Plutu Documentation
  • API Documentation
    • Introduction
    • Authentication
      • IP Whitelist
    • Payments
      • Sadad
      • Adfali
      • Local Bank Cards
      • MPGS
      • T-Lync Service
    • Errors
    • Testing
  • SDKs
    • Plutu PHP
    • Plutu Laravel
  • Plugins and extensions
    • Plutu WooCommerce
    • Plutu Formidable
    • Plutu OpenCart
Powered by GitBook
On this page
  • Confirm (Pay)
  • Callback handler

Was this helpful?

  1. API Documentation
  2. Payments

MPGS

Mastercard Payment Gateway Services (MPGS) is a secure payment gateway that enables businesses to accept online payments from customers through various payment channels.

PreviousLocal Bank CardsNextT-Lync Service

Last updated 6 months ago

Was this helpful?

Pay

Pay the transaction.

Confirm (Pay)

POST https://api.plutus.ly/api/v1/transaction/mpgs/confirm

Pay the transaction

Headers

Name
Type
Description

Authorization*

String

Bearer: [Access token]

X-API-KEY*

String

API Key

Request Body

Name
Type
Description

amount*

String

Transaction amount in US dollars.

Formatting is allowed with a maximum of two decimal places: XXX, XX.X, XX.XX

invoice_no*

String

Invoice number associated with transaction, must be unique and not previously used.

return_url*

String

Redirect URL after completing the payments

customer_ip

String

[Optional] Customer IP address

lang

String

[Optional] Accepts ar or en, by default ar

{
    "status": 200,
    "result": {
        "code": "CHECKOUT_REDIRECT",
        "redirect_url": "https://xxxxxxxxxxxxxxx"
    }
}
{
    "error": {
        "status": 4xx,
        "code": "ERROR_CODE_PLACEHOLDER",
        "message": "ERROR_MESSAGE_PLACEHOLDER"
    }
}

You can review the section for all possible errors

curl --location --request POST 'https://api.plutus.ly/api/v1/transaction/mpgs/confirm' \
--header 'X-API-KEY: [API_KEY]' \
--header 'Authorization: Bearer [ACCESS_TOKEN]' \
--form 'amount="[AMONUT]"' \
--form 'invoice_no="[INVOICE_NO]"' \
--form 'return_url="[RETURN_URL]"' \
--form 'customer_ip="[CUSTOMER_IP]"'
<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://api.plutus.ly/api/v1/transaction/mpgs/confirm',
  CURLOPT_RETURNTRANSFER => true,

  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => array(
    'amount' => '[AMONUT]', 
    'invoice_no' => '[INVOICE_NO]', 
    'return_url' => '[RETURN_URL]', 
    'customer_ip' => '[CUSTOMER_IP]'
  ),
  CURLOPT_HTTPHEADER => array(
    'X-API-KEY: [API_KEY]',
    'Authorization: Bearer [ACCESS_TOKEN]'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
<?php

use Plutu\Services\PlutuMpgs;

$amount = 5.0; // amount in float format
$invoiceNo = 'inv-12345'; // invoice number
$returnUrl = 'https://example.com/callback/handler'; // the url to handle the callback from plutu

try {

    $api = new PlutuMpgs;
    $api->setCredentials('api_key', 'access_token', 'secret_key');
    $apiResponse = $api->confirm($amount, $invoiceNo, $returnUrl);

    if ($apiResponse->getOriginalResponse()->isSuccessful()) {

        // Redirect URL for Plutu checkout page
        $redirectUrl = $apiResponse->getRedirectUrl();

        // You should rediect the customer to payment checkout page
        // header("location: " . $redirectUrl);

    } elseif ($apiResponse->getOriginalResponse()->hasError()) {

        // Possible errors from Plutu API
        // @see https://docs.plutu.ly/api-documentation/errors Plutu API Error Documentation
        $errorCode = $apiResponse->getOriginalResponse()->getErrorCode();
        $errorMessage = $apiResponse->getOriginalResponse()->getErrorMessage();
        $statusCode = $apiResponse->getOriginalResponse()->getStatusCode();
        $responseData = $apiResponse->getOriginalResponse()->getBody();

    }

// Handle exceptions that may be thrown during the execution of the code
// The following are the expected exceptions that may be thrown:
// Check the "Handle Exceptions and Errors" section for more details
// 
// InvalidAccessTokenException, InvalidApiKeyException, InvalidSecretKeyException,
// InvalidAmountException, InvalidInvoiceNoException, InvalidReturnUrlException
} catch (\Exception $e) {
    $exception = $e->getMessage();
}

Callback handler

The callback will be received from Plutu when the transaction is completed or canceled. This gives a Merchant better control of how the transaction is processed on the Merchant's side. This is useful e.g. when you want to mark an order as paid, update your shop's inventory, or add appropriate records to Merchant’s internal accounting system.

Callback response parameters:

The callback is called with HTTP GET and with the same query string parameters as in the redirect

Parameter
Description

gateway

Gateway name: mpgs

approved

It will only be returned if the transaction is approved and completed and must be checked to be 1 (true)

canceled

It will only be returned if the transaction is canceled by the customer

amount

amount sent in the request

currency

Transaction currency refers to the currency used for processing payments through MPGS and is configured in your Plutu account. It currently supports USD

invoice_no

Invoice number sent in the pay request

transaction_id

Plutu transaction id

hashed

Hash message authorization code (HMAC) is used to verify both the data integrity and the authorization of a message.

SHA-256 HMAC is calculated as follows:

  • The SHA-256 HMAC calculation includes all response query string parameters and key-value pairs except the “hashed” parameter.

  • Create an SHA-256 HMAC of the resultant string using the secret key created in the Plutu account and convert it to uppercase and compare it with the “hashed” parameter received in the callback.

Check out the example in the Plutu PHP Examples document on GitHub.

Confirm (Pay)
Errors