Do a redirect to the authorization URL received from calling the transaction/initialize
endpoint. This URL is valid for one time use, so ensure that you generate a new URL per transaction.
When the payment is successful, we will call your callback URL (as setup in your dashboard or while initializing the transaction) and return the reference sent in the first step as a query parameter.
If you use a test secret key, we will call your test callback url, otherwise, we'll call your live callback url.
- Confirm that your server can conclude a TLSv1.2 connection to Paystack's servers. Most up-to-date software have this capability. Contact your service provider for guidance if you have any SSL errors.
Don't disable SSL peer verification!
email
and amount
are the most common compulsory parameters. Do send a unique email per customer. If your customers do not provide a unique email, please devise a strategy to set one for each of them. The amount we accept on all endpoint are in kobo and must be an integer value. For instance, to accept 456 naira, 78 kobo, please send 45678 as the amount
.
Initialize a transaction by calling our API.
When the user enters their card details, Paystack will validate and charge the card. When successful, Paystack will:
Redirect back to a
callback_url
set when initializing the transaction or on your dashboard at: https://dashboard.paystack.co/#/settings/developer . If neither is set, Customers see a "Transaction was successful" message.Send a
charge.success
event to your Webhook URL set at: https://dashboard.paystack.co/#/settings/developerIf receipts are not turned off, an HTML receipt will be sent to the customer's email.
Before you give value to the customer, please make a server-side call to our verification endpoint to confirm the status and properties of the transaction.
We will post a charge.success
event to the webhook URL set for your transaction's domain. If it was a live transaction, we will post to your live webhook url and vice-versa.
- if using
.htaccess
, remember to add the trailing/
to the url you set. - Do a test post to your URL and ensure the script gets the post body.
- Only set a publicly available url (
http://localhost
cannot receive!)
// Retrieve the request's body
$body = @file_get_contents("php://input");
$signature = (isset($_SERVER['HTTP_X_PAYSTACK_SIGNATURE']) ? $_SERVER['HTTP_X_PAYSTACK_SIGNATURE'] : '');
/* It is a good idea to log all events received. Add code *
* here to log the signature and body to db or file */
if (!$signature) {
// only a post with paystack signature header gets our attention
exit();
}
define('PAYSTACK_SECRET_KEY','sk_xxxx_xxxxxx');
// confirm the event's signature
if( $signature !== hash_hmac('sha512', $body, PAYSTACK_SECRET_KEY) ){
// silently forget this ever happened
exit();
}
http_response_code(200);
// parse event (which is json string) as object
// Give value to your customer but don't give any output
// Remember that this is a call from Paystack's servers and
// Your customer is not seeing the response here at all
$event = json_decode($body);
switch($event->event){
// charge.success
case 'charge.success':
// TIP: you may still verify the transaction
// before giving value.
break;
}
exit();
After we redirect to your callback url, please verify the transaction before giving value.
$curl = curl_init();
$reference = isset($_GET['reference']) ? $_GET['reference'] : '';
if(!$reference){
die('No reference supplied');
}
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.paystack.co/transaction/verify/" . rawurlencode($reference),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
"accept: application/json",
"authorization: Bearer SECRET_KEY",
"cache-control: no-cache"
],
));
$response = curl_exec($curl);
$err = curl_error($curl);
if($err){
// there was an error contacting the Paystack API
die('Curl returned error: ' . $err);
}
$tranx = json_decode($response);
if(!$tranx->status){
// there was an error from the API
die('API returned error: ' . $tranx->message);
}
if('success' == $tranx->data->status){
// transaction was successful...
// please check other things like whether you already gave value for this ref
// if the email matches the customer who owns the product etc
// Give value
}
Read more about the transaction/initialize endpoint on our API reference: Initialize Transaction