Formatting is allowed with a maximum of two decimal places: XXX, XX.X, XX.XX
invoice_no*
String
Invoice number associated with transaction, must be unique and not previously used.
mobile_number*
String
Valid mobile number format start with 9x or 09
email
String
[Optional] Email address
return_url*
String
URL after payment is completed to allow the customer to return to the order/invoice
callback_url*
String
The URL of your Instant update Server URL to track your order/invoice, instantly sent by Plutu when the transaction is complete.
This URL must be publicly accessible; private and localhost URLs are not supported.
<?php
use Plutu\Services\PlutuTlync;
$amount = 5.0; // amount in float format
$invoiceNo = 'inv-12345'; // invoice number
$returnUrl = 'https://example.com/return/handler'; // the url to handle the return from plutu after payment completed from T-Lync
$callbackUrl = 'https://example.com/callback/handler'; // the url to handle the callback trgigger from plutu after payment completed from T-Lync
try {
$api = new PlutuTlync;
$api->setCredentials('api_key', 'access_token', 'secret_key');
$apiResponse = $api->confirm($amount, $invoiceNo, $returnUrl, $callbackUrl);
if ($apiResponse->getOriginalResponse()->isSuccessful()) {
// Redirect URL for Plutu and T-Lync checkout page
$redirectUrl = $apiResponse->getRedirectUrl();
// You should rediect the customer to payment checkout page
// header("location: " . $redirectUrl);
} elseif ($apiResponse->getOriginalResponse()->hasError()) {
// Possible errors from Plutu API
// @see https://docs.plutu.ly/api-documentation/errors Plutu API Error Documentation
$errorCode = $apiResponse->getOriginalResponse()->getErrorCode();
$errorMessage = $apiResponse->getOriginalResponse()->getErrorMessage();
$statusCode = $apiResponse->getOriginalResponse()->getStatusCode();
$responseData = $apiResponse->getOriginalResponse()->getBody();
}
// Handle exceptions that may be thrown during the execution of the code
// The following are the expected exceptions that may be thrown:
// Check the "Handle Exceptions and Errors" section for more details
//
// InvalidAccessTokenException, InvalidApiKeyException, InvalidSecretKeyException,
// InvalidAmountException, InvalidInvoiceNoException, InvalidReturnUrlException, InvalidCallbackUrlException
} catch (\Exception $e) {
$exception = $e->getMessage();
}
Callback handler
The callback will be received from Plutu when the transaction is completed. This gives a Merchant better control of how the transaction is processed on the Merchant's side. This is useful e.g. when you want to mark an order as paid, update your shop's inventory, or add appropriate records to Merchant’s internal accounting system.
Callback parameters:
The callback is called with HTTP POST as JSON
Parameter
Description
gateway
Gateway name: tlync
approved
1 or 0 (true, false), the transaction is completed andmust be checkedto be 1 (true)
invoice_no
Invoice number sent in the pay request
amount
The amount sent in the request
paymet_method
The payment method in which the transaction was completed on T-Lync.
Supported payment methods: tadawul, edfaly, sadad, mobicash, and moamalat
transaction_id
Plutu transaction id
hashed
Hash message authorization code (HMAC) is used to verify both the data integrity and the authorization of a message.
Return handler
Once the payment has been completed client can be redirected to the merchant-provided return URL.
Return parameters:
The callback is called with HTTP GET and with the same query string parameters as in the redirect
Parameter
Description
approved
Transaction completed
invoice_no
Invoice number sent in the pay request
hashed
Hash message authorization code (HMAC) is used to verify both the data integrity and the authorization of a message.
SHA-256 HMAC is calculated as follows:
The SHA-256 HMAC calculation includes all response parameters and key-value pairs except the “hashed” parameter.
Create an SHA-256 HMAC of the resultant string using the secret key created in the Plutu account, convert it to uppercase, and compare it with the “hashed” parameter received in the callback or return handler.
