You must include a BreathePay signature with every request sent to the BreathePay API, this is to ensure the request has not been tampered with.
Every BreathePay response will also include its own BreathePay signature which you must verify upon receiving it to ensure their response has also not been tampered with
4A) Copy this function for creating a BreathePay signature:
//PHP
public function createBreathePaySignature(array $data, $key) {
// Sort by field name
ksort($data);
// Create the URL encoded signature string
$ret = http_build_query($data, '', '&');
// Normalise all line endings (CRNL|NLCR|NL|CR) to just NL (%0A)
$ret = str_replace(array('%0D%0A', '%0A%0D', '%0D'), '%0A', $ret);
// Hash the signature string and the key together
return hash('SHA512', $ret . $key);
}
4B) Calculate and attach the signature to the data object:
Step 5: Send the POST request to the BreathePay API
5A) Add this function for sending CURL requests to the BreathePay API
//PHP
public function sendRequest($data){
// Initiate and set curl options to post to the gateway
$ch = curl_init('https://gateway.breathepay.co.uk/direct/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Send the request and parse the response
parse_str(curl_exec($ch), $response);
// Close the connection to the gateway
curl_close($ch);
return $response;
}
5B) Use the function to send the data above to BreathePay:
//PHP
$response = $this->sendRequest($data)
Step 6: Handling a response
To check how to handle responses from the BreathePay API, check the next page