This package is abandoned and no longer maintained. No replacement package was suggested.

Helper class to work with the PostFinance e-payment system

v1.0.1 2017-05-29 08:15 UTC

This package is auto-updated.

Last update: 2024-05-06 22:37:04 UTC


This class helps to implement basic e-commerce features from PostFinance Switzerland. The implementation follows the official documentation.

Install it

composer require 'offline/postfinance'

Use it

See index.php for an example.

Define your parameters as an array. Get your SHA-IN signature at hand. Initialize a class instance and pass your parameter array to setParamList.

$shaInSignature = 'Configuration -> Technical information -> Data and origni verification -> SHA-IN pass phrase';
$params = [
    'PSPID'        => 'your-postfinance-username',
    'ORDERID'      => '1234',
    'AMOUNT'       => '200' * 100,
    'CURRENCY'     => 'CHF',
    'LANGUAGE'     => 'de_CH',

$postfinance = new Offline\PaymentGateways\PostFinance($shaInSignature);

In your view file call getFormFields wherever you want to output the hidden input fields.

<form action="" method="post">
    <?= $postfinance->getFormFields(); ?>
    <input type="submit" value="Submit Example">

Using different algorithms

To use SHA256 or SHA512 algorithms, simply pass the php MHASH constant as second parameter:

$postfinance256 = new Offline\PaymentGateways\PostFinance($shaInSignature, 'sha256');
$postfinance512 = new Offline\PaymentGateways\PostFinance($shaInSignature, 'sha512');

Validating SHA-OUT signatures

Make sure you have the option I would like to receive transaction feedback parameters on the redirection URLs. under Transaktion feedback enabled.

$shaOutSignature = 'Configuration -> Transaction feedback -> SHA-OUT pass phrase';
$shaSign = isset($_GET['SHASIGN']) ? $_GET['SHASIGN'] : '';

$postfinance = new PostFinance($shaOutSignature);

$isValid = $postfinance->getDigest() === $shaSign;