Test your integration on https://demo.pesapal.com before you take your site live!
Oauth.php – Class that helps in constructing the Oauth Request
<? phpinclude_once('OAuth.php'); ?>
<?php $token = $params = NULL; $consumer_key = 'Your PesaPal Merchant Consumer Key';//Register a merchant account on //demo.pesapal.com and use the merchant key for testing. //When you are ready to go live make sure you change the key to the live account //registered on www.pesapal.com! $consumer_secret = 'Your PesaPal Merchant Consumer Secret';// Use the secret from your test //account on demo.pesapal.com. When you are ready to go live make sure you //change the secret to the live account registered on www.pesapal.com! $signature_method = new OAuthSignatureMethod_HMAC_SHA1(); $iframelink = 'https://demo.pesapal.com/api/PostPesapalDirectOrderV4';//change to //https://www.pesapal.com/API/PostPesapalDirectOrderV4 when you are ready to go live!
Assign form details passed to pesapal‐iframe.php from shopping‐cart‐form.php to the specified variables.
<?php //get form details
$amount = $_POST['amount']; $amount = number_format($amount, 2);//format amount to 2 decimal places $desc = $_POST['description']; $type = $_POST['type']; //default value = MERCHANT $reference = $_POST['reference'];//unique order id of the transaction, generated by merchant $first_name = $_POST['first_name']; //[optional] $last_name = $_POST['last_name']; //[optional] $email = $_POST['email']; $phonenumber = ''; //ONE of email or phonenumber is required ?>
This is the full url pointing to the page the iframe redirects to after processing the order on pesapal.com
The format is standard so no editing is required. Encode the variable using htmlentities.
<?php $callback_url = 'http://www.test.com/redirect.php'; //redirect url, the page that will handle the response from pesapal. $post_xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?><PesapalDirectOrderInfo xmlns:xsi=\"http://www.w3.org/2001/XMLSchemainstance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" Amount=\"".$amount."\" Description=\"".$desc."\" Type=\"".$type."\" Reference=\"".$reference."\" FirstName=\"".$first_name."\" LastName=\"".$last_name."\" Email=\"".$email."\" PhoneNumber=\"".$phonenumber."\" xmlns=\"http://www.pesapal.com\" />"; $post_xml = htmlentities($post_xml); ?>
Using the Oauth class included construct the oauth request url using the parameters declared above (the format is standard so no editing is required).
<?php $consumer = new OAuthConsumer($consumer_key, $consumer_secret); //post transaction to pesapal $iframe_src = OAuthRequest::from_consumer_and_token($consumer, $token, "GET", $iframelink, $params); $iframe_src->set_parameter("oauth_callback", $callback_url); $iframe_src->set_parameter("pesapal_request_data", $post_xml); $iframe_src->sign_request($signature_method, $consumer, $token); ?>
Pass $iframe_src as the iframe's src.
<iframe src="/<?php echo $iframe_src;?>" width="100%" height="720px" scrolling="auto" frameBorder="0"> <p>Unable to load the payment page</p> </iframe>
Once the payment process has been completed by the user, PesaPal will redirect to your site using the url you assigned to $callback_url, along with the following query string parameters:
Store the pesapal_transaction_tracking_idin your database against the order.
<?php $reference = null; $pesapal_tracking_id = null; if(isset($_GET['pesapal_merchant_reference'])) $reference = $_GET['pesapal_merchant_reference']; if(isset($_GET['pesapal_transaction_tracking_id'])) $pesapal_tracking_id = $_GET['pesapal_transaction_tracking_id']; //store $pesapal_tracking_id in your database against the order with orderid = $reference ... ?>
Once a transaction has been posted to PesaPal, you can listen for Instant Payment Notifications on a URL on your site (see here for details).
Below is sample code that listens to notifications from PesaPal and consequently queries for the transaction status.
<? include_once('oauth.php'); $consumer_key="xxxxxxxxxxxxxxxxxx";//Register a merchant account on //demo.pesapal.com and use the merchant key for testing. //When you are ready to go live make sure you change the key to the live account //registered on www.pesapal.com! $consumer_secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";// Use the secret from your test //account on demo.pesapal.com. When you are ready to go live make sure you //change the secret to the live account registered on www.pesapal.com! $statusrequestAPI = 'https://demo.pesapal.com/api/querypaymentstatus';//change to //https://www.pesapal.com/api/querypaymentstatus' when you are ready to go live! // Parameters sent to you by PesaPal IPN $pesapalNotification=$_GET['pesapal_notification_type']; $pesapalTrackingId=$_GET['pesapal_transaction_tracking_id']; $pesapal_merchant_reference=$_GET['pesapal_merchant_reference']; if($pesapalNotification=="CHANGE" && $pesapalTrackingId!='') { $token = $params = NULL; $consumer = new OAuthConsumer($consumer_key, $consumer_secret); $signature_method = new OAuthSignatureMethod_HMAC_SHA1(); //get transaction status $request_status = OAuthRequest::from_consumer_and_token($consumer, $token, "GET", $statusrequestAPI, $params); $request_status->set_parameter("pesapal_merchant_reference", $pesapal_merchant_reference); $request_status->set_parameter("pesapal_transaction_tracking_id",$pesapalTrackingId); $request_status->sign_request($signature_method, $consumer, $token); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $request_status); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); if(defined('CURL_PROXY_REQUIRED')) if (CURL_PROXY_REQUIRED == 'True') { $proxy_tunnel_flag = (defined('CURL_PROXY_TUNNEL_FLAG') && strtoupper(CURL_PROXY_TUNNEL_FLAG) == 'FALSE') ? false : true; curl_setopt ($ch, CURLOPT_HTTPPROXYTUNNEL, $proxy_tunnel_flag); curl_setopt ($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); curl_setopt ($ch, CURLOPT_PROXY, CURL_PROXY_SERVER_DETAILS); } $response = curl_exec($ch); $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $raw_header = substr($response, 0, $header_size - 4); $headerArray = explode("\r\n\r\n", $raw_header); $header = $headerArray[count($headerArray) - 1]; //transaction status $elements = preg_split("/=/",substr($response, $header_size)); $status = $elements[1]; curl_close ($ch); //UPDATE YOUR DB TABLE WITH NEW STATUS FOR TRANSACTION WITH pesapal_transaction_tracking_id $pesapalTrackingId if(DB_UPDATE_IS_SUCCESSFUL) { $resp="pesapal_notification_type=$pesapalNotification&pesapal_transaction_tracking_id=$pesapalTrackingId&pesapal_merchant_reference=$pesapal_merchant_reference"; ob_start(); echo $resp; ob_flush(); exit; } } ?>