EPaySe
Coming Soon

PHP SDK

The official EPaySe PHP SDK is under development. In the meantime, use the REST API directly with the examples below.

Why PHP with EPaySe?

Native cURL

PHP's built-in cURL extension makes API calls straightforward with no additional dependencies.

HMAC Support

PHP's hash_hmac() function provides native HMAC-SHA256 signature generation.

Laravel Ready

Works seamlessly with Laravel's HTTP client, middleware, and webhook handling.

Create a Transaction

Create a payment transaction using PHP's cURL extension with HMAC authentication:

PHP
Create Transaction (PHP cURL)
<?php

// Initialize credentials
$apiKey = 'your_api_key';
$secretKey = 'your_secret_key';

// Build request payload
$timestamp = time();
$nonce = bin2hex(random_bytes(16));
$payload = json_encode([
    'amount' => 100.00,
    'currency' => 'USD',
    'orderId' => 'ORD-' . uniqid(),
    'description' => 'Payment for Order #1234',
    'returnUrl' => 'https://yoursite.com/payment/callback',
    'cancelUrl' => 'https://yoursite.com/payment/cancel',
]);

// Generate HMAC-SHA256 signature
$signatureString = $timestamp . $nonce . $payload;
$signature = hash_hmac('sha256', $signatureString, $secretKey);

// Send API request
$ch = curl_init('https://api.epayse.com/api/v1/transaction/create');
curl_setopt_array($ch, [
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $payload,
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'X-Api-Key-Id: ' . $apiKey,
        'X-Signature: ' . $signature,
        'X-Timestamp: ' . $timestamp,
        'X-Nonce: ' . $nonce,
    ],
    CURLOPT_RETURNTRANSFER => true,
]);

$response = json_decode(curl_exec($ch), true);
curl_close($ch);

if ($response['status'] === 'SUCCESS') {
    // Redirect customer to checkout page
    header('Location: ' . $response['data']['checkout_url']);
}

Create a Refund

Issue a full or partial refund for a completed transaction:

PHP
Create Refund
<?php

$transactionId = '01kbkzs3pdcdkjvsq2xb2j0ej3';
$refundPayload = json_encode([
    'transactionId' => $transactionId,
    'refundAmount' => 50.00,
    'reason' => 'Customer request',
]);

$timestamp = time();
$nonce = bin2hex(random_bytes(16));
$signature = hash_hmac('sha256', $timestamp . $nonce . $refundPayload, $secretKey);

$ch = curl_init('https://api.epayse.com/api/v1/refund/create');
curl_setopt_array($ch, [
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $refundPayload,
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'X-Api-Key-Id: ' . $apiKey,
        'X-Signature: ' . $signature,
        'X-Timestamp: ' . $timestamp,
        'X-Nonce: ' . $nonce,
    ],
    CURLOPT_RETURNTRANSFER => true,
]);

$refundResponse = json_decode(curl_exec($ch), true);
curl_close($ch);

Verify Webhook Signature

Always verify webhook signatures to ensure requests are genuinely from EPaySe:

PHP
Webhook Signature Verification
<?php

function verifyWebhookSignature(
    string $payload,
    array $headers,
    string $secretKey
): bool {
    $signature = $headers['X-Signature'] ?? '';
    $timestamp = $headers['X-Timestamp'] ?? '';
    $nonce = $headers['X-Nonce'] ?? '';

    // Reject if timestamp is older than 5 minutes
    if (abs(time() - (int) $timestamp) > 300) {
        return false;
    }

    $expected = hash_hmac('sha256', $timestamp . $nonce . $payload, $secretKey);

    return hash_equals($expected, $signature);
}

// In your webhook endpoint
$payload = file_get_contents('php://input');
$headers = getallheaders();

if (!verifyWebhookSignature($payload, $headers, $secretKey)) {
    http_response_code(401);
    exit('Invalid signature');
}

$event = json_decode($payload, true);

switch ($event['event']) {
    case 'transaction.success':
        // Handle successful payment
        break;
    case 'refund.completed':
        // Handle completed refund
        break;
}

http_response_code(200);
echo json_encode(['received' => true]);

Laravel Integration Example

If you're using Laravel, you can use the built-in HTTP client for a cleaner integration:

PHP
Laravel Payment Controller
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;

class PaymentController extends Controller
{
    private string $baseUrl = 'https://api.epayse.com/api/v1';

    public function createPayment(Request $request)
    {
        $apiKey = config('services.epayse.api_key');
        $secretKey = config('services.epayse.secret_key');

        $payload = json_encode([
            'amount' => $request->amount,
            'currency' => 'USD',
            'orderId' => $request->order_id,
            'description' => $request->description,
            'returnUrl' => route('payment.callback'),
            'cancelUrl' => route('payment.cancel'),
        ]);

        $timestamp = time();
        $nonce = bin2hex(random_bytes(16));
        $signature = hash_hmac('sha256', $timestamp . $nonce . $payload, $secretKey);

        $response = Http::withHeaders([
            'X-Api-Key-Id' => $apiKey,
            'X-Signature' => $signature,
            'X-Timestamp' => $timestamp,
            'X-Nonce' => $nonce,
        ])->withBody($payload, 'application/json')
          ->post("{$this->baseUrl}/transaction/create");

        if ($response->successful() && $response->json('status') === 'SUCCESS') {
            return redirect($response->json('data.checkout_url'));
        }

        return back()->withErrors(['payment' => 'Payment creation failed']);
    }
}

Related Resources

Explore the full API documentation for detailed endpoint specifications.

Authentication
Transaction API
Refund API
Webhooks