Backend Code

Step 1: Receive the POST request from your frontend script

Step 2: Get the browser information necessary to make a charge request

2A) Get server specific browser information needed to make a BreathePay charge request:

//PHP
$serverBrowserInfo = array(
    'deviceChannel' => 'browser',
    'deviceIdentity' => (isset($_SERVER['HTTP_USER_AGENT']) ? htmlentities($_SERVER['HTTP_USER_AGENT']) : null),
    'deviceTimeZone' => '0',
    'deviceCapabilities' => '',
    'deviceScreenResolution' => '1x1x1',
    'deviceAcceptContent' => (isset($_SERVER['HTTP_ACCEPT']) ? htmlentities($_SERVER['HTTP_ACCEPT']) : null),
    'deviceAcceptEncoding' => (isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? htmlentities($_SERVER['HTTP_ACCEPT_ENCODING']) : null),
    'deviceAcceptLanguage' => (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? htmlentities($_SERVER['HTTP_ACCEPT_LANGUAGE']) : null),
    'deviceAcceptCharset' => (isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? htmlentities($_SERVER['HTTP_ACCEPT_CHARSET']) : null)
);

2B) Merge the frontend browser information from the POST request, with the server specific browser information retrieved above:

//PHP, Laravel
$browserInfo = array_merge($serverBrowserInfo, (array) $request->browserInfo);

Step 3: Create the data object to POST to the BreathePay API

3A) Create initial object with payment information:

//PHP
$data = [
    'merchantID' => YOUR_MERCHANT_ID,
    'action' => 'SALE',
    'type' => 1,
    'countryCode' => 826, //UK
    'currencyCode' => 826, //GBP
    'amount' => AMOUNT_IN_PENCE, //100 = £1
    'orderRef' => ORDER_REFERENCE, //order ID for example
    'paymentToken' => $request->paymentToken, //the token picked up from hosted payment fields
    'remoteAddress' => $_SERVER['REMOTE_ADDR']
];

3B) Merge the browser information collected in step 2 with the initial object above:

//PHP
$data = array_merge((array) $data, $browserInfo);

Step 4: Create a BreathePay Request Signature

You must include a BreathePay signature with every request sent to the BreathePay API, this is to ensure the request has not been tampered with. Every BreathePay response will also include its own BreathePay signature which you must verify upon receiving it to ensure their response has also not been tampered with

4A) Copy this function for creating a BreathePay signature:

//PHP
public function createBreathePaySignature(array $data, $key) {
    // Sort by field name
    ksort($data);
    
    // Create the URL encoded signature string
    $ret = http_build_query($data, '', '&');
    
    // Normalise all line endings (CRNL|NLCR|NL|CR) to just NL (%0A)
    $ret = str_replace(array('%0D%0A', '%0A%0D', '%0D'), '%0A', $ret);
    
    // Hash the signature string and the key together
    return hash('SHA512', $ret . $key);
}

4B) Calculate and attach the signature to the data object:

//PHP
$data['signature'] = $this->createBreathePaySignature($data, YOUR_MERCHANT_SECRET);

Step 5: Send the POST request to the BreathePay API

5A) Add this function for sending CURL requests to the BreathePay API

//PHP
public function sendRequest($data){
    // Initiate and set curl options to post to the gateway
    $ch = curl_init('https://gateway.breathepay.co.uk/direct/');
    
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
    // Send the request and parse the response
    parse_str(curl_exec($ch), $response);
    
    // Close the connection to the gateway
    curl_close($ch);
    
    return $response;
}

5B) Use the function to send the data above to BreathePay:

//PHP
$response = $this->sendRequest($data)

Step 6: Handling a response

To check how to handle responses from the BreathePay API, check the next page