Sending a payment gateway POST request through a RESTful API

Question

I am trying to integrate a payment gateway into a website that is being driven by AngularJS on the front-end and PHP Yii Framework on the backend. The backend is a REST API.

I have a page on my website with all my buying options. When a user clicks on the "Buy" button alongside any of these options I need the user to be sent to the payment page of the payment gateway service provider along with the required details sent as a POST request.

To do this, first I am sending a JSON to one of my APIs. This JSON contains some product related details and that's about it. It is as follows.

$scope.payment = {
    key: '',
    txnid: '',
    amount: '1250',
    productinfo: '3',
    firstname: '',
    email: '',
    phone: '',
    surl: '',
    furl: '',
    hash: '',
    service_provider: ''
  };

Except the amount and product info, all other values are empty.

Once this JSON is received by the API, the API decodes this JSON and fills it up with all the other values. The API code is as follows.

public function actionMakePayment () {

    $returnInfo = array("requireLogin"=>false);

    if (!$this->isLogedIn()) {
        $returnInfo['requireLogin'] = true; // Checking if user is logged in
    } else {
        $userId = Yii::app()->user->id; // Getting user id
        $currentUserModel = User::model()->findByPk($userId); // Extracting user model
        $email = $currentUserModel->email; // Extracting email ID
        $phone = $currentUserModel->contact_no; // Extracting contact number
        $first_name = $currentUserModel->first_name; // Extracting first name

        $action = '';

        $json = file_get_contents('php://input'); // Taking in the posted JSON
        $posted = json_decode($json, true); // Decoding JSON

        $MERCHANT_KEY = "XXXXXX"; // Setting merchant key
        $SALT = "XXXXXXXX"; // Setting merchant SALT
        $PAYU_BASE_URL = "https://paymentgateway.com"; // Gateway domain name
        $SERVICE_PROVIDER = "service_provider"; // Gateway provider ID

        $RETURN_URL = "http://domain.com/rest/api/resolvePayment"; // Setting URL for redirection after payment is made or cancelled

        $formError = 0; // POST data error check

        // Assigning txnid
        if (empty($posted['txnid'])) {
            $txnid = substr(hash('sha256', mt_rand() . microtime()), 0, 20);
            $posted['txnid'] = $txnid;
        } else {
            $txnid = $posted['txnid'];
        }

        $posted['key'] = $MERCHANT_KEY; // assigning the merchant key
        $posted['surl'] = $RETURN_URL; // assigning success URL
        $posted['furl'] = $RETURN_URL; // assigning failure URL
        $posted['service_provider'] = $SERVICE_PROVIDER; // assigning
        $posted['firstname'] = $first_name; // assigning name
        $posted['phone'] = $phone; // assigning contact number
        $posted['email'] = $email;

        $hash = '';
        $hashSequence = "key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10";

        if (empty($posted['hash']) && sizeof($posted) > 0) {
            if (
                empty($posted['key']) ||
                empty($posted['txnid']) ||
                empty($posted['amount']) ||
                empty($posted['firstname']) ||
                empty($posted['email']) ||
                empty($posted['phone']) ||
                empty($posted['productinfo']) ||
                empty($posted['surl']) ||
                empty($posted['furl']) ||
                empty($posted['service_provider'])
            ) {
                $formError = 1;
            } else {
                $hashVarsSeq = explode('|', $hashSequence);
                $hash_string = '';

                foreach($hashVarsSeq as $hash_var) {
                    $hash_string .= isset($posted[$hash_var]) ? $posted[$hash_var] : '';
                    $hash_string .= '|';
                }

                $hash_string .= $SALT;

                $hash = strtolower(hash('sha512', $hash_string));
                $posted['hash'] = $hash;
                $action = $PAYU_BASE_URL . '/_payment';
            }

        } else if (!empty($posted['hash'])) {
            $hash = $posted['hash'];
            $action = $PAYU_BASE_URL . '/_payment';
        }
    }

    echo json_encode($posted);

    **$this->send_post($action, $posted);**

}

When I echo $posted as a response to the API, it returns the exact JSON I am required to POST to the payment gateway URL. Now comes the part where I am struggling. I am using the last line of code to send the data as POST request to the URL $action. The code for the function "send_post" is as follows.

private function send_post($url, $data) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url); // set url to post to
    // curl_setopt($ch, CURLOPT_FAILonerror, TRUE); //Fail on error
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // return into a variable
    curl_setopt($ch, CURLOPT_POST, TRUE); // set POST method
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data); // add POST fields
    $result = curl_exec($ch); // run the whole process
    curl_close($ch);
    return $result;
}

I had to comment out the CURLOPT_FAILonerror option as it throws an error. Do not know why. Also, after putting up all this code, when I click on the "buy" button on the front-end, the API executes and return $posted, but I am not taken to the payment page, and I don't know if the data gets posted or not. There is no error in the response to the API call. It executes perfectly as far as I can see.

Can someone help me with this? I am posting the data correctly? Or am I supposed to post the $hash_string variable? The last few parts are confusing me.

maybe this link will useful for you... http://stackoverflow.com/questions/5576619/php-redirect-with-post-data — rikkyrk, Apr 09 '15 at 17:45
Hey. Thanks a lot. I actually did something very similar. I created an intermediate page on PHP and sent the variables as a GET request. I then used these GET variables on the page to sent them to the gateway as a POST request. Not strictly an answer to my question, but it worked and that's all I care about. :) — srthu, Apr 17 '15 at 06:47

score 0 · Accepted Answer · answered Apr 17 '15 at 06:51

This is not strictly an answer to the issue I faced with CURL. But I figured a work around. I sent the parameters as GET variables to an intermediate PHP page that I built. I then captured these GET variables in the PHP page and sent them as a POST request to the payment gateway.

I don't know why CURL did not work, and after I spoke to the payment gateway tech guys they were very much against using CURL. So I tried to send a POST request to the gateway using AngularJS itself. But this was another huge (and seemingly popular) problem with response headers in Angular. I went through a lot of forums to check for solutions but nothing worked for me. So I finally decided to build and intermediate PHP page and work it out as described above.

Sending a payment gateway POST request through a RESTful API

1 Answers1