WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Sanval Payments – Card Gateway for Payten/NestPay Banks

Sanval Payments – Card Gateway for Payten/NestPay Banks

By sanvaldev
Download

Description

Sanval Payments connects your WooCommerce store to the Payten/NestPay (Asseco SEE) payment network — the card processing infrastructure used by most banks in Turkey and the Western Balkans.

If your bank gave you a virtual POS on the NestPay/Asseco platform, this plugin lets you accept card payments on your store.

What the free version does

  • Card payments through the NestPay/Asseco 3D Secure flow
  • 3D Secure (3DS) — authentication hosted on the bank’s secure page; card data never touches your server
  • Refunds — full or partial, directly from the WooCommerce order screen
  • Void — cancel an authorised but uncaptured transaction
  • Test / Sandbox mode — built-in test mode using the Asseco sandbox
  • HPOS compatible — works with WooCommerce High-Performance Order Storage
  • WooCommerce Blocks — works with both the classic and the block checkout
  • Turkish translation (tr_TR)
  • All bank presets included — Banca Intesa (Serbia), İşbank, Akbank, Ziraat, Halkbank, QNB Finansbank, AIK Banka, NLB Komercijalna banka and more — plus a Custom / Other option that lets you connect any bank on the NestPay/Asseco platform by entering your endpoint manually

A note on the premium version

A separate premium version is available at sanval.dev for merchants who need additional functionality. The free version here is fully functional for card payments, with every bank preset included, and does not require the premium version.

How it works

  1. Your customer clicks “Place Order”.
  2. The plugin builds a signed 3DS request and redirects to your bank’s secure page.
  3. The customer completes 3D Secure authentication.
  4. The bank redirects back to your store with the result.
  5. The plugin verifies the response signature and marks the order approved or failed.

Requirements

  • WordPress 6.2 or higher
  • WooCommerce 7.0 or higher
  • PHP 8.1 or higher
  • An active virtual POS contract with a NestPay/Asseco bank

External services

This plugin connects to your bank’s payment gateway on the Payten/NestPay (Asseco) e-commerce platform in order to process card payments. This connection is required for the plugin’s core function: taking card payments through your own bank.

What is sent and when: when a customer places an order and chooses card payment, the plugin sends the transaction details (order amount, order reference, currency, and a signed hash generated from your store credentials) to the gateway endpoint you configure in the plugin settings. The customer is then redirected to the bank’s own secure 3-D Secure page to enter their card details. Card numbers and CVV are entered on the bank’s page and are never handled or stored by the plugin or your site.

The specific endpoint depends on which bank you use; you enter it from your own virtual POS contract. The gateway is operated by your bank, using the Payten/NestPay (Asseco) e-commerce platform.

Service provider and policies:

  • The card-acceptance terms of service, data processing and privacy terms that apply to your transactions are defined by your acquiring bank under your merchant (virtual POS) agreement. Please refer to the contract and documentation supplied by your bank.
  • This plugin itself is provided by Sanval Payments. Privacy policy: https://sanval.dev/privacy.html — Terms: https://sanval.dev/terms.html

No card data (card number, expiry, CVV) is ever sent to, handled by, or stored by this plugin or your website; it is entered directly on the bank’s own secure 3-D Secure page.

Installation

  1. Upload the sanval-payments folder to /wp-content/plugins/, or install it from your WordPress dashboard.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to WooCommerce Settings Payments Sanval NestPay.
  4. Choose your bank (or “Custom / Other”) and enter your credentials: Client ID, Store Key, and the Gateway URL.
  5. Enable the gateway and save.
  6. Use Test Mode with your bank’s sandbox to verify everything before going live.

Getting your bank credentials

When you sign a virtual POS contract, your bank provides:

  • Client ID — your merchant identifier
  • Store Key — the secret key used to sign transactions
  • Gateway URL — the 3DS endpoint (for example https://sanalpos.isbank.com.tr/fim/est3Dgate )

Contact your bank’s e-commerce support team if you are unsure which values to use.

FAQ

Which banks are supported?

Any bank running on the Payten/NestPay (Asseco SEE) platform. This plugin includes ready-made presets for Banca Intesa (Serbia), İşbank, Akbank, Ziraat, Halkbank, QNB Finansbank, AIK Banka, NLB Komercijalna banka and more, plus a Custom / Other option for every other NestPay bank (you enter the endpoint manually). All bank presets are included for everyone.

Is it 3D Secure compliant?

Yes. Every transaction goes through the bank’s 3D Secure page, and card data never passes through your server.

Can I test before going live?

Yes. Enable Test Mode in the settings to use the Asseco sandbox. No real charges are made in test mode.

Does it work with the WooCommerce block checkout?

Yes. Both the classic (shortcode) checkout and the newer checkout block are supported.

Checkout fails with a “security code” or hash error. What now?

This usually means your bank expects a different signature version. Open the gateway settings, go to Advanced (NestPay compatibility), and switch the Hash Algorithm between ver3 and ver2 (many older banks use ver2), then try again.

A firewall or security plugin blocks the payment. What should I check?

The bank confirms a payment by sending your site a POST request to the /sanval-3ds address. Some security tools (firewalls, WAFs, or “password protect” plugins) block or strip this request. If payments authenticate at the bank but customers land back on the checkout instead of the confirmation page, add /sanval-3ds to your firewall’s allowlist and disable any “password protected site” plugin while testing.

How do I send diagnostics for support?

In the gateway settings under Advanced, enable Diagnostic Logging, reproduce the issue once, then copy the text from the Diagnostics box and send it to support. It contains only the bank’s callback data (no full card number or CVV). Turn the logging off again afterwards.

Can I use any currency?

The currency must match your virtual POS agreement. Turkish banks typically require TRY (949) and Serbian banks RSD (941). EUR (978) and USD (840) work if your bank contract allows them.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Sanval Payments – Card Gateway for Payten/NestPay Banks” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Sanval Payments – Card Gateway for Payten/NestPay Banks” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.6

  • Removed all remaining instalment-related parameters from the payment payload and hash; the plugin now processes single card payments only, with no instalment code or references anywhere

1.0.5

  • This version focuses on core card payments with all bank presets included
  • Removed the external Payten link that failed validation; bank gateway terms are covered by your merchant agreement and the plugin’s own policy pages

1.0.4

  • All bank presets are now available to everyone
  • Added Terms of Service / Privacy Policy links for the external bank gateway service in the readme

1.0.3

  • Renamed the plugin to clarify it is an independent integration for Payten/NestPay banks (no affiliation implied)

1.0.2

  • Improved WordPress.org compliance and code structure
  • Documented the bank gateway external service connection in the readme
  • Redirect page CSS/JS now enqueued instead of inline; added a no-JavaScript fallback button
  • Hardened diagnostics: stored callback data is now sanitised
  • Removed vendor attribution from the default checkout description
  • Fixed the Plugin URI

1.0.1

  • Core card payments with all bank presets included
  • Added shop/return URL so the bank’s Cancel button returns the customer to the checkout page (fixes “3D Gate requires HTTP POST” on cancel)
  • Cancel now returns to the originating checkout page (classic or block)
  • Fixed İşbank gateway URL (sanalpos2 sanalpos)
  • Removed DenizBank preset — it runs on Intertech’s Inter-VPOS system, not NestPay, and is not compatible with this plugin
  • NLB renamed to NLB Komercijalna banka (Serbian entity merged); unverified gateway URL removed so the merchant enters their own from contract
  • Halkbank Serbia gateway URL removed (endpoint not independently verified); merchant enters their own from contract
  • Pre-filled gateway URLs are now provided only for banks with well-documented endpoints; all others are left blank for the merchant to fill in

1.0.0

  • Initial release

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Support

Got something to say? Need help?

View support forum