Pay with PhonePe - Secure Payment Gateway

Table of Contents

How to Integrate PhonePe Payment Gateway in PHP

PhonePe is a widely-used payment gateway in India that supports UPI transactions. Integrating PhonePe into your PHP application can streamline the payment process for your users. This guide will walk you through the process step-by-step.

Prerequisites

A PhonePe merchant account.
Your API credentials (Merchant ID and Salt Key).
A PHP-based application.

If you do not have a merchant account, register here.

Step 1: Register as a Merchant

Visit the PhonePe Business Portal.
Sign Up: Click on Get Started or Sign Up.
Fill in the required details:
- Business Name
- Business Type
- Contact Details
- Bank Account Information
Verify Business Details: Upload necessary documents (GST Certificate, PAN, Aadhaar, etc.).
Approval and Account Activation: Once approved, you will receive your login credentials via email or SMS.

Step 2: Obtain API Credentials

Log in to your merchant dashboard using the credentials provided during registration.
Navigate to the Integration/Settings section.
Obtain your Merchant ID and Salt Key.
If the Salt Key is not visible, follow the instructions on the dashboard to generate it securely.

Step 3: Configure Payment Gateway Integration

API Credentials

    $saltKey = 'YOUR_API_KEY';  // Replace with your key
   $merchantId = 'MERCHANT_ID';  // Replace with your merchant id
   $base_url = 'http://example.com/';  // Replace with your url
   $saltIndex = '1';  // Replace your salt index

Payment Request Data (Payload)

$payLoad = array( 
    'merchantId' => $merchantId,   //  Replace with your merchant ID
    'merchantTransactionId' => "UniqueTransactionID",  // Give Unique Transaction ID
    'merchantUserId' => "M-" . uniqid(),  //  Replace your Unique  User ID
    'amount' => 10 * 100,   // Amount in paisa 
    'redirectUrl' => $base_url . "redirect-url",  // Replace Your Redirect Url
    'redirectMode' => "POST",  // Request in Post
    'callbackUrl' => $base_url . "redirect-url",  // Replace Your Redirect Url
    'mobileNumber' => "9999999999",  // Replace Your Mobile Number
    'message' => "Sample Message",  // Give A Msg or Descripation
    'email' => "example@gmail.com",  // Replace Your Email 
    'shortName' => "Your Name",  // // Replace Your Name
    'paymentInstrument' => array( 
        'type' => "PAY_PAGE",  // Always PAY_PAGE
    ), 
);

Convert Payload to Base64

$jsonencode = json_encode($payLoad); 
$payloadbase64 = base64_encode($jsonencode);

Calculate Checksum (X-Verify Header)

$payloadData = $payloadbase64 . "/pg/v1/pay" . $saltKey; 
$sha256 = hash("sha256", $payloadData);   // Convert sha256
$checksum = $sha256 . '###' . $saltIndex; 
$request = json_encode(array('request' => $payloadbase64));

Step 4: Send Payment Request

API Endpoint

Production: https://api.phonepe.com/apis/hermes/pg/v1/pay
Sandbox: https://api-preprod.phonepe.com/apis/pg-sandbox/pg/v1/pay

Using cURL to Make the Request

$curl = curl_init(); 
curl_setopt_array($curl, [ 
    CURLOPT_URL => "", // Replace with Production or Sandbox URL 
    CURLOPT_RETURNTRANSFER => true, 
    CURLOPT_SSL_VERIFYHOST => 0, 
    CURLOPT_SSL_VERIFYPEER => 0, 
    CURLOPT_CUSTOMREQUEST => "POST", 
    CURLOPT_POSTFIELDS => $request, 
    CURLOPT_HTTPHEADER => [ 
        "Content-Type: application/json", 
        "X-VERIFY: " . $checksum, 
        "accept: application/json", 
    ], 
]); 

$response = curl_exec($curl); 
$err = curl_error($curl); 
curl_close($curl); 

if ($err) { 
    echo "cURL Error #:" . $err; 
} else { 
    $res = json_decode($response); 
    if (isset($res->success) && $res->success == '1') { 
        $payUrl = $res->data->instrumentResponse->redirectInfo->url; 
        header('Location:' . $payUrl); 
    } 
}

check-status.php

Step 5: Check Payment Status

Generate Checksum for Status Check

$saltKey = "Give Here Your Salt Key"; 
$saltIndex = "Give Here Your Salt Index";
if (isset($_POST['merchantId']) &&  isset($_POST['transactionId'])) {
 $merchantId = $_POST["merchantId"];
 $transcationId = $_POST["transactionId"];
}
$st = "/pg/v1/status/" . $merchantId . "/" . $transcationId . $saltKey;  // 
$dataSha256 = hash("sha256", $st); 
$checksum = $dataSha256 . "###" . $saltIndex;

Make the GET Request

$headers = array( 
    "Content-Type: application/json", 
    "accept: application/json", 
    "X-VERIFY: " . $checksum, 
    "X-MERCHANT-ID:" . $merchantId, 
); 

$url = "" . $merchantId . "/" . $transactionId; 

$curl = curl_init(); 

curl_setopt($curl, CURLOPT_URL, $url);  // here url
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'GET'); // GET Request
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); 
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); 
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); 

$response = curl_exec($curl); 
curl_close($curl); 
$responsePayment = json_decode($response, true); 
print_r($responsePayment);  // Print the responce then send the response data in our success url

Final Notes:

Always test in sandbox mode before switching to production.
Ensure secure storage of your Salt Key and Merchant ID.
Monitor the transaction status for failed or pending payments.