-
Notifications
You must be signed in to change notification settings - Fork 4
Understanding the Hosted Checkout Process for Payfast
The Hosted Checkout process for Payfast provides a secure and convenient method for merchants to accept online payments. By following a few simple steps, merchants can integrate Payfast into their websites and offer their customers a seamless payment experience. In this article, we will explore the key aspects of the Hosted Checkout process and provide a sample PHP code implementation.
To begin, merchants need to gather their Payfast merchant data, which includes the merchant ID, secret key, and merchant name. These credentials are essential for authentication and identification purposes during the payment process.
$merchant_id = 'xxxxxxx';
$secrete_key = 'xxxxxxxxxxxxxxxxxxxxxxx';
$merchant_name = 'xxxxxxxxxxxxxxxxxx';Next, merchants should gather relevant customer data, such as the order ID, transaction amount, customer mobile number, and email address. This information is crucial for accurately processing the payment and communicating with the customer regarding the transaction. Forexample for now we can use the random ( demo ) data for processing:
$order_id = rand(100,10000); // Random Order Id which can be modified depending on the requirement
$amount = xxx; // Order Payment
$mobile = "xxxxxxxxxxx";
$email = '[email protected]';Merchants need to construct the payment token URL by combining the merchant ID and secret key. This URL is used to obtain an access token, which serves as a temporary authorization for processing the payment request. The token URL should be fetched using the appropriate PHP cURL function, and the returned response should be stored for further processing.
$token_url = "https://xxxxxxxxxxxxxxxxxxxx/xxxxxxxxx?MERCHANT_ID=".$merchant_id."&SECURED_KEY=".$secrete_key;
$curl_handle=curl_init();
curl_setopt($curl_handle,CURLOPT_URL, $token_url );
curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2);
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
$buffer = curl_exec($curl_handle);
curl_close($curl_handle);
if (empty($buffer)){
$res = "Nothing returned from url.<p>";
}
else{
$res = $buffer;
}
$result = json_decode($res, true);
$ACCESS_TOKEN = ( isset($result['ACCESS_TOKEN']) ? $result['ACCESS_TOKEN'] : '' );To ensure the integrity and security of the payment request, a signature must be generated using the merchant ID, merchant name, transaction amount, and order ID. The signature is created using the MD5 hashing algorithm, resulting in a unique identifier for each transaction.
$signature = md5($merchant_id . ":" . $merchant_name . ":" . $amount . ":" . $order_id);
$backend_callback = "signature=" . $signature . "&order_id=" . $order_id;The payload represents the data that will be sent to the Payfast Hosted Checkout page. It includes the merchant ID, merchant name, access token, transaction amount, customer details, signature, and other relevant parameters. The payload should be constructed as an array, adhering to the required format specified by Payfast.
$payload = array(
'MERCHANT_ID' => $merchant_id,
'MERCHANT_NAME' => $merchant_name,
'TOKEN' => $ACCESS_TOKEN,
'PROCCODE' => 00,
'TXNAMT' => $amount,
'CUSTOMER_MOBILE_NO' => $mobile,
'CUSTOMER_EMAIL_ADDRESS' => $email,
'SIGNATURE' => $signature,
'VERSION' => 'WOOCOM-APPS-PAYMENT-0.9',
'TXNDESC' => 'Products purchased from ' .$merchant_name,
'SUCCESS_URL' => urlencode($successUrl),
'FAILURE_URL' => urlencode($failUrl),
'BASKET_ID' => $order_id,
'ORDER_DATE' => date('Y-m-d H:i:s', time()),
'CHECKOUT_URL' => urlencode($backend_callback),
);Using the constructed payload, a payment form can be generated. This form should be set to submit the data to the Payfast payment URL. Each payload parameter should be included as a hidden input field within the form, ensuring that the data is securely transmitted to Payfast.
$payfast_form[] = '<form action="' . $payment_url . '" method="post" id="payfast_woocom_form">';
foreach ($payload as $key => $value) {
$payfast_form[] = '<input type="hidden" name="' . ($key) . '" value="' . ($value) . '" />';
}
$payfast_form[] = '<input type="submit" class="button paydast-submit" name="" value="Submit" />';
$payfast_form[] = '</form>';Finalizing the Integration: Once the payment form is generated, it can be displayed on the merchant's website. Merchants should ensure that the form is presented to customers at the appropriate stage of the checkout process. Additionally, the success and failure URLs should be specified to redirect customers to the appropriate pages after completing or canceling the payment.
Conclusion: The Hosted Checkout process for Payfast offers a secure and reliable solution for merchants to accept online payments. By following the steps outlined in this article and using the provided PHP code sample, merchants can seamlessly integrate Payfast into their websites and provide customers with a smooth and trustworthy payment experience.