itsoft/revolut

Revolut API in one php-class in one file without any dependencies.

Maintainers

Details

github.com/itsoft7/revolut-php

Homepage

Source

Issues

Installs: 440

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 2

Forks: 1

Open Issues: 0

v1.1.0 2021-03-14 13:58 UTC

Requires

MIT 74a332b4605e9f912d4846a15ad83416a47b3a53

phpapisinglerevolut

This package is auto-updated.

Last update: 2024-05-14 20:42:08 UTC

README

simple PHP library for the Revolut Business API

Build

🚀 Features

  • One file
  • No external dependencies
  • Support for older versions of PHP

💡 Motivation

Revolut API has the following bugs:

  • Scope is not supported. E.g. you cannot give read-only access to your Revolut application. It's a shame.
  • No possibility to revoke the token. Again it's a shame. You can ask for a new token (refresh token) and not save it, but it's a kludge.
  • No possibility to add a second account (IBAN) to a counterparty. Delete and create is a bad solution due to old payments are linked to the counterparty uuid. We can add several counterparties with different IBANs, and get into a mess while distinguishing between 2 different companies with the same name.
  • It's very bad there's no MFA when sending payments via the API. We need a second independent channel to confirm (sign) payments. It can be SMS or TOTP.

Revolut API is very unsafe.

Revolut Business API Documentation.

🍭 Demo

You can find a demo app using this library here: https://github.com/maslick/revolutor

✅ Installation

composer require itsoft/revolut

🎱 Usage

cd your_secret_keys_dir/revolut
openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825
more publickey.cer

Add the contents of publickey.cer to Revolut Business API settings page and point your OAuth redirect URI. Save ClientId and Enable API access to your account.

Create insecure revolut.cfg.php

This config saves tokens in files. You can save them to a database or other places, but for security reasons better not to save them, see the next section Secured revolut.cfg.php.

<?php
$ROOT_PATH = '/www/your-crm...';

require_once $ROOT_PATH . 'vendor/autoload.php';
$path2token = $ROOT_PATH . 'token/revolut.txt';
$path2refresh_token = $ROOT_PATH . 'token/revolut_refresh_token.txt';


$a_token = json_decode(file_get_contents($path2token));
$r_token = json_decode(file_get_contents($path2refresh_token));

$params = [
	'apiUrl' => 'https://b2b.revolut.com/api/1.0',
	'authUrl' => 'https://business.revolut.com/app-confirm', 
	'clientId' => 'YOUR-CLIENT-ID',
	'privateKey' => file_get_contents('your_secret_keys_dir/revolut/privatekey.pem'),
	'redirectUri' => 'https://your_site.com/redirect_uri/', //OAuth redirect URI
	'accessToken' => $a_token->access_token,
	'accessTokenExpires' => $a_token->expires,
	'refreshToken' => $r_token->refresh_token,
	'refreshTokenExpires' => $r_token->expires,
	'saveAccessTokenCallback' => function ($access_token, $expires) use ($path2token) {file_put_contents($path2token, json_encode(['access_token' => $access_token, 'expires' => $expires]));},
	'saveRefreshTokenCallback' => function ($refresh_token, $expires) use ($path2refresh_token) {file_put_contents($path2refresh_token, json_encode(['refresh_token' => $refresh_token, 'expires' => $expires]));},
	'logErrorCallback' => function ($error){mail('your_email@domin.com', 'Revolut API Error', $error);}
];


// for debug you can use
// $params['apiUrl'] =  'https://sandbox-b2b.revolut.com/api/1.0';
// $params['authUrl'] = 'https://sandbox-business.revolut.com/app-confirm';

$revolut = new \ITSOFT\Revolut\Revolut($params);

Secured revolut.cfg.php

<?php
$ROOT_PATH = '/www/your-crm...';

require_once $ROOT_PATH . 'vendor/autoload.php';
$params = [
	'apiUrl' => 'https://b2b.revolut.com/api/1.0',
	'authUrl' => 'https://business.revolut.com/app-confirm',
	'clientId' => 'YOUR-CLIENT-ID',
	'privateKey' => file_get_contents('your_secret_keys_dir/revolut/privatekey.pem'),
	'redirectUri' => 'https://your_site.com/redirect_uri/', //OAuth redirect URI
	'accessToken' => '',
	'accessTokenExpires' => '',
	'refreshToken' => '',
	'refreshTokenExpires' => '',
	'saveAccessTokenCallback' => function ($access_token, $expires){},
	'saveRefreshTokenCallback' => function ($refresh_token, $expires){},
	'logErrorCallback' => function ($error){mail('your_email@domin.com', 'Revolut API Error', $error);}
];


// for debug you can use
// $params['apiUrl'] =  'https://sandbox-b2b.revolut.com/api/1.0';
// $params['authUrl'] = 'https://sandbox-business.revolut.com/app-confirm';


$revolut = new \ITSOFT\Revolut\Revolut($params);

Code for OAuth redirect URI (https://your_site.com/redirect_uri/)

require_once 'revolut.cfg.php';

if(isset($_GET['code'])) $revolut->exchangeCodeForAccessToken();
elseif(!$revolut->accessToken) $revolut->goToConfirmationURL();
  
print "<pre><h2>accounts</h2>\n";
print_r($revolut->accounts());

print "<h2>counterparties</h2>\n";
print_r($revolut->counterparties());

print "<h2>getExchangeRate</h2>\n";
print_r($revolut->getExchangeRate(['from'=>'USD', 'to'=>'EUR']));
print_r($revolut->getExchangeRate(['from'=>'EUR', 'to'=>'USD']));

print "<h2>transactions</h2>\n";
print_r($revolut->transactions());

Create payment and other methods

$revolut->createPayment($params);

For $params see tutorials-make-a-payment-create-payment and api-reference createPayment.

For other methods see https://github.com/itsoft7/revolut-php/blob/master/src/Revolut.php