Verify the transaction

You just have to be sure there's no foul-play. This is money we are talking about!

After either Option 1: Inline and Option 2: Standard, you should verify the transaction before giving value.

The only difference in the verification for both is in the information echoed by the script. Since our inline implementation verifies via AJAX, it would echo JSON data, while the standard implementation will redirect the user to a success page.

  1. Check if the transaction reference has already been given value.
  2. Verify the transaction via our API (We are employing the Paystack-PHP in this sample)
  3. Redirect to the success page or echo JSON as required by your integration.
<?php

// Confirm that reference has not already gotten value
// This would have happened most times if you handle the charge.success event.
// If it has already gotten value by your records, you may call 
// perform_success()

// Get this from https://github.com/yabacon/paystack-class
require 'Paystack.php'; 
// if using https://github.com/yabacon/paystack-php
// require 'paystack/autoload.php';

$paystack = new Paystack('sk_test_xxx');
// the code below throws an exception if there was a problem completing the request, 
// else returns an object created from the json response
$trx = $paystack->transaction->verify(
    [
     'reference'=>$_GET['reference']
    ]
);
// status should be true if there was a successful call
if(!$trx->status){
    exit($trx->message);
}
// full sample verify response is here: https://developers.paystack.co/docs/verifying-transactions
if('success' == $trx->data->status){
    // use trx info including metadata and session info to confirm that cartid
  // matches the one for which we accepted payment
  give_value($reference, $trx)
  perform_success();
}

// functions
function give_value($reference, $trx){
  // Be sure to log the reference as having gotten value
  // write code to give value
}

function perform_success(){
  // inline
  echo json_encode(['verified'=>true]);
  // standard
  header('Location: /success.php');
    exit();
}

❗️

It's data.status==='success' not status=='success'!!!

A common error in many integrations is the one where the developer does a check against the outer status. Please do not make this mistake. The key that has the transaction status is inside the data object i.e. data.status.

Drop comments here


What’s Next