initpay/ck

Official PHP SDK for InitPay-ck: Plug. Pay. Done.

Maintainers

Package info

github.com/AldazActivator/initpay-ck-sd

pkg:composer/initpay/ck

Statistics

Installs: 5

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

dev-main 2026-03-21 08:53 UTC

Requires

  • php: >=7.4

MIT 751768e65e23ce721fa05095de647c9c0fb3064d

  • InitPay <aldazactivator.woop@gmail.com>

This package is auto-updated.

Last update: 2026-03-21 08:53:16 UTC

README

SDK oficial de Init-Pay para PHP. Integra pagos crypto en minutos.

  • PHP >= 7.4
  • Autoload PSR-4: InitPayCK\\src/

Instalación

composer require initpay/ck

Inicio rápido

<?php
require __DIR__ . '/vendor/autoload.php';

use InitPayCK\Client;

$initpay = new Client([
    'init_key'        => 'IP_TU_INITPAY_KEY',
    'init_secret'     => 'SK_TU_INITPAY_SECRET',
    // Opcionales:
    'base_url'        => 'https://init-pay.com/api/v1',
    'timeout'         => 20,
    'connect_timeout' => 6,
    'verify_ssl'      => true,
]);

$payment = $initpay->createPayment([
    'brand' => 'Mi Tienda',
    'payer' => [
        'payment_method' => 'InitPay',
    ],
    'transactions' => [[
        'amount'      => ['total' => '10.00'],
        'description' => 'Compra iPhone 15 Pro Max',
    ]],
    'redirect_urls' => [
        'webhook_url' => 'https://tutienda.com/webhook.php',
        'return_url'  => 'https://tutienda.com/gracias',
        'cancel_url'  => 'https://tutienda.com/cancelado',
    ],
]);

// Obtener URL del checkout
$checkoutUrl = $payment['links'][0]['init_point'] ?? '';
header('Location: ' . $checkoutUrl);
exit;

Autenticación

El SDK envía el header automáticamente:

Authorization: Bearer base64(init_key:init_secret)

Solo necesitas pasar init_key y init_secret. Las puedes obtener en tu panel en init-pay.com/api-keys.

createPayment()

Campos del request

{
    "brand": "Mi Tienda",
    "payer": {
        "payment_method": "InitPay"
    },
    "transactions": [{
        "amount": {
            "total": "10.00",
            "details": {
                "base_amount":    "9.90",
                "commission_fee": "0.10"
            }
        },
        "description": "Descripción del producto"
    }],
    "redirect_urls": {
        "webhook_url": "https://tutienda.com/webhook.php",
        "return_url":  "https://tutienda.com/gracias",
        "cancel_url":  "https://tutienda.com/cancelado"
    }
}

Respuesta típica

{
    "status":   "success",
    "order_id": "6278775f-559a-4404-a05a-60262819365f",
    "note":     49524,
    "links": [{
        "init_point": "https://init-pay.com/checkout/6278775f-559a-4404-a05a-60262819365f"
    }]
}

Webhook — payment.completed

Cuando el pago se confirma, Init-Pay envía un POST JSON a tu webhook_url.

Payload del webhook

{
    "event":    "payment.completed",
    "status":   "completed",
    "order_id": "6278775f-559a-4404-a05a-60262819365f",
    "note":     49524,
    "brand":    "Mi Tienda",
    "method":   "trc20",
    "amount": {
        "db":           "10.10",
        "base_amount":  "10.00",
        "final_amount": "10.10",
        "fee_amount":   "0.10"
    },
    "description": "Compra iPhone 15 Pro Max",
    "transaction": {
        "amount":  "10.10",
        "network": "TRX"
    },
    "completed_at": "2026-01-19T18:22:01Z"
}

Comportamiento recomendado

Envía el webhook una sola vez, solo cuando el pago pasa de pending a completed.

Patrón seguro para evitar duplicados:

UPDATE payments SET status = 'completed'
WHERE order_id = ? AND status != 'completed'

Si affected_rows === 1 → procesa el pago. Si affected_rows === 0 → ya estaba completado, ignora.

Webhook receiver (webhook.php)

<?php
declare(strict_types=1);

$raw  = file_get_contents('php://input') ?: '';
$data = json_decode($raw, true);

if (!is_array($data) || ($data['event'] ?? '') !== 'payment.completed') {
    http_response_code(400);
    echo json_encode(['ok' => false, 'error' => 'Invalid payload']);
    exit;
}

$orderId = (string)($data['order_id'] ?? '');
$amount  = (string)($data['amount']['final_amount'] ?? '0');

if ($orderId === '') {
    http_response_code(400);
    echo json_encode(['ok' => false, 'error' => 'Missing order_id']);
    exit;
}

// Verifica firma HMAC (si la tienes configurada)
$signature = $_SERVER['HTTP_X_INITPAY_SIGNATURE'] ?? '';
if ($signature !== '') {
    $expected = hash_hmac('sha256', $raw, $orderId);
    if (!hash_equals($expected, $signature)) {
        http_response_code(403);
        echo json_encode(['ok' => false, 'error' => 'Invalid signature']);
        exit;
    }
}

// Tu lógica aquí: marcar orden como pagada, activar servicio, etc.

http_response_code(200);
echo json_encode(['ok' => true, 'order_id' => $orderId]);

Manejo de errores

<?php
use InitPayCK\Client;
use InitPayCK\Exceptions\HttpException;
use InitPayCK\Exceptions\ValidationException;

try {
    $client = new Client([
        'init_key'    => 'IP_TU_KEY',
        'init_secret' => 'SK_TU_SECRET',
    ]);

    $res = $client->createPayment([ /* ... */ ]);

} catch (ValidationException $e) {
    // Credenciales faltantes o configuración inválida
    echo $e->getMessage();

} catch (HttpException $e) {
    // Error HTTP de la API (4xx, 5xx)
    echo $e->getMessage();
}

Redes soportadas

Red Moneda Descripción
BINANCE_PAY USDT Pago instantáneo Binance
USDT_TRC20 USDT Red TRON
USDT_BEP20 USDT Binance Smart Chain
USDT_ERC20 USDT Red Ethereum
USDC USDC USD Coin

Planes

Plan Comisión Acceso API
Free 1% No
Pro 0.5% Si
VIP 0.25% Si

Seguridad

  • Usa siempre HTTPS en tu webhook_url.
  • Valida event, order_id y montos antes de procesar.
  • Implementa verificación HMAC con el header X-InitPay-Signature.
  • Nunca expongas tu init_secret en el frontend.

Links

Licencia

MIT