SearchPhonePe sends asynchronous payment status updates to your webhook URL via webhooks. It’s crucial to implement this to ensure reliable payment confirmation.
This is used to verify whether the callback received is valid or not.
Create a PHP script that listens for incoming POST requests from PhonePe at your configured callbackUrl.
You need to pass 4 parameters to the validateCallback() function
| Parameter Name | Data Type | Mandatory | Description |
|---|---|---|---|
username | String | Yes | Unique username configured for the callback url. |
password | String | Yes | Unique password configured for the callback url. |
authorization | String | Yes | Value of the Authorization header under the callback response. |
responseBody | String | Yes | Callback response body as string. |
Example usage :
<?php
require_once "vendor/autoload.php";
use PhonePe\payments\v2\standardCheckout\StandardCheckoutClient;
use PhonePe\common\exceptions\PhonePeException;
// Retrieve headers and request body
$headers = getallheaders();
$requestBody = file_get_contents("php://input");
// Your username and password for callback verification
$username = "YOUR_USERNAME";
$password = "YOUR_PASSWORD";
// Initialize PhonePe Client
$clientId = "YOUR_CLIENT_ID"; // Replace with your Client ID
$clientVersion = 2; // Replace with your Client Version
$clientSecret = "YOUR_CLIENT_SECRET"; // Replace with your Client Secret
$env = \PhonePe\Env::PRODUCTION; // Replace with your Environment
$standardCheckoutClient = StandardCheckoutClient::getInstance(
$clientId,
$clientVersion,
$clientSecret,
$env
);
try {
$callbackResponse = $standardCheckoutClient->verifyCallbackResponse(
$headers,
json_decode($requestBody, true),
$username,
$password
); // Process the callback response
} catch (\PhonePe\common\exceptions\PhonePeException $e) {
// Handle exceptions (e.g., log the error)
echo "Error validating callback response: " . $e->getMessage();
}
?>Key Notes
- Authentication: The PhonePe authenticates the merchant on the callback using Basic Authentication. The merchant needs to verify the authenticity of the callbacks from PhonePe by validating the username and password in the authorization header.
- Get all the headers using getallheaders().
- Read the request body using file_get_contents(‘php://input’).
- Call verifyCallbackResponse() to verify the callback and parse the response.
- Use appropriate HTTP status codes to acknowledge the callback:
- 200 OK: Indicates successful processing of the callback. The PhonePe system will retry callbacks that don’t receive a 200 OK response.
- 400 Bad Request: Indicates an error in the request or verification failure.
- 500 Internal Server Error: Indicates a server-side error.
- Log all errors for debugging purposes.
Returns :
The function returns a CallbackResponse if the callback is valid, otherwise throws a PhonePeException.
Callback Response:
| Property | Data Type | Description |
|---|---|---|
type | String | Contains event type of callback received at the merchant end. |
payload | Object | Contains callback details. |
Callback Types
| Callback Type | Context |
|---|---|
CHECKOUT_ORDER_COMPLETED | Order completed |
CHECKOUT_ORDER_FAILED | Order failed |
PG_REFUND_ACCEPTED | PhonePe has acknowledged the Refund request is valid |
PG_REFUND_COMPLETED | Refund request is successfully completed |
PG_REFUND_FAILED | Refund request failed |
CallbackData Properties :
| Property | Data Type | Description |
|---|---|---|
merchantId | String | The merchant from which request was initiated. |
orderId | String | Order id generated by PhonePe. (Only present in case of order callbacks) |
merchantOrderId | String | Order id generated by merchant. (Only present in case of order callbacks) |
originalMerchantOrderId | String | Internal transaction id for given payment attempt. (Only present in case of refund callback) |
refundId | String | Refund id generated by PhonePe. (Only present in case of refund callback) |
merchantRefundId | String | Refund id generated by merchant. (Only present in case of refund callback) |
state | String | State of the order/refund. |
amount | Long | Amount in Paisa of the order/refund processed |
expireAt | Long | Expiry in epoch. |
errorCode | String | Error code. (Only present when state is failed) |
detailedErrorCode | String | Detailed error code. (Only present when state is failed) |
metaInfo | Object | Additional Information about the order |
paymentDetails | List<PaymentDetail> | Contain list of details of each transaction attempt made corresponding to this particular order |
PaymentDetail Object :
| Property | Data Type | Description |
|---|---|---|
transactionId | String | Transaction Id generated by the PhonePe |
paymentMode | String | Mode of Payment. It can be anyone of the following modes: 1.UPI_INTENT 2. UPI_COLLECT 3. UPI_QR 4. CARD 5. TOKEN 6. NET_BANKING |
timestamp | Long | Timestamp of the attempted transaction in epoch |
state | String | Attempted transaction state. It can be any one of the following states: 1. COMPLETED 2. FAILED 3. PENDING |
errorCode | String | Error code present only when the transaction state is Failed |
| String | Detailed Error Code present only when transaction state is Failed |