# Backend Code
**Step 1:** Receive the POST request from your frontend script
**Step 2:** Get the browser information necessary to make a charge request
2A) Get server specific browser information needed to make a BreathePay charge request:
```php
//PHP
$serverBrowserInfo = array(
'deviceChannel' => 'browser',
'deviceIdentity' => (isset($_SERVER['HTTP_USER_AGENT']) ? htmlentities($_SERVER['HTTP_USER_AGENT']) : null),
'deviceTimeZone' => '0',
'deviceCapabilities' => '',
'deviceScreenResolution' => '1x1x1',
'deviceAcceptContent' => (isset($_SERVER['HTTP_ACCEPT']) ? htmlentities($_SERVER['HTTP_ACCEPT']) : null),
'deviceAcceptEncoding' => (isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? htmlentities($_SERVER['HTTP_ACCEPT_ENCODING']) : null),
'deviceAcceptLanguage' => (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? htmlentities($_SERVER['HTTP_ACCEPT_LANGUAGE']) : null),
'deviceAcceptCharset' => (isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? htmlentities($_SERVER['HTTP_ACCEPT_CHARSET']) : null)
);
```
2B) Merge the frontend browser information from the POST request, with the server specific browser information retrieved above:
```php
//PHP, Laravel
$browserInfo = array_merge($serverBrowserInfo, (array) $request->browserInfo);
```
**Step 3:** Create the data object to POST to the BreathePay API
3A) Create initial object with payment information:
```php
//PHP
$data = [
'merchantID' => YOUR_MERCHANT_ID,
'action' => 'SALE',
'type' => 1,
'countryCode' => 826, //UK
'currencyCode' => 826, //GBP
'amount' => AMOUNT_IN_PENCE, //100 = £1
'orderRef' => ORDER_REFERENCE, //order ID for example
'paymentToken' => $request->paymentToken, //the token picked up from hosted payment fields
'remoteAddress' => $_SERVER['REMOTE_ADDR']
];
```
3B) Merge the browser information collected in step 2 with the initial object above:
```php
//PHP
$data = array_merge((array) $data, $browserInfo);
```
**Step 4:** Create a BreathePay Request Signature
{% hint style="info" %}
You must include a BreathePay signature with every request sent to the BreathePay API, this is to ensure the request has not been tampered with. \
\
Every BreathePay response will also include its own BreathePay signature which you must verify upon receiving it to ensure their response has also not been tampered with
{% endhint %}
4A) Copy this function for creating a BreathePay signature:
//PHP
public function createBreathePaySignature(array $data, $key) {
// Sort by field name
ksort($data);
// Create the URL encoded signature string
$ret = http_build_query($data, '', '&');
// Normalise all line endings (CRNL|NLCR|NL|CR) to just NL (%0A)
$ret = str_replace(array('%0D%0A', '%0A%0D', '%0D'), '%0A', $ret);
// Hash the signature string and the key together
return hash('SHA512', $ret . $key);
}
4B) Calculate and attach the signature to the data object:
```php
//PHP
$data['signature'] = $this->createBreathePaySignature($data, YOUR_MERCHANT_SECRET);
```
**Step 5:** Send the POST request to the BreathePay API
5A) Add this function for sending CURL requests to the BreathePay API
//PHP
public function sendRequest($data){
// Initiate and set curl options to post to the gateway
$ch = curl_init('https://gateway.breathepay.co.uk/direct/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Send the request and parse the response
parse_str(curl_exec($ch), $response);
// Close the connection to the gateway
curl_close($ch);
return $response;
}
5B) Use the function to send the data above to BreathePay:
```php
//PHP
$response = $this->sendRequest($data)
```
**Step 6:** Handling a response
To check how to handle responses from the BreathePay API, check the next page