girosolution/girocheckout-sdk

PHP development SDK for connections to GiroCheckout Payment Gateway

2.6.1 2024-05-17 17:26 UTC

README

PHP development SDK for connections to GiroCheckout Payment Gateway

The GiroCockpit SDK allows a simple implementation of the GiroCheckout API. The SDK includes all API calls provided by GiroCheckout. For every API there is an example script in the examples section.

Requirements

  • The SDK uses the cURL extension for server communication.
  • All data must be given in UTF-8. The SDK does not take care of the conversion.
  • PHP >= 5.2

Download

GiroCheckout SDK is available both in composer compatible form and as a standalone library.

Download the current standalone GiroCheckout PHP SDK here.

Find the instructions for the composer version below.

Installation through composer

In order for this to work, you need to install composer. Please follow the instructions on the Composer website for this, but in a nutshell it's this (in a Linux or iOS environment):

# Install Composer
curl -sS https://getcomposer.org/installer | php

You should then make it available globally:

mv composer.phar /usr/local/bin/composer

Remember to give the file execution permissions.

Now, simply include GiroCheckout in your PHP project:

composer clear-cache
composer require girosolution/girocheckout-sdk

This will create a composer.json file in your project (if you don't already have one), add the lines necessary to include GiroCheckout and then download and install it in the vendor folder.

Update through composer

If you already have a previous composer-based version of the SDK installed, you may update to the latest published version like this:

composer update

Important note regarding notify and redirect

GiroCheckout uses two parallel channels for the communication between the GiroCheckout server and the Shop: The notification (or notify for short) and the redirect. The notify is a server to server call in the background, whereas the redirect runs over the customer's browser, showing him the transaction result at the end. Both paths must function separately and independently from each other, in case one of them doesn't reach its destination. This way, the transaction is also successful if the notification happens to not arrive at the shop for whatever reason (so only the redirect could be successful) or if the customer interrupts the redirection to the shop site (so only the notify gets through). But of course a check is required on both sides whether the order has already been processed in the shop, in order to avoid a duplicate processing.

Please also see API Basics.

Folders

The folder "examples" includes example scripts for all supported payment methods and API calls. The folder "logos" contains the current logo images for all payment methods.

List of all request types (Request & Notify)

Implementation of an API call

This implementation example is based on the "examples/giropay/giropayTransaction.php" file.

Load SDK

require '../vendor/autoload.php';
use girosolution\GiroCheckout_SDK\GiroCheckout_SDK_Request;

The file "autload.php" has to be included in an appropriate place, to use API functionalities. It is located inside the vendor folder created by composer. So make sure the path to it is correct.

You may also want to add a "use" statement for every GiroCheckout class you use. GiroCheckout_SDK_Request will always be used at least.

Configure data for authentication

$merchantID = xxx;
$projectID = xxx;
$projectPassword = xxx;

This data is provided in the GiroCockpit. Ensure that the used project ID is correct and belongs to an API call. For example you can only use a giropay project ID for a "giropayTransaction" request.

API call

$request = new GiroCheckout_SDK_Request('giropayTransaction');
$request->setSecret($projectPassword);
$request->addParam('merchantId',$merchantID)
	->addParam('projectId',$projectID)
	->addParam('merchantTxId',1234567890)
	->addParam('amount',100)
	->addParam('currency','EUR')
	->addParam('purpose','Beispieltransaktion')
	->addParam('bic','TESTDETT421')
	->addParam('info1Label','Ihre Kundennummer')
	->addParam('info1Text','0815')
	->addParam('urlRedirect','https://www.my-domain.de/girocheckout/redirect-giropay')
	->addParam('urlNotify','https://www.my-domain.de/girocheckout/notify-giropay')
	//the hash field is auto generated by the SDK
	->submit();

To perform a request there has to be instantiated and configurated a request object (list of all request types). The project password has to be given to the request object by calling the setSecret() method. It is used for the hash generation. Any API parameters, exept for the hash param, have to be set to the request object by calling addParam().

The method submit() performs the API call to GiroCheckout.

API response

if($request->requestHasSucceeded()) {
  $request->getResponseParam('rc');
  $request->getResponseParam('msg');
  $request->getResponseParam('reference');
  $request->getResponseParam('redirect');
  $request->redirectCustomerToPaymentProvider();
}
/* if the transaction did not succeed, update your local system, get the responsecode and notify the customer */
else {
  $request->getResponseParam('rc');
  $request->getResponseParam('msg');
  $request->getResponseMessage($request->getResponseParam('rc'),'DE');
}

The method requestHasSucceeded() returns true, if the request was successfully performed. Any API response parameters are provided by the getResponseParam() method. The customer redirection can be performet by calling the redirectCustomerToPaymentProvider() method. The buyer will be redirected to the URL given in the redirect parameter.

If an eror occured there is the error code stored in the rc param. The method getResponseMessage() delivers a translated error message in a supporded language.

Notification und Redirect scripts

This implementation example is based on the “examples/notification.php” file.

Load SDK

require '../vendor/autoload.php';
use girosolution\GiroCheckout_SDK\GiroCheckout_SDK_Request;

As stated above, the file "autload.php" has to be included in an appropriate place, to use API functionalities. It is located inside the vendor folder created by composer. So make sure the path to it is correct.

You may also want to add a "use" statement for every GiroCheckout class you use. GiroCheckout_SDK_Request will always be used at least.

Configure data for authentication

$projectPassword = xxx;

The password is provided in the GiroCockpit. It is used for the hash comparison, to ensure that the data is coming from GiroCheckout.

Process notification

$notify = new GiroCheckout_SDK_Notify('giropayTransaction');
$notify->setSecret($projectPassword);
$notify->parseNotification($_GET);

The notification object works the same way as the request object. First it has to be instantiated with the transaction type (list of all request types) and configured with the password.

Afterwards an array needs to be passed to the parseNotification() method that holds the request parameters .

Handle notification

if($notify->paymentSuccessful()) {
  $notify->getResponseParam('gcReference');
  $notify->getResponseParam('gcMerchantTxId');
  $notify->getResponseParam('gcBackendTxId');
  $notify->getResponseParam('gcAmount');
  $notify->getResponseParam('gcCurrency');
  $notify->getResponseParam('gcResultPayment');

  if($notify->avsSuccessful()) {
    $notify->getResponseParam('gcResultAVS');
  }
  
  $notify->sendOkStatus();
  exit;
}
else {
  $notify->getResponseParam('gcReference');
  $notify->getResponseParam('gcMerchantTxId');
  $notify->getResponseParam('gcBackendTxId');
  $notify->getResponseParam('gcResultPayment');

  $notify->sendOkStatus();
  exit;
}

The method paymentSuccessful() returns true, if the payment has succeeded. In case of a giropay-ID transaction the method avsSuccessful() delivers the result of the age verification. Any response parameter can be obtained via the getResponseParam() method.

sendOkStatus(), sendBadRequestStatus() and sendOtherStatus() may be used to respond to the request by sending the appropriate header.

Changing the Server Endpoint

In special cases it may be necessary to access a different server for development and tests than the default https://payment.girosolution.de. Should you have received another endpoint URL from Girosolution, there is a way of overriding the default server.

You may do this in one of three ways:

  1. In your PHP Code:
apache_setenv( "GIROCHECKOUT_SERVER", "https://other.endpoint.de" );
  1. On the Linux command line (e.g. for executing the SDK examples without a browser):
export GIROCHECKOUT_SERVER=https://other.endpoint.de
  1. In the Apache configuration (within the VirtualHost section):
SetEnv GIROCHECKOUT_SERVER "https://other.endpoint.de"

Operation via a proxy server

It is possible to operate the server communication via a proxy, if your environment requires to do so. To implement this, include the following code and modify the parameters accordingly, before the GiroCheckout_SDK_Request::submit() function is called:

$Config = GiroCheckout_SDK_Config::getInstance();
$Config->setConfig('CURLOPT_PROXY', 'http://myproxy.com'):
$Config->setConfig('CURLOPT_PROXYPORT', 9090);
$Config->setConfig('CURLOPT_PROXYUSERPWD', 'myuser:mypasswd');

Debugging

The SDK offers the possibility of debugging an API call. In order to use this, you need to define a constant which has to be set to “true”:

define('__GIROCHECKOUT_SDK_DEBUG__',true);

Now the SDK will write a log file which is located in “GiroCheckout_PHP_SDK/log” by default. The webserver needs to have write permissions to this folder. The debug mode should only be used while debugging issues and should be deactivated again afterwards for security and performance reasons.

Accessing the logfile

The logfile is organized into different sections:

Set certificate file

In a Windows server environment, it might happen that cURL is not able to validate the SSL certificate. In such a case, it is necessary to pass cURL a specific certificate file. The SDK provides the possibility of setting a local certificate file. For this, the following code is needed before the $request→submit() method is called:

$request->setSslCertFile('path/to/certificate');

For testing purposes, the certificate validation can be disabled. Please do not use this in your live environment.

$request->setSslVerifyDisabled();