": "johndoe123",
      "user_id": "12345"
    },
    "iban": "TR330006100519786457841326",
    "amount": 1000.00,
    "status": "pending"
  }
}

Callback

Uses existing withdrawal_callback_url

Method 3: Credit Card Transactions

This is an independent payment method for credit/debit card payments via payment gateways.

Credit Card Payment

POST

Start a credit card payment for a site user. Returns a payment URL to redirect the user.

Endpoint POST
/api/provider/credit-card/payment
Headers
Header Value
Content-Type application/json
X-Api-Key Provider API Key
X-Timestamp Unix timestamp
X-Hash SHA256(api_key + secret_key + timestamp)
Request Body
Parameter Type Required Description
credential_key string Yes Site credential key
username string Yes User's username
user_id string Yes User's unique ID
firstname string Yes User's first name
lastname string Yes User's last name
email string Yes User's email address
phone string Yes User's phone number
amount number Yes Payment amount (min: 1)
description string No Payment description
Success Response (200) 
{
  "success": true,
  "message": "Payment created successfully",
  "data": {
    "tracking_code": "CC-A1B2C3D4-1733356800",
    "payment_url": "https://payment.gateway.com/pay/xyz123",
    "order_id": "VL20251204A1B2C3D4",
    "amount": 500.00,
    "currency": "TRY"
  }
}
Error Responses
401 Invalid credential key 
{ "success": false, "message": "Invalid credential key" }
403 Credit card not enabled 
{ "success": false, "message": "Credit card payment is not enabled for this dealer" }
403 Customer blocked 
{ "success": false, "message": "This customer is blocked. Payment not allowed." }
cURL Example 
curl -X POST https://acidpanel.net/api/provider/credit-card/payment \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: your_api_key" \
  -H "X-Timestamp: 1733356800" \
  -H "X-Hash: your_calculated_hash" \
  -d '{
    "credential_key": "site_credential_key",
    "username": "johndoe123",
    "user_id": "12345",
    "firstname": "John",
    "lastname": "Doe",
    "email": "[email protected]",
    "phone": "5551234567",
    "amount": 500,
    "description": "Deposit"
  }'

Payment Flow

  1. Call this endpoint to create a payment and get payment_url
  2. Redirect user to the payment_url
  3. User completes payment on the payment page
  4. System sends callback to your credit_card_callback_url
  5. Or query status using the tracking_code

Credit Card Status

POST

Check the status of a credit card payment using tracking code.

Endpoint POST
/api/provider/credit-card/status
Request Body
Parameter Type Required Description
tracking_code string Yes Tracking code from payment creation
Success Response (200) 
{
  "success": true,
  "data": {
    "tracking_code": "CC-A1B2C3D4-1733356800",
    "order_id": "VL20251204A1B2C3D4",
    "status": "success",
    "amount": 500.00,
    "currency": "TRY",
    "username": "johndoe123",
    "user_id": "12345",
    "created_at": "2025-12-04T20:00:00+00:00",
    "updated_at": "2025-12-04T20:05:00+00:00"
  }
}
Status Values
Status Description
pending Payment is pending, waiting for user action
success Payment completed successfully
failed Payment failed
cancelled Payment was cancelled
refunded Payment was refunded
cURL Example 
curl -X POST https://acidpanel.net/api/provider/credit-card/status \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: your_api_key" \
  -H "X-Timestamp: 1733356800" \
  -H "X-Hash: your_calculated_hash" \
  -d '{
    "tracking_code": "CC-A1B2C3D4-1733356800"
  }'

Method 4: Third-Party Bank

This is an independent payment method for bank transfers via third-party payment gateways.

Bank Transfer Deposit

POST

Create a deposit request via third-party bank transfer gateways.

What is Third-Party Payment?

This endpoint acts as a payment bridge to other payment systems. The customer will select a payment method (Crypto, Papara, Bank Transfer) and receive payment details from the third-party gateway to complete the transaction.

Endpoint POST
/api/provider/third-party/bank/start-deposit
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + credential_key + timestamp)
X-Timestamp Unix timestamp
X-Credential-Key Site Credential Key
Request Body
Parameter Type Required Description
user_id string Yes Customer's user ID
username string Yes Customer's username
fullname string Yes Customer's full name
amount number Yes Deposit amount (minimum: 1)
Success Response (200) 
{
  "success": true,
  "message": "Third-party Bank Transfer deposit transaction started successfully",
  "data": {
    "tracking_code": "TPBD-ABC12345-1733275800",
    "payment_url": "https://acidpanel.net/deposit/third-party/bank/track/xxx",
    "type": "third_party_bank_deposit",
    "payment_method": "bank",
    "site": {
      "id": 12,
      "name": "Hugobet.com"
    },
    "customer": {
      "user_id": "12345",
      "username": "johndoe123",
      "fullname": "John Doe"
    },
    "amount": 500.00,
    "status": "showing",
    "expires_at": "2025-12-04 02:10:00",
    "created_at": "2025-12-04 01:50:00"
  },
  "timestamp": "2025-12-04 01:50:00"
}

Payment Flow

  1. Customer visits the payment_url
  2. Customer selects payment method (Crypto/Wallet/Bank)
  3. System requests payment details from third-party gateway
  4. Customer receives payment info (wallet address, IBAN, etc.)
  5. Customer sends payment
  6. Third-party confirms payment → Provider receives callback

Callback Information

When the payment is completed, failed, or expired, we will send a callback to your configured callback_url (same as manual deposits).

Get Bank Gateways

GET

Retrieve list of available bank gateways for withdrawal operations.

Withdrawal Only

This endpoint is only needed for withdrawal operations. For deposits, gateway selection is handled on the payment tracking page.

Endpoint GET
/api/provider/third-party/bank/gateways
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + timestamp)
X-Timestamp Unix timestamp
Success Response (200 OK) 
{
  "success": true,
  "message": "Available bank gateways retrieved successfully",
  "data": {
    "gateways": [
      {
        "id": 1,
        "name": "Akbank Gateway",
        "code": "AKBANK",
        "min_amount": 100.0,
        "max_amount": 50000.0,
        "required_fields": ["iban", "account_holder"],
        "description": "Fast and secure bank transfers via Akbank"
      },
      {
        "id": 2,
        "name": "Garanti BBVA Gateway",
        "code": "GARANTI",
        "min_amount": 100.0,
        "max_amount": 100000.0,
        "required_fields": ["iban", "account_holder"],
        "description": "Garanti BBVA bank transfer gateway"
      }
    ],
    "count": 2
  },
  "timestamp": "2025-12-11 18:30:00"
}

How to Use

  1. Call this endpoint to get the list of available bank gateways
  2. Present the gateways to your customer (select dropdown)
  3. Customer selects a gateway and enters their IBAN
  4. Use the selected gateway_id and iban when calling the withdrawal endpoint

Bank Transfer Withdrawal

POST

Create a withdrawal request via third-party bank transfer gateways.

Endpoint POST
/api/provider/third-party/bank/start-withdrawal
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + credential_key + timestamp)
X-Timestamp Unix timestamp
X-Credential-Key Site Credential Key
Request Body
Parameter Type Required Description
user_id string Yes Customer's user ID
username string Yes Customer's username
fullname string Yes Customer's full name
amount number Yes Withdrawal amount (minimum: 1)
gateway_id integer Yes Bank gateway ID (from Get Bank Gateways endpoint)
iban string Yes Recipient IBAN (customer's bank account)
Example Request 
{
  "user_id": "12345",
  "username": "johndoe123",
  "fullname": "John Doe",
  "amount": 1000,
  "gateway_id": 1,
  "iban": "TR330006100519786457841326"
}
Success Response (200) 
{
  "success": true,
  "message": "Third-party Bank Transfer withdrawal transaction started successfully",
  "data": {
    "tracking_code": "TPBW-DEF98765-1733275800",
    "type": "third_party_bank_withdrawal",
    "payment_method": "bank",
    "site": {
      "id": 12,
      "name": "Hugobet.com"
    },
    "customer": {
      "user_id": "12345",
      "username": "johndoe123",
      "fullname": "John Doe"
    },
    "amount": 1000.00,
    "status": "showing",
    "expires_at": "2025-12-04 02:10:00",
    "created_at": "2025-12-04 01:50:00"
  },
  "timestamp": "2025-12-04 01:50:00"
}

Withdrawal Flow

  1. Customer visits the payment_url
  2. Customer selects withdrawal method (Crypto/Wallet/Bank)
  3. Customer enters their account details (wallet address, IBAN, etc.)
  4. System sends withdrawal request to third-party gateway
  5. Third-party processes the payment
  6. Third-party confirms completion → Provider receives callback

Callback Information

When the withdrawal is completed, rejected, or failed, we will send a callback to your configured withdrawal_callback_url (same as manual withdrawals).

Method 5: Third-Party Crypto

This is an independent payment method for cryptocurrency transactions (BTC, USDT, ETH, etc.) via third-party gateways.

Crypto Deposit

POST

Create a crypto deposit request (BTC, USDT, ETH, etc.).

Endpoint POST
/api/provider/third-party/crypto/start-deposit
Success Response (200) 
{
  "success": true,
  "message": "Third-party Crypto deposit transaction started successfully",
  "data": {
    "tracking_code": "TPCD-ABC12345-1733275800",
    "payment_url": "https://acidpanel.net/deposit/third-party/crypto/track/xxx",
    "type": "third_party_crypto_deposit",
    "payment_method": "crypto",
    "amount": 500.00,
    "status": "showing",
    "expires_at": "2025-12-04 02:10:00"
  }
}

Callback

Uses existing callback_url

Get Crypto Gateways

GET

Retrieve list of available crypto gateways for withdrawal operations.

Withdrawal Only

This endpoint is only needed for withdrawal operations. For deposits, gateway selection is handled on the payment tracking page.

Endpoint GET
/api/provider/third-party/crypto/gateways
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + timestamp)
X-Timestamp Unix timestamp
Success Response (200 OK) 
{
  "success": true,
  "message": "Available crypto gateways retrieved successfully",
  "data": {
    "gateways": [
      {
        "id": 1,
        "name": "Binance Gateway",
        "code": "BINANCE",
        "min_amount": 50.0,
        "max_amount": 100000.0,
        "supported_crypto_types": [
          "BTC",
          "USDT (TRC20)",
          "USDT (ERC20)",
          "ETH"
        ],
        "required_fields": ["crypto_type", "wallet_address"],
        "description": "Fast crypto transfers via Binance"
      }
    ],
    "count": 1
  },
  "timestamp": "2025-12-11 18:30:00"
}

How to Use

  1. Call this endpoint to get available crypto gateways
  2. Present gateways and crypto types to customer
  3. Customer selects gateway, crypto type (e.g., "USDT (TRC20)") and enters wallet address
  4. Use gateway_id, crypto_type, and wallet_address when calling withdrawal endpoint

Crypto Withdrawal

POST

Create a crypto withdrawal request.

Endpoint POST
/api/provider/third-party/crypto/start-withdrawal
Request Body
Parameter Type Required Description
user_id string Yes Customer's user ID
username string Yes Customer's username
fullname string Yes Customer's full name
amount number Yes Withdrawal amount
gateway_id integer Yes Crypto gateway ID (from Get Crypto Gateways)
crypto_type string Yes Crypto type with network (e.g., "USDT (TRC20)", "BTC", "ETH")
wallet_address string Yes Customer's crypto wallet address
Example Request 
{
  "user_id": "12345",
  "username": "johndoe123",
  "fullname": "John Doe",
  "amount": 1000,
  "gateway_id": 2,
  "crypto_type": "USDT (TRC20)",
  "wallet_address": "TXxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
Success Response (200) 
{
  "success": true,
  "message": "Third-party Crypto withdrawal transaction started successfully",
  "data": {
    "tracking_code": "TPCW-DEF98765-1733275800",
    "type": "third_party_crypto_withdrawal",
    "payment_method": "crypto",
    "amount": 1000.00,
    "status": "showing"
  }
}

Callback

Uses existing withdrawal_callback_url

Method 6: Third-Party Wallet

This is an independent payment method for e-wallet transactions (Papara, PayFix, etc.) via third-party gateways.

Wallet Deposit (Papara, etc.)

POST

Create a wallet deposit request (Papara, PayFix, etc.).

Endpoint POST
/api/provider/third-party/wallet/start-deposit
Success Response (200) 
{
  "success": true,
  "message": "Third-party Wallet deposit transaction started successfully",
  "data": {
    "tracking_code": "TPWD-ABC12345-1733275800",
    "payment_url": "https://acidpanel.net/deposit/third-party/wallet/track/xxx",
    "type": "third_party_wallet_deposit",
    "payment_method": "wallet",
    "amount": 500.00,
    "status": "showing"
  }
}

Callback

Uses existing callback_url

Get Wallet Gateways

GET

Retrieve list of available wallet gateways (Papara, PayFix, etc.) for withdrawal operations.

Withdrawal Only

This endpoint is only needed for withdrawal operations. For deposits, gateway selection is handled on the payment tracking page.

Endpoint GET
/api/provider/third-party/wallet/gateways
Request Headers
Header Value
X-Api-Key Your Provider API Key
X-Hash SHA256(api_key + secret_key + timestamp)
X-Timestamp Unix timestamp
Success Response (200 OK) 
{
  "success": true,
  "message": "Available wallet gateways retrieved successfully",
  "data": {
    "gateways": [
      {
        "id": 1,
        "name": "Papara Gateway",
        "code": "PAPARA",
        "min_amount": 50.0,
        "max_amount": 10000.0,
        "required_fields": ["wallet_number", "account_holder"],
        "description": "Fast and secure wallet transfers via Papara"
      },
      {
        "id": 2,
        "name": "PayFix Gateway",
        "code": "PAYFIX",
        "min_amount": 50.0,
        "max_amount": 15000.0,
        "required_fields": ["wallet_number"],
        "description": "PayFix wallet transfer gateway"
      }
    ],
    "count": 2
  },
  "timestamp": "2025-12-11 18:30:00"
}

How to Use

  1. Call this endpoint to get available wallet gateways
  2. Present gateways to customer (Papara, PayFix, etc.)
  3. Customer selects gateway and enters their wallet number
  4. Use gateway_id and wallet_number when calling withdrawal endpoint

Wallet Withdrawal

POST

Create a wallet withdrawal request.

Endpoint POST
/api/provider/third-party/wallet/start-withdrawal
Request Body
Parameter Type Required Description
user_id string Yes Customer's user ID
username string Yes Customer's username
fullname string Yes Customer's full name
amount number Yes Withdrawal amount
gateway_id integer Yes Wallet gateway ID (from Get Wallet Gateways)
wallet_number string Yes Customer's wallet number (e.g., Papara number, PayFix number)
Example Request 
{
  "user_id": "12345",
  "username": "johndoe123",
  "fullname": "John Doe",
  "amount": 1000,
  "gateway_id": 3,
  "wallet_number": "1234567890"
}
Success Response (200) 
{
  "success": true,
  "message": "Third-party Wallet withdrawal transaction started successfully",
  "data": {
    "tracking_code": "TPWW-DEF98765-1733275800",
    "type": "third_party_wallet_withdrawal",
    "payment_method": "wallet",
    "amount": 1000.00,
    "status": "showing"
  }
}

Callback

Uses existing withdrawal_callback_url

Deposit Callback

WEBHOOK

Important

When a deposit is approved or rejected, the system will send a POST request to your configured callback_url. Make sure to verify the hash before processing.

Callback Headers

Header Description
X-Api-Key Your API Key for identification
X-Timestamp Unix timestamp of the callback
X-Hash SHA256 verification hash

Hash Verification

To verify the callback authenticity, calculate the hash as follows:

hash = SHA256(api_key + secret_key + tracking_code + status + timestamp)

Compare your calculated hash with the X-Hash header value.

Callback Payload

Field Type Description
tracking_code string Unique transaction tracking code
status string completed canceled expired
amount number Final approved/rejected amount
username string Customer's username
fullname string Customer's full name
user_id string Customer's user ID in your system
site_id integer Site ID in AcidPanel
timestamp integer Unix timestamp of the callback
hash string SHA256 verification hash (also in header)

Callback Example

{
  "tracking_code": "MAN-ABCD1234-1733275800",
  "status": "completed",
  "amount": 500.00,
  "username": "johndoe123",
  "fullname": "John Doe",
  "user_id": "12345",
  "site_id": 12,
  "timestamp": 1733275900,
  "hash": "a1b2c3d4e5f6..."
}

PHP Verification Example

<?php
// Get callback data
$payload = json_decode(file_get_contents('php://input'), true);
$receivedHash = $_SERVER['HTTP_X_HASH'] ?? '';
$timestamp = $_SERVER['HTTP_X_TIMESTAMP'] ?? '';

// Your credentials
$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';

// Calculate expected hash
$expectedHash = hash('sha256', 
    $apiKey . 
    $secretKey . 
    $payload['tracking_code'] . 
    $payload['status'] . 
    $timestamp
);

// Verify hash
if ($receivedHash !== $expectedHash) {
    http_response_code(401);
    die('Invalid hash');
}

// Process the callback
if ($payload['status'] === 'completed') {
    // Credit user's balance
    creditUserBalance($payload['user_id'], $payload['amount']);
}

// Return success
http_response_code(200);
echo json_encode(['success' => true]);

Expected Response

Return HTTP 200 OK to acknowledge the callback. Any other status code will be logged as a failed delivery attempt.

Withdrawal Callback

WEBHOOK

Important

When a withdrawal is completed, rejected, failed, or canceled, the system will send a POST request to your configured withdrawal_callback_url. Make sure to verify the hash before processing.

Callback Headers

Header Description
X-Api-Key Your API Key for identification
X-Timestamp Unix timestamp of the callback
X-Hash SHA256 verification hash

Hash Verification

To verify the callback authenticity, calculate the hash as follows:

hash = SHA256(api_key + secret_key + tracking_code + status + timestamp)

Compare your calculated hash with the X-Hash header value.

Callback Payload

Field Type Description
tracking_code string Unique transaction tracking code
status string completed rejected failed canceled
amount number Withdrawal amount
username string Customer's username
fullname string Customer's full name
user_id string Customer's user ID in your system
iban string Recipient's IBAN
site_id integer Site ID in AcidPanel
timestamp integer Unix timestamp of the callback
hash string SHA256 verification hash (also in header)

Callback Example

{
  "tracking_code": "WIT-ABCD1234-1733275800",
  "status": "completed",
  "amount": 1000.00,
  "username": "johndoe123",
  "fullname": "John Doe",
  "user_id": "12345",
  "iban": "TR330006100519786457841326",
  "site_id": 12,
  "timestamp": 1733275900,
  "hash": "a1b2c3d4e5f6..."
}

PHP Verification Example

<?php
// Get callback data
$payload = json_decode(file_get_contents('php://input'), true);
$receivedHash = $_SERVER['HTTP_X_HASH'] ?? '';
$timestamp = $_SERVER['HTTP_X_TIMESTAMP'] ?? '';

// Your credentials
$apiKey = 'YOUR_API_KEY';
$secretKey = 'YOUR_SECRET_KEY';

// Calculate expected hash
$expectedHash = hash('sha256', 
    $apiKey . 
    $secretKey . 
    $payload['tracking_code'] . 
    $payload['status'] . 
    $timestamp
);

// Verify hash
if ($receivedHash !== $expectedHash) {
    http_response_code(401);
    die('Invalid hash');
}

// Process the callback
if ($payload['status'] === 'completed') {
    // Deduct from user's balance or mark as paid
    processWithdrawal($payload['user_id'], $payload['amount']);
} elseif ($payload['status'] === 'rejected' || $payload['status'] === 'failed') {
    // Refund to user's balance
    refundWithdrawal($payload['user_id'], $payload['amount']);
}

// Return success
http_response_code(200);
echo json_encode(['success' => true]);

Expected Response

Return HTTP 200 OK to acknowledge the callback. Any other status code will be logged as a failed delivery attempt.

Status Details

  • completed: Withdrawal was successfully processed and money was sent
  • rejected: Withdrawal was manually rejected by admin
  • failed: Withdrawal failed during processing
  • canceled: Withdrawal was canceled

Credit Card Callback

WEBHOOK

When a credit card payment is completed (success or failed), we send a callback to your credit_card_callback_url.

When Callbacks Are Sent

  • Payment completed successfully → status: success
  • Payment failed → status: failed
  • Payment cancelled by user → status: cancelled
  • Payment expired (15 min timeout) → status: failed

Hash Formula

SHA256(api_key + secret_key + tracking_code + status + timestamp)

Headers

Header Description
X-Api-Key Your Provider API Key
X-Timestamp Unix timestamp of the callback
X-Hash SHA256 verification hash

Callback Body

Field Type Description
tracking_code string Unique transaction tracking code
order_id string Payment gateway order ID
status string success, failed, cancelled
amount number Payment amount
currency string Currency code (TRY)
username string Customer's username
user_id string Customer's user ID
site_id integer Site ID in AcidPanel
customer_name string Customer's full name
customer_email string Customer's email
timestamp integer Unix timestamp
hash string SHA256 verification hash
error_code string Error code (only if failed)
error_message string Error description (only if failed)

Callback Example (Success)

{
  "tracking_code": "CC-A1B2C3D4-1733356800",
  "order_id": "VL20251204A1B2C3D4",
  "status": "success",
  "amount": 500.00,
  "currency": "TRY",
  "username": "johndoe123",
  "user_id": "12345",
  "site_id": 12,
  "customer_name": "John Doe",
  "customer_email": "[email protected]",
  "timestamp": 1733356900,
  "hash": "a1b2c3d4e5f6..."
}

Callback Example (Failed)

{
  "tracking_code": "CC-A1B2C3D4-1733356800",
  "order_id": "VL20251204A1B2C3D4",
  "status": "failed",
  "amount": 500.00,
  "currency": "TRY",
  "username": "johndoe123",
  "user_id": "12345",
  "site_id": 12,
  "customer_name": "John Doe",
  "customer_email": "[email protected]",
  "error_code": "INSUFFICIENT_FUNDS",
  "error_message": "Card declined - insufficient funds",
  "timestamp": 1733356900,
  "hash": "a1b2c3d4e5f6..."
}

Expected Response

Return HTTP 200 OK to acknowledge the callback.

Error Responses

Code Error Description
401 Missing required headers X-Api-Key, X-Hash, or X-Timestamp is missing
401 Invalid API key API key not found in database
401 Request timestamp expired Timestamp older than 5 minutes
401 Invalid hash Hash verification failed
403 Provider account is inactive Provider has been deactivated
403 IP address not allowed Request IP not in whitelist

Need Help?

Contact our support team for API credentials, integration assistance, or troubleshooting.

Contact on Telegram

© 2026 Acid Panel. All rights reserved.

Documentation Support