PHP development SDK for connections to GiroCheckout Payment Gateway

2.6.1 2024-05-17 17:26 UTC


PHP development SDK for connections to GiroCheckout Payment Gateway

The GiroCockpit SDK allows a simple implementation of the GiroCheckout API. The SDK includes all API calls provided by GiroCheckout. For every API there is an example script in the examples section.


  • The SDK uses the cURL extension for server communication.
  • All data must be given in UTF-8. The SDK does not take care of the conversion.
  • PHP >= 5.2


GiroCheckout SDK is available both in composer compatible form and as a standalone library.

Download the current standalone GiroCheckout PHP SDK here.

Find the instructions for the composer version below.

Installation through composer

In order for this to work, you need to install composer. Please follow the instructions on the Composer website for this, but in a nutshell it's this (in a Linux or iOS environment):

# Install Composer
curl -sS | php

You should then make it available globally:

mv composer.phar /usr/local/bin/composer

Remember to give the file execution permissions.

Now, simply include GiroCheckout in your PHP project:

composer clear-cache
composer require girosolution/girocheckout-sdk

This will create a composer.json file in your project (if you don't already have one), add the lines necessary to include GiroCheckout and then download and install it in the vendor folder.

Update through composer

If you already have a previous composer-based version of the SDK installed, you may update to the latest published version like this:

composer update

Important note regarding notify and redirect

GiroCheckout uses two parallel channels for the communication between the GiroCheckout server and the Shop: The notification (or notify for short) and the redirect. The notify is a server to server call in the background, whereas the redirect runs over the customer's browser, showing him the transaction result at the end. Both paths must function separately and independently from each other, in case one of them doesn't reach its destination. This way, the transaction is also successful if the notification happens to not arrive at the shop for whatever reason (so only the redirect could be successful) or if the customer interrupts the redirection to the shop site (so only the notify gets through). But of course a check is required on both sides whether the order has already been processed in the shop, in order to avoid a duplicate processing.

Please also see API Basics.


The folder "examples" includes example scripts for all supported payment methods and API calls. The folder "logos" contains the current logo images for all payment methods.


List of all request types (Request & Notify)

API documentation Request type Object name
check eps bank status epsBankstatus GiroCheckout_SDK_EpsBankstatus()
eps issuer list epsIssuerList GiroCheckout_SDK_EpsIssuerList()
eps transaction epsTransaction GiroCheckout_SDK_EpsTransaction()
check bank status giropayBankstatus GiroCheckout_SDK_GiropayBankstatus()
giropay-ID giropayIDCheck GiroCheckout_SDK_GiropayIDCheck()
giropay transaction giropayTransaction GiroCheckout_SDK_GiropayTransaction()
giropay +giropay-ID giropayTransaction GiroCheckout_SDK_GiropayTransaction()
iDEAL get issuer list idealIssuerList GiroCheckout_SDK_IdealIssuerList()
iDEAL transaction idealPayment GiroCheckout_SDK_IdealPayment()
credit card
credit card payment creditCardTransaction GiroCheckout_SDK_CreditCardTransaction()
get PKN creditCardGetPKN GiroCheckout_SDK_CreditCardGetPKN()
recurring credit card payment creditCardRecurringTransaction GiroCheckout_SDK_CreditCardRecurringTransaction()
credit card void creditCardVoid GiroCheckout_SDK_CreditCardVoid()
direct debit
direct debit without payment page directDebitTransaction GiroCheckout_SDK_DirectDebitTransaction()
direct debit payment page directDebitTransactionWithPaymentPage GiroCheckout_SDK_DirectDebitTransactionWithPaymentPage()
direct debit void directDebitVoid GiroCheckout_SDK_DirectDebitVoid()
Maestro payment maestroTransaction GiroCheckout_SDK_MaestroTransaction()
Maestro capture maestroCapture GiroCheckout_SDK_MaestroCapture()
Maestro refund maestroRefund GiroCheckout_SDK_MaestroRefund()
Paydirekt payment paydirektTransaction GiroCheckout_SDK_PaydirektTransaction()
Paydirekt capture paydirektCapture GiroCheckout_SDK_PaydirektCapture()
Paydirekt refund paydirektRefund GiroCheckout_SDK_PaydirektRefund()
Paydirekt void paydirektVoid GiroCheckout_SDK_PaydirektVoid()
Payment Page Transaktion
Payment through Payment Page paypageTransaction GiroCheckout_SDK_PaypageTransaction()
Project request paypageProjects GiroCheckout_SDK_PaypageProjects()
Sofort payment sofortuwTransaction GiroCheckout_SDK_SofortUwTransaction()
PayPal transaction paypalTransaction GiroCheckout_SDK_PaypalTransaction()
get transaction information getTransactionTool GiroCheckout_SDK_Tools_GetTransaction()

Implementation of an API call

This implementation example is based on the "examples/giropay/giropayTransaction.php" file.

Load SDK

require '../vendor/autoload.php';
use girosolution\GiroCheckout_SDK\GiroCheckout_SDK_Request;

The file "autload.php" has to be included in an appropriate place, to use API functionalities. It is located inside the vendor folder created by composer. So make sure the path to it is correct.

You may also want to add a "use" statement for every GiroCheckout class you use. GiroCheckout_SDK_Request will always be used at least.

Configure data for authentication

$merchantID = xxx;
$projectID = xxx;
$projectPassword = xxx;

This data is provided in the GiroCockpit. Ensure that the used project ID is correct and belongs to an API call. For example you can only use a giropay project ID for a "giropayTransaction" request.

API call

$request = new GiroCheckout_SDK_Request('giropayTransaction');
	->addParam('info1Label','Ihre Kundennummer')
	//the hash field is auto generated by the SDK

To perform a request there has to be instantiated and configurated a request object (list of all request types). The project password has to be given to the request object by calling the setSecret() method. It is used for the hash generation. Any API parameters, exept for the hash param, have to be set to the request object by calling addParam().

The method submit() performs the API call to GiroCheckout.

API response

if($request->requestHasSucceeded()) {
/* if the transaction did not succeed, update your local system, get the responsecode and notify the customer */
else {

The method requestHasSucceeded() returns true, if the request was successfully performed. Any API response parameters are provided by the getResponseParam() method. The customer redirection can be performet by calling the redirectCustomerToPaymentProvider() method. The buyer will be redirected to the URL given in the redirect parameter.

If an eror occured there is the error code stored in the rc param. The method getResponseMessage() delivers a translated error message in a supporded language.

Notification und Redirect scripts

This implementation example is based on the “examples/notification.php” file.

Load SDK

require '../vendor/autoload.php';
use girosolution\GiroCheckout_SDK\GiroCheckout_SDK_Request;

As stated above, the file "autload.php" has to be included in an appropriate place, to use API functionalities. It is located inside the vendor folder created by composer. So make sure the path to it is correct.

You may also want to add a "use" statement for every GiroCheckout class you use. GiroCheckout_SDK_Request will always be used at least.

Configure data for authentication

$projectPassword = xxx;

The password is provided in the GiroCockpit. It is used for the hash comparison, to ensure that the data is coming from GiroCheckout.

Process notification

$notify = new GiroCheckout_SDK_Notify('giropayTransaction');

The notification object works the same way as the request object. First it has to be instantiated with the transaction type (list of all request types) and configured with the password.

Afterwards an array needs to be passed to the parseNotification() method that holds the request parameters .

Handle notification

if($notify->paymentSuccessful()) {

  if($notify->avsSuccessful()) {
else {


The method paymentSuccessful() returns true, if the payment has succeeded. In case of a giropay-ID transaction the method avsSuccessful() delivers the result of the age verification. Any response parameter can be obtained via the getResponseParam() method.

sendOkStatus(), sendBadRequestStatus() and sendOtherStatus() may be used to respond to the request by sending the appropriate header.

HTTP status code Method Description
200 (OK) sendOkStatus() The notification was processed correctly.
400 (Bad Request) sendBadRequestStatus() The merchant did not process the notification and does not wish to be notified again.
all others sendOtherStatus() The notification is repeated no more than 10 times every 30 minutes until the merchant returns the status code 200 or 400.

Changing the Server Endpoint

In special cases it may be necessary to access a different server for development and tests than the default Should you have received another endpoint URL from Girosolution, there is a way of overriding the default server.

You may do this in one of three ways:

  1. In your PHP Code:
apache_setenv( "GIROCHECKOUT_SERVER", "" );
  1. On the Linux command line (e.g. for executing the SDK examples without a browser):
  1. In the Apache configuration (within the VirtualHost section):

Operation via a proxy server

It is possible to operate the server communication via a proxy, if your environment requires to do so. To implement this, include the following code and modify the parameters accordingly, before the GiroCheckout_SDK_Request::submit() function is called:

$Config = GiroCheckout_SDK_Config::getInstance();
$Config->setConfig('CURLOPT_PROXY', ''):
$Config->setConfig('CURLOPT_PROXYPORT', 9090);
$Config->setConfig('CURLOPT_PROXYUSERPWD', 'myuser:mypasswd');


The SDK offers the possibility of debugging an API call. In order to use this, you need to define a constant which has to be set to “true”:


Now the SDK will write a log file which is located in “GiroCheckout_PHP_SDK/log” by default. The webserver needs to have write permissions to this folder. The debug mode should only be used while debugging issues and should be deactivated again afterwards for security and performance reasons.

Accessing the logfile

The logfile is organized into different sections:

Section Description Common issues
start Gives the timestamp when the script was loaded
PHP ini Provides information about PHP, cURL and SSL cURL or SSL is not activated
transaction Shows the used API call
params set Shows any parameters that were given to the request object parameters are missing
cURL request Includes any parameters that are sent to GiroCheckout
cURL reply cURL information about the server reply
reply params Any parameters in the server's reply
notify input Information about the notify call (parameters, timestamp)
reply params Information about the used reply method
exception Includes the error description

Set certificate file

In a Windows server environment, it might happen that cURL is not able to validate the SSL certificate. In such a case, it is necessary to pass cURL a specific certificate file. The SDK provides the possibility of setting a local certificate file. For this, the following code is needed before the $request→submit() method is called:


For testing purposes, the certificate validation can be disabled. Please do not use this in your live environment.