tranzila-payment-gateway
Tranzila Payment Gateway
Overview
Tranzila is one of Israel's leading payment processors (solek), operating since 1999. It connects to the Shva network (reshet shva) -- Israel's central card processing infrastructure -- and supports all Israeli card issuers: Isracard, Visa Cal, Leumi Card/Max.
This skill guides integration with Tranzila for accepting credit card payments (slikat kartis ashrai) in Israeli applications.
Official docs: https://docs.tranzila.com/
Test credentials: Visa test card 4444333322221111, Isracard test 12312312, any CVV (e.g. 333), any future expiry. Configure your terminal for sandbox mode via the Tranzila dashboard.
Instructions
Step 1: Choose Integration Pattern
Help the user select the right approach based on their needs:
| Pattern | Hebrew | PCI Scope | Best For |
|---|---|---|---|
| Iframe | daf tashlum mutman | Minimal (SAQ-A) | Quick integration, minimal compliance |
| Hosted Fields | sdot mitarachim | Low (SAQ-A-EP) | Custom checkout UX with low PCI burden |
| API V2 (server-to-server) | sharat le-sharat | Full (SAQ-D) | Token charging, recurring, refunds |
Most Israeli merchants start with Iframe for collecting payments, then use API V2 for server-side operations like token charging and refunds.
Step 2: Set Up Authentication
Tranzila uses different credentials depending on the integration:
For Iframe / Legacy CGI:
supplier-- Terminal name (provided by Tranzila)TranzilaPW-- Transaction password
For API V2:
X-tranzila-api-app-keyHTTP header -- Application key from Tranzila dashboard
Remind the user to store credentials securely (environment variables, secrets manager) and never commit them to source control.
Step 3: Implement the Payment Flow
Option A: Hosted Fields (Recommended for Custom UX)
Hosted Fields let you design your own checkout form while Tranzila securely handles card inputs:
- Include the Tranzila Hosted Fields JS on your page
- Create container
<div>elements for card number, expiry, and CVV - Initialize fields with your terminal name and styling options
- On submit, the JS generates a
TranzilaTKtoken without card data touching your server - Send the token to your backend for charging via API V2
This gives full design control while maintaining SAQ-A-EP PCI compliance. Refer to the Hosted Fields section under https://docs.tranzila.com/ (deep slug paths change frequently; navigate from the Payments & Billing index).
Webhook signature verification. When Tranzila POSTs the result to your
notify_url, do NOT trust it on inbound shape alone. Verify by either (a) issuing a follow-up server-to-serverconfirmAPI call againsttranzila71dt.cgito confirm the transaction id, or (b) validating themyidyou provided round-trips back, or (c) signing your own checksum into the form fields and verifying it on receipt. Without this step, anyone with yournotify_urlcan fake transaction-success callbacks.
Option B: Iframe Integration (Quick Start)
-
Embed the Tranzila iframe in your checkout page:
- URL:
https://direct.tranzila.com/{supplier}/iframenew.php - Add query parameters:
sum,currency,cred_type - Default mode creates a token (J5); use J4 for one-time charge
- URL:
-
Handle the response via your
notify_url:- Tranzila POSTs results to your server
- Check
Responsefield:000= approved - Store
TranzilaTK(token) for future charges
-
Confirm transaction server-side (recommended):
- Use the three-sided handshake to verify the transaction is genuine
Option C: Server-to-Server via API V2
For token charging, refunds, and operations that don't involve card entry:
Charge a token:
POST https://secure5.tranzila.com/cgi-bin/tranzila31tk.cgi
Content-Type: application/x-www-form-urlencoded
supplier={terminal}&TranzilaPW={password}&TranzilaTK={token}&expdate={MMYY}&sum={amount}¤cy=1&cred_type=1
Process a refund:
Use tranmode=C{index} with the original ConfirmationCode and index from the original transaction.
Consult references/api-parameters.md for the complete parameter reference.
Step 4: Handle Israeli-Specific Payment Types
Israeli payments have unique features that differ from international processing:
Installments (Tashlumim):
- Set
cred_type=8for regular installments - Parameters:
npay(number of payments minus 1),fpay(first payment),spay(subsequent payments) - The sum of
fpay + (npay * spay)must equal the totalsum - Not all terminals are authorized for installments (error code 111 if not)
Credit Types (cred_type):
| Value | Type | Hebrew |
|---|---|---|
| 1 | Regular credit | ashrai ragil |
| 2 | Visa Adif / Amex Credit | |
| 3 | Immediate debit | hiyuv miyadi |
| 5 | Leumi Special | |
| 8 | Installments | tashlumim |
| 9 | Club installments | tashlumei moadan |
Currency codes (matbea):
| Code | Currency | Hebrew |
|---|---|---|
| 1 | ILS (Shekel) | shekel chadash |
| 2 | USD | dolar |
| 3 | GBP | lira sterling |
| 7 | EUR | euro |
Israeli ID (teudat zehut):
Some transactions require myid parameter -- a 9-digit Israeli ID number (mispar zehut).
Step 5: Implement Tokenization for Recurring Payments (hora'ot keva)
Tokens (asmachta) let you charge returning customers without handling card data again:
-
Create token during first payment:
- Iframe: Default behavior (J5 mode) returns
TranzilaTK - API: Use
tranmode=K(token only),VK(verify + token), orAK(charge + token)
- Iframe: Default behavior (J5 mode) returns
-
Store the token securely:
- Token is a 19-character string (last 4 digits match the card)
- Store token, expiry date, and card last-4 in your database
- Token has no value without your terminal credentials
-
Charge the token later:
- Use the
/cgi-bin/tranzila31tk.cgiendpoint - Include
TranzilaTK,expdate,sum, andcurrency
- Use the
Step 6: Add 3D Secure (if required)
3D Secure V2 adds cardholder authentication. Consult references/3ds-flow.md for the full redirect-based flow. Key points:
- 3DS changes the payment flow to include a bank authentication step
- Response includes additional fields for authentication status
- Some Israeli issuers may not support 3DS for all card types
Step 7: Accept Bit Payments
Tranzila supports Bit (Israel's popular mobile payment app). The flow differs from card payments:
- Initiate a Bit payment via the API -- Tranzila returns a Bit payment URL
- Redirect the customer to the Bit URL or display a QR code
- Customer approves payment in the Bit app
- Tranzila sends the result to your
notify_url - Bit refunds use a separate refund endpoint specific to Bit transactions
Key parameters: bit=1 to enable Bit, response includes bit_url for customer redirect. Refer to https://docs.tranzila.com/docs/payments-billing/dcljft4y7sgj2-bit.
Step 8: Generate Payment Request Links
Payment Requests (TRAPI) let you send payment links via email or SMS without building a checkout page:
- Create a payment request via API with amount, description, and customer contact
- Tranzila generates a secure payment link
- Send the link to the customer (Tranzila can send automatically via email/SMS)
- Customer clicks the link and pays on a Tranzila-hosted page
- You receive the result via webhook
This is useful for invoicing, phone orders, or any scenario where you need to collect payment without an embedded form.
Step 9: Set Up Standing Orders (Recurring Payments)
For automated recurring billing beyond simple token charging, Tranzila offers Standing Orders:
- Create a standing order with payment schedule (amount, frequency, start/end dates)
- Tranzila automatically charges the customer on schedule
- Monitor results via the Reports API or webhook notifications
- Cancel or modify standing orders via API
Standing orders are a paid feature -- contact Tranzila to enable on your terminal. Refer to Tranzila's documentation for detailed standing order setup instructions.
Step 10: Generate Invoices
Tranzila has an Invoicing API for generating digitally-signed tax documents approved by the Israeli Income Tax Authority:
- Create invoices tied to transactions or standalone
- Invoices are digitally signed for tax compliance
- Supports tax invoices, receipts, and credit notes
- Can be auto-generated with PayPal payments
Israel Tax Authority allocation number (mispar haktza'a) — mandatory for B2B invoices over thresholds. Since 2025-01-01 the ITA requires every B2B tax invoice over a threshold to carry an allocation number obtained from SHAAM via API. Threshold schedule: NIS 20,000 (from Jan 2025), NIS 10,000 from Jan 2026, NIS 5,000 from Jun 2026. Without the allocation number, the buyer cannot deduct input VAT on the invoice. If you generate invoices through Tranzila's Invoicing API, confirm with Tranzila support that allocation-number requests are wired through SHAAM for invoices at or above the current threshold; if not, fall back to a separate invoicing provider (Green Invoice, Morning, etc.) that does integrate with SHAAM, or request allocation numbers directly via the ITA portal.
Refer to Tranzila's invoicing documentation for the complete invoicing API reference.
Step 11: Handle Errors
Check the Response field in every transaction result. 000 means approved -- anything else is an error.
Common errors to handle in your code:
| Code | Meaning | Hebrew | User Action |
|---|---|---|---|
| 004 | Card declined | kartis surav | Ask user to try another card |
| 036 | Card expired | kartis pagum tokef | Ask user to update card details |
| 107 | Amount exceeds limit | chriga memichsa | Reduce amount or contact bank |
| 111 | Not authorized for installments | ein harshaah letashlumim | Contact Tranzila to enable |
| 125 | Not authorized for Amex | ein harshaah le-Amex | Contact Tranzila to enable |
| 200 | Application error | shegihat mimshal | Retry; if persistent, check parameters |
| 900 | 3DS authentication failed | imut 3DS nichal | Retry without 3DS or ask user to authenticate |
For the full error code reference (170+ codes), consult references/error-codes.md.
Examples
Example 1: Accept a One-Time Payment
User says: "I need to add credit card payments to my Node.js checkout page" Actions:
- Choose: Iframe integration (minimal PCI scope)
- Guide: Embed iframe with supplier name, sum, currency=1 (ILS)
- Implement: Server-side notify_url handler to capture response
- Validate: Check Response=000, store ConfirmationCode Result: Working checkout that accepts Israeli credit cards via embedded form.
Example 2: Set Up Monthly Subscription
User says: "I want to charge customers 99 NIS every month automatically" Actions:
- First payment: Iframe with token creation (J5 mode)
- Store: Save TranzilaTK and expdate from response
- Monthly: Cron job calls tranzila31tk.cgi with stored token
- Handle: Check for expired cards, declined tokens Result: Recurring monthly billing using tokenized cards.
Example 3: Process Installment Payment
User says: "My customer wants to pay 6,000 NIS in 3 tashlumim" Actions:
- Set: cred_type=8 (installments)
- Calculate: fpay=2000, spay=2000, npay=2 (3 payments total)
- Verify: Terminal authorized for installments
- Process: Transaction with installment parameters Result: Payment split into 3 equal installments of 2,000 NIS.
Example 4: Refund a Transaction
User says: "I need to refund transaction from last week, confirmation code 0283456" Actions:
- Use: tranmode=C0 (cancel first transaction in batch)
- Include: Original ConfirmationCode and index
- Set: sum to refund amount (partial or full)
- Verify: Response=000 for successful refund Result: Refund processed and linked to original transaction.
Example 5: Accept Bit Payment
User says: "I want to let customers pay with Bit on my website" Actions:
- Enable: Set
bit=1in the payment request - Redirect: Send customer to the
bit_urlfrom the response - Handle: Receive payment confirmation at notify_url
- Verify: Check Response=000 for successful Bit payment Result: Customers can pay using Israel's Bit mobile wallet alongside credit cards.
Example 6: Send Payment Link via SMS
User says: "I need to collect payment from a customer over the phone" Actions:
- Create: Payment request via TRAPI with amount and customer phone number
- Send: Tranzila sends SMS with payment link automatically
- Wait: Customer opens link and pays on Tranzila's hosted page
- Confirm: Receive webhook notification when payment completes Result: Payment collected remotely without building a checkout page.
Community Libraries
- tranzilajs (TypeScript/Node.js) -- Modern SDK with HMAC auth, Bit payments, credit card ops, iframe generation. Install:
npm install tranzilajs. See:https://github.com/NirTatcher/tranzilajs - omnipay-tranzila (PHP/Omnipay) -- Community gateway plugin
- active_merchant_tranzila (Ruby) -- ActiveMerchant gateway adapter
Bundled Resources
References
references/api-parameters.md-- Complete Tranzila API parameter reference for both legacy CGI and API V2 endpoints, including authentication headers, transaction parameters, token operations, and installment fields. Consult when constructing API requests or debugging unexpected parameter behavior.references/error-codes.md-- Full listing of Tranzila response codes (000-999) with meanings and recommended handling. Consult when a transaction returns a non-000 response code.references/3ds-flow.md-- Step-by-step 3D Secure V2 implementation guide for Tranzila, including redirect flow, authentication parameters, and fallback handling. Consult when adding 3DS to an existing integration.
Scripts
scripts/validate_tranzila_response.py-- Validates a Tranzila transaction response: checks response code, verifies required fields are present, and flags common issues (missing confirmation code, mismatched amounts). Run:python scripts/validate_tranzila_response.py --help
Gotchas
- Tranzila API uses form-encoded key-value pairs (not JSON). Agents default to JSON request bodies, which Tranzila will reject or ignore. Send requests as
application/x-www-form-urlencoded. - Tranzila's test mode uses the same endpoint as production but with a different
supplierparameter. Agents may accidentally send test transactions to the production terminal or vice versa. - The response format from Tranzila is a plain-text key=value string separated by newlines, not JSON. Agents may try to
JSON.parse()the response, which will throw an error. - Israeli credit card numbers have different BIN ranges than US/European cards. Tranzila validates cards locally, so test cards from Stripe or other international gateways will not work.
Reference Links
| Source | URL | What to Check |
|---|---|---|
| Tranzila developer docs | https://docs.tranzila.com/ | API reference, authentication, supported card networks, 3DS flow, error codes |
| Hosted Fields integration | https://docs.tranzila.com/ (Payments & Billing → Hosted Fields) | PCI-friendly embedded card capture |
| Israel Tax Authority allocation numbers | https://www.gov.il/en/service/allocation-number-application-tax-invoice | Mandatory for invoices ≥ NIS 10K (Jan 2026), drops to NIS 5K (Jun 2026) |
| Tranzila company site | https://www.tranzila.com | Terminal enablement requests, installment permissions, contact, PCI certification |
| tranzilajs community client | https://github.com/NirTatcher/tranzilajs | Community TypeScript/Node client and usage examples |
Troubleshooting
Error: "Response code 200 -- Application error"
Cause: Missing or invalid parameters in the API request Solution: Verify all required parameters are present: supplier, TranzilaPW, sum, ccno (or TranzilaTK), expdate. Check parameter names are exact (case-sensitive).
Error: "Response code 111 -- Terminal not authorized for installments"
Cause: Your Tranzila terminal does not have installment permissions enabled Solution: Contact Tranzila support (073-222-4444) to enable installment processing on your terminal.
Error: "Token charge fails but iframe worked"
Cause: Common when using wrong endpoint or missing expdate
Solution: Token charges use /cgi-bin/tranzila31tk.cgi (not tranzila31.cgi). Include both TranzilaTK and expdate parameters.
Error: "Transaction approved in test but not production"
Cause: Test and production terminals behave differently Solution: Verify your production terminal name and password. Some operations (like void) behave differently in production. Check with Tranzila support if behavior diverges.
Error: "Currency mismatch"
Cause: Using wrong endpoint for currency
Solution: ILS and USD use tranzila31.cgi. Multi-currency (EUR, GBP, etc.) requires tranzila36a.cgi.
More from skills-il/tax-and-finance
shekel-currency-converter
Convert currencies to/from Israeli New Shekel (NIS/ILS) using Bank of Israel official exchange rates. Use when user asks to convert shekels, NIS, ILS, asks about exchange rates, "shaar yatzig" (representative rate), or needs currency conversion for Israeli tax or business purposes. Supports 30+ currencies with current and historical rates. Do NOT use for cryptocurrency or unofficial money exchange rates.
16israeli-e-invoice
Generate, validate, and manage Israeli e-invoices (hashbonit electronit) per Tax Authority (SHAAM) standards. Use when user asks to create Israeli invoices, request allocation numbers, validate invoice compliance, or asks about "hashbonit", "e-invoice", "SHAAM", "allocation number", or Israeli invoicing requirements. Supports tax invoice (300), tax invoice/receipt (305), credit invoice (310), receipt (320), and proforma (330) types. Do NOT use for general accounting, bookkeeping, or non-Israeli invoice formats.
15israeli-crypto-tax-reporter
Calculate cryptocurrency capital gains tax per Israeli Tax Authority (Reshut HaMisim) regulations and generate Form 1322/1325 reporting data and Form 1399י advance-payment data (within 30 days of disposal). Use when a user needs to compute crypto tax obligations using FIFO cost basis, classify DeFi income (staking, liquidity mining, airdrops) for Israeli tax purposes, prepare annual tax filing data, understand reporting thresholds and advance payment (mikdamot) requirements, or evaluate the 2025-2026 Voluntary Disclosure Procedure (open until 31 Aug 2026). Covers Section 88 of the Income Tax Ordinance, Circular 2018/05, the 25% capital gains rate for individuals, and the 5% surtax on capital income above NIS 721,560 (threshold frozen through 2027). Do NOT use for non-Israeli tax jurisdictions, general income tax calculations, or VAT (maam) on crypto business activities, which require separate professional consultation.
15green-invoice
Integrate Green Invoice (Morning) API for Israeli invoicing, receipts, client management, and payment processing. Use when user asks to create invoices via Green Invoice, generate hashbonit mas through Morning API, manage clients in Green Invoice, set up webhook automation for document creation, query documents or expenses, or mentions "Green Invoice", "Morning", "hashbonit yeruka", "greeninvoice API", Israeli cloud invoicing, or needs to create tax invoice-receipt (cheshbonit mas/kabala). Covers all 13 document types, 8 payment types, client CRUD, item catalog, and webhook integration. Do NOT use for SHAAM allocation numbers or Tax Authority e-invoice compliance (use israeli-e-invoice), Cardcom payment processing (use cardcom-payment-gateway), or Tranzila integration (use tranzila-payment-gateway).
14israeli-pension-advisor
Navigate the Israeli pension and savings system including pension funds (keren pensia), manager's insurance (bituach menahalim), training funds (keren hishtalmut), and retirement planning. Use when user asks about Israeli pension, \"pensia\", \"keren hishtalmut\", retirement savings, \"bituach menahalim\", pension contributions, or tax benefits from savings. Uninformed pension decisions cost hundreds of thousands of NIS over a lifetime. Covers mandatory pension, voluntary savings, and withdrawal rules. Do NOT provide specific investment recommendations or fund performance comparisons.
14cardcom-payment-gateway
Integrate Cardcom payment processing and Israeli invoice generation into applications -- covers Low Profile payments, tokenization, recurring billing, and automatic tax invoice/receipt creation per Israeli law. Use when user asks to accept payments via Cardcom, generate Israeli invoices with payments, set up "slikat ashrai" with hashbonit, handle recurring billing (hora'ot keva), or mentions "Cardcom", "CardCom API", "Low Profile", Israeli payment with invoicing, or needs combined payment + document generation. Supports REST API V11 and legacy endpoints. Do NOT use for Tranzila integration (use tranzila-payment-gateway), general accounting, or non-payment queries.
14