PHP development SDK for connections to GiroCheckout Payment Gateway
The GiroCockpit SDK allows a simple implementation of the GiroCheckout API. The SDK includes all API calls provided by GiroCheckout. For every API there is an example script in the examples section.
- The SDK uses the cURL extension for server communication.
- All data must be given in UTF-8. The SDK does not take care of the conversion.
- PHP >= 5.2
GiroCheckout SDK is available both in composer compatible form and as a standalone library.
Download the current standalone GiroCheckout PHP SDK here.
Find the instructions for the composer version below.
In order for this to work, you need to install composer. Please follow the instructions on the Composer website for this, but in a nutshell it's this (in a Linux or iOS environment):
# Install Composer
curl -sS https://getcomposer.org/installer | php
You should then make it available globally:
mv composer.phar /usr/local/bin/composer
Remember to give the file execution permissions.
Now, simply include GiroCheckout in your PHP project:
composer clear-cache
composer require girosolution/girocheckout-sdk
This will create a composer.json file in your project (if you don't already have one), add the lines necessary to include GiroCheckout and then download and install it in the vendor folder.
If you already have a previous composer-based version of the SDK installed, you may update to the latest published version like this:
composer update
GiroCheckout uses two parallel channels for the communication between the GiroCheckout server and the Shop: The notification (or notify for short) and the redirect. The notify is a server to server call in the background, whereas the redirect runs over the customer's browser, showing him the transaction result at the end. Both paths must function separately and independently from each other, in case one of them doesn't reach its destination. This way, the transaction is also successful if the notification happens to not arrive at the shop for whatever reason (so only the redirect could be successful) or if the customer interrupts the redirection to the shop site (so only the notify gets through). But of course a check is required on both sides whether the order has already been processed in the shop, in order to avoid a duplicate processing.
Please also see API Basics.
The folder "examples" includes example scripts for all supported payment methods and API calls. The folder "logos" contains the current logo images for all payment methods.
API documentation | Request type | Object name |
---|---|---|
eps | ||
check eps bank status | epsBankstatus | GiroCheckout_SDK_EpsBankstatus() |
eps issuer list | epsIssuerList | GiroCheckout_SDK_EpsIssuerList() |
eps transaction | epsTransaction | GiroCheckout_SDK_EpsTransaction() |
giropay | ||
check bank status | giropayBankstatus | GiroCheckout_SDK_GiropayBankstatus() |
giropay-ID | giropayIDCheck | GiroCheckout_SDK_GiropayIDCheck() |
giropay transaction | giropayTransaction | GiroCheckout_SDK_GiropayTransaction() |
giropay +giropay-ID | giropayTransaction | GiroCheckout_SDK_GiropayTransaction() |
iDEAL | ||
iDEAL get issuer list | idealIssuerList | GiroCheckout_SDK_IdealIssuerList() |
iDEAL transaction | idealPayment | GiroCheckout_SDK_IdealPayment() |
credit card | ||
credit card payment | creditCardTransaction | GiroCheckout_SDK_CreditCardTransaction() |
get PKN | creditCardGetPKN | GiroCheckout_SDK_CreditCardGetPKN() |
recurring credit card payment | creditCardRecurringTransaction | GiroCheckout_SDK_CreditCardRecurringTransaction() |
credit card void | creditCardVoid | GiroCheckout_SDK_CreditCardVoid() |
direct debit | ||
direct debit without payment page | directDebitTransaction | GiroCheckout_SDK_DirectDebitTransaction() |
direct debit payment page | directDebitTransactionWithPaymentPage | GiroCheckout_SDK_DirectDebitTransactionWithPaymentPage() |
direct debit void | directDebitVoid | GiroCheckout_SDK_DirectDebitVoid() |
Maestro | ||
Maestro payment | maestroTransaction | GiroCheckout_SDK_MaestroTransaction() |
Maestro capture | maestroCapture | GiroCheckout_SDK_MaestroCapture() |
Maestro refund | maestroRefund | GiroCheckout_SDK_MaestroRefund() |
paydirekt | ||
Paydirekt payment | paydirektTransaction | GiroCheckout_SDK_PaydirektTransaction() |
Paydirekt capture | paydirektCapture | GiroCheckout_SDK_PaydirektCapture() |
Paydirekt refund | paydirektRefund | GiroCheckout_SDK_PaydirektRefund() |
Paydirekt void | paydirektVoid | GiroCheckout_SDK_PaydirektVoid() |
Payment Page Transaktion | ||
Payment through Payment Page | paypageTransaction | GiroCheckout_SDK_PaypageTransaction() |
Project request | paypageProjects | GiroCheckout_SDK_PaypageProjects() |
Sofort | ||
Sofort payment | sofortuwTransaction | GiroCheckout_SDK_SofortUwTransaction() |
PayPal | ||
PayPal transaction | paypalTransaction | GiroCheckout_SDK_PaypalTransaction() |
Tools | ||
get transaction information | getTransactionTool | GiroCheckout_SDK_Tools_GetTransaction() |
This implementation example is based on the "examples/giropay/giropayTransaction.php" file.
require '../vendor/autoload.php';
use girosolution\GiroCheckout_SDK\GiroCheckout_SDK_Request;
The file "autload.php" has to be included in an appropriate place, to use API functionalities. It is located inside the vendor folder created by composer. So make sure the path to it is correct.
You may also want to add a "use" statement for every GiroCheckout class you use. GiroCheckout_SDK_Request will always be used at least.
$merchantID = xxx;
$projectID = xxx;
$projectPassword = xxx;
This data is provided in the GiroCockpit. Ensure that the used project ID is correct and belongs to an API call. For example you can only use a giropay project ID for a "giropayTransaction" request.
$request = new GiroCheckout_SDK_Request('giropayTransaction');
$request->setSecret($projectPassword);
$request->addParam('merchantId',$merchantID)
->addParam('projectId',$projectID)
->addParam('merchantTxId',1234567890)
->addParam('amount',100)
->addParam('currency','EUR')
->addParam('purpose','Beispieltransaktion')
->addParam('bic','TESTDETT421')
->addParam('info1Label','Ihre Kundennummer')
->addParam('info1Text','0815')
->addParam('urlRedirect','https://www.my-domain.de/girocheckout/redirect-giropay')
->addParam('urlNotify','https://www.my-domain.de/girocheckout/notify-giropay')
//the hash field is auto generated by the SDK
->submit();
To perform a request there has to be instantiated and configurated a request object (list of all request types). The project password has to be given to the request object by calling the setSecret() method. It is used for the hash generation. Any API parameters, exept for the hash param, have to be set to the request object by calling addParam().
The method submit() performs the API call to GiroCheckout.
if($request->requestHasSucceeded()) {
$request->getResponseParam('rc');
$request->getResponseParam('msg');
$request->getResponseParam('reference');
$request->getResponseParam('redirect');
$request->redirectCustomerToPaymentProvider();
}
/* if the transaction did not succeed, update your local system, get the responsecode and notify the customer */
else {
$request->getResponseParam('rc');
$request->getResponseParam('msg');
$request->getResponseMessage($request->getResponseParam('rc'),'DE');
}
The method requestHasSucceeded() returns true, if the request was successfully performed. Any API response parameters are provided by the getResponseParam() method. The customer redirection can be performet by calling the redirectCustomerToPaymentProvider() method. The buyer will be redirected to the URL given in the redirect parameter.
If an eror occured there is the error code stored in the rc param. The method getResponseMessage() delivers a translated error message in a supporded language.
This implementation example is based on the “examples/notification.php” file.
require '../vendor/autoload.php';
use girosolution\GiroCheckout_SDK\GiroCheckout_SDK_Request;
As stated above, the file "autload.php" has to be included in an appropriate place, to use API functionalities. It is located inside the vendor folder created by composer. So make sure the path to it is correct.
You may also want to add a "use" statement for every GiroCheckout class you use. GiroCheckout_SDK_Request will always be used at least.
$projectPassword = xxx;
The password is provided in the GiroCockpit. It is used for the hash comparison, to ensure that the data is coming from GiroCheckout.
$notify = new GiroCheckout_SDK_Notify('giropayTransaction');
$notify->setSecret($projectPassword);
$notify->parseNotification($_GET);
The notification object works the same way as the request object. First it has to be instantiated with the transaction type (list of all request types) and configured with the password.
Afterwards an array needs to be passed to the parseNotification() method that holds the request parameters .
if($notify->paymentSuccessful()) {
$notify->getResponseParam('gcReference');
$notify->getResponseParam('gcMerchantTxId');
$notify->getResponseParam('gcBackendTxId');
$notify->getResponseParam('gcAmount');
$notify->getResponseParam('gcCurrency');
$notify->getResponseParam('gcResultPayment');
if($notify->avsSuccessful()) {
$notify->getResponseParam('gcResultAVS');
}
$notify->sendOkStatus();
exit;
}
else {
$notify->getResponseParam('gcReference');
$notify->getResponseParam('gcMerchantTxId');
$notify->getResponseParam('gcBackendTxId');
$notify->getResponseParam('gcResultPayment');
$notify->sendOkStatus();
exit;
}
The method paymentSuccessful() returns true, if the payment has succeeded. In case of a giropay-ID transaction the method avsSuccessful() delivers the result of the age verification. Any response parameter can be obtained via the getResponseParam() method.
sendOkStatus(), sendBadRequestStatus() and sendOtherStatus() may be used to respond to the request by sending the appropriate header.
HTTP status code | Method | Description |
---|---|---|
200 (OK) | sendOkStatus() | The notification was processed correctly. |
400 (Bad Request) | sendBadRequestStatus() | The merchant did not process the notification and does not wish to be notified again. |
all others | sendOtherStatus() | The notification is repeated no more than 10 times every 30 minutes until the merchant returns the status code 200 or 400. |
In special cases it may be necessary to access a different server for development and tests than the default https://payment.girosolution.de. Should you have received another endpoint URL from Girosolution, there is a way of overriding the default server.
You may do this in one of three ways:
- In your PHP Code:
apache_setenv( "GIROCHECKOUT_SERVER", "https://other.endpoint.de" );
- On the Linux command line (e.g. for executing the SDK examples without a browser):
export GIROCHECKOUT_SERVER=https://other.endpoint.de
- In the Apache configuration (within the VirtualHost section):
SetEnv GIROCHECKOUT_SERVER "https://other.endpoint.de"
It is possible to operate the server communication via a proxy, if your environment requires to do so. To implement this, include the following code and modify the parameters accordingly, before the GiroCheckout_SDK_Request::submit() function is called:
$Config = GiroCheckout_SDK_Config::getInstance();
$Config->setConfig('CURLOPT_PROXY', 'http://myproxy.com'):
$Config->setConfig('CURLOPT_PROXYPORT', 9090);
$Config->setConfig('CURLOPT_PROXYUSERPWD', 'myuser:mypasswd');
The SDK offers the possibility of debugging an API call. In order to use this, you need to define a constant which has to be set to “true”:
define('__GIROCHECKOUT_SDK_DEBUG__',true);
Now the SDK will write a log file which is located in “GiroCheckout_PHP_SDK/log” by default. The webserver needs to have write permissions to this folder. The debug mode should only be used while debugging issues and should be deactivated again afterwards for security and performance reasons.
The logfile is organized into different sections:
Section | Description | Common issues |
---|---|---|
start | Gives the timestamp when the script was loaded | |
PHP ini | Provides information about PHP, cURL and SSL | cURL or SSL is not activated |
transaction | Shows the used API call | |
params set | Shows any parameters that were given to the request object | parameters are missing |
cURL request | Includes any parameters that are sent to GiroCheckout | |
cURL reply | cURL information about the server reply | |
reply params | Any parameters in the server's reply | |
notify input | Information about the notify call (parameters, timestamp) | |
reply params | Information about the used reply method | |
exception | Includes the error description |
In a Windows server environment, it might happen that cURL is not able to validate the SSL certificate. In such a case, it is necessary to pass cURL a specific certificate file. The SDK provides the possibility of setting a local certificate file. For this, the following code is needed before the $request→submit() method is called:
$request->setSslCertFile('path/to/certificate');
For testing purposes, the certificate validation can be disabled. Please do not use this in your live environment.
$request->setSslVerifyDisabled();