# MPGS

#### Pay

Pay the transaction.

## Confirm (Pay)

<mark style="color:green;">`POST`</mark> `https://api.plutus.ly/api/v1/transaction/mpgs/confirm`

Pay the transaction

#### Headers

| Name                                            | Type   | Description             |
| ----------------------------------------------- | ------ | ----------------------- |
| Authorization<mark style="color:red;">\*</mark> | String | Bearer: \[Access token] |
| X-API-KEY<mark style="color:red;">\*</mark>     | String | API Key                 |

#### Request Body

| Name                                          | Type   | Description                                                                                                                                                                    |
| --------------------------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| amount<mark style="color:red;">\*</mark>      | String | <p>Transaction amount in US dollars.</p><p>Formatting is allowed with a maximum of two decimal places: <strong>XXX</strong>, <strong>XX.X</strong>, <strong>XX.XX</strong></p> |
| invoice\_no<mark style="color:red;">\*</mark> | String | Invoice number associated with transaction, **must be unique and not previously used.**                                                                                        |
| return\_url<mark style="color:red;">\*</mark> | String | Redirect URL after completing the payments                                                                                                                                     |
| customer\_ip                                  | String | \[Optional] Customer IP address                                                                                                                                                |
| lang                                          | String | \[Optional] Accepts **ar** or **en**, by default **ar**                                                                                                                        |

{% tabs %}
{% tab title="200: OK " %}

```javascript
{
    "status": 200,
    "result": {
        "code": "CHECKOUT_REDIRECT",
        "redirect_url": "https://xxxxxxxxxxxxxxx"
    }
}
```

{% endtab %}

{% tab title="400: Bad Request " %}

```javascript
{
    "error": {
        "status": 4xx,
        "code": "ERROR_CODE_PLACEHOLDER",
        "message": "ERROR_MESSAGE_PLACEHOLDER"
    }
}
```

You can review the [Errors](https://docs.plutu.ly/errors#mpgs-errors) section for all possible errors
{% endtab %}
{% endtabs %}

{% tabs %}
{% tab title="CURL" %}
{% code overflow="wrap" %}

```php
curl --location --request POST 'https://api.plutus.ly/api/v1/transaction/mpgs/confirm' \
--header 'X-API-KEY: [API_KEY]' \
--header 'Authorization: Bearer [ACCESS_TOKEN]' \
--form 'amount="[AMONUT]"' \
--form 'invoice_no="[INVOICE_NO]"' \
--form 'return_url="[RETURN_URL]"' \
--form 'customer_ip="[CUSTOMER_IP]"'
```

{% endcode %}
{% endtab %}

{% tab title="PHP" %}
{% code overflow="wrap" lineNumbers="true" %}

```php
<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://api.plutus.ly/api/v1/transaction/mpgs/confirm',
  CURLOPT_RETURNTRANSFER => true,

  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => array(
    'amount' => '[AMONUT]', 
    'invoice_no' => '[INVOICE_NO]', 
    'return_url' => '[RETURN_URL]', 
    'customer_ip' => '[CUSTOMER_IP]'
  ),
  CURLOPT_HTTPHEADER => array(
    'X-API-KEY: [API_KEY]',
    'Authorization: Bearer [ACCESS_TOKEN]'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
```

{% endcode %}
{% endtab %}

{% tab title="Plutu PHP Package" %}
{% code lineNumbers="true" %}

```php
<?php

use Plutu\Services\PlutuMpgs;

$amount = 5.0; // amount in float format
$invoiceNo = 'inv-12345'; // invoice number
$returnUrl = 'https://example.com/callback/handler'; // the url to handle the callback from plutu

try {

    $api = new PlutuMpgs;
    $api->setCredentials('api_key', 'access_token', 'secret_key');
    $apiResponse = $api->confirm($amount, $invoiceNo, $returnUrl);

    if ($apiResponse->getOriginalResponse()->isSuccessful()) {

        // Redirect URL for Plutu checkout page
        $redirectUrl = $apiResponse->getRedirectUrl();

        // You should rediect the customer to payment checkout page
        // header("location: " . $redirectUrl);

    } elseif ($apiResponse->getOriginalResponse()->hasError()) {

        // Possible errors from Plutu API
        // @see https://docs.plutu.ly/api-documentation/errors Plutu API Error Documentation
        $errorCode = $apiResponse->getOriginalResponse()->getErrorCode();
        $errorMessage = $apiResponse->getOriginalResponse()->getErrorMessage();
        $statusCode = $apiResponse->getOriginalResponse()->getStatusCode();
        $responseData = $apiResponse->getOriginalResponse()->getBody();

    }

// Handle exceptions that may be thrown during the execution of the code
// The following are the expected exceptions that may be thrown:
// Check the "Handle Exceptions and Errors" section for more details
// 
// InvalidAccessTokenException, InvalidApiKeyException, InvalidSecretKeyException,
// InvalidAmountException, InvalidInvoiceNoException, InvalidReturnUrlException
} catch (\Exception $e) {
    $exception = $e->getMessage();
}
```

{% endcode %}

Check out the example [Confirm (Pay)](https://github.com/getplutu/plutu-php/blob/main/examples.md#confirm-pay-2) in the Plutu PHP Examples document on GitHub.
{% endtab %}
{% endtabs %}

### Callback handler

The callback will be received from Plutu when the transaction is completed or canceled. This gives a Merchant better control of how the transaction is processed on the Merchant's side. This is useful e.g. when you want to mark an order as paid, update your shop's inventory, or add appropriate records to Merchant’s internal accounting system.

**Callback response parameters:**

The callback is called with HTTP **GET** and with the same query string parameters as in the redirect

<table><thead><tr><th width="150">Parameter</th><th>Description</th><th data-hidden>Value</th></tr></thead><tbody><tr><td>gateway</td><td>Gateway name: <strong>mpgs</strong></td><td></td></tr><tr><td>approved</td><td>It will only be returned if the transaction is approved and completed <strong>and</strong> <strong>must be checked</strong> <strong>to be 1 (true)</strong></td><td>1</td></tr><tr><td>canceled</td><td>It will only be returned if the transaction is canceled by the customer</td><td></td></tr><tr><td>amount</td><td>amount sent in the request</td><td></td></tr><tr><td>currency</td><td>Transaction currency refers to the currency used for processing payments through MPGS and is configured in your Plutu account. It currently supports <strong>USD</strong></td><td></td></tr><tr><td>invoice_no</td><td>Invoice number sent in the pay request</td><td></td></tr><tr><td>transaction_id</td><td>Plutu transaction id</td><td></td></tr><tr><td>hashed</td><td>Hash message authorization code (HMAC) is used to verify both the data integrity and the authorization of a message.</td><td></td></tr></tbody></table>

{% hint style="info" %}
SHA-256 HMAC is calculated as follows:

* The SHA-256 HMAC calculation includes all response query string parameters and key-value pairs except the “**hashed**” parameter.&#x20;
* Create an SHA-256 HMAC of the resultant string using the secret key created in the Plutu account and convert it to uppercase and compare it with the “**hashed**” parameter received in the callback.
  {% endhint %}