Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

5 salient points you need to know when Integrating your custom application to webpay(interswitch) - PHP Developer's View

After concluding my first ever integration with Interswitch WebPay and fulfilling all their requirements, I find it necessary to write on this blog so as to help other developers that would find the integration worrisome and complicated. Anyway, I felt the same way when I started the integration but my only motivation was to see the integration to completion. After integrating with many payment platforms in Nigeria I still find WebPay as the most stressful because the documentation is not so descriptive on certain things which made the integration confusing, so you have to send mails back and forth to WebPay support team to get clarifications on them.

However, I have highlighted five things that would make your life easier. I am sure you would be happy you found this post.

1. Request HASH Computation
The first problem you are likely to have is the request HASH computation and this can make you go crazy. The failure of this is so frustrating because it is your only way to see the WebPay application where payments would be made. Where the first problem starts is how to encrypt your request combination using SHA512 algorithm. Don't worry so much, there is already an inbuilt PHP function that would do that for you; all you need is to pass the appropriate parameters and everything will be taken care of. Below is a sample code:

$site_redirect_url = "";
$txn_ref = time();
$pay_item_id = 156221;
$macaddress = "*******************************************************";
//echo $txn_ref.$product_id.$pay_item_id.$grandtotal.$site_redirect_url.$macaddress;
$hashkey = hash('SHA512', $txn_ref.$product_id.$pay_item_id.$grandtotal.$site_redirect_url.$macaddress);

$site_redirect_url --> This is where you want the gateway to push your response after any transaction on WebPay (either successful or unsuccessful).

$txn_ref --> This should be a unique identifer for your transaction. You will need this when the response is sent back, to validate some values. I have used time function so as to generate a timestamp everytime a transaction is initiated. This would always be unique.

$pay_item_id -> Yeah this is one of the very confusing part. I had to get a support member team to know that this has to come from Interswitch. So you would have it as part of the documents you are sent.

$macaddress -> This would also be sent from Interswitch. You have to be careful not to leave out any number from this numbers. The numbers are so long(I mean very long) and don't allow space in between them.

$haskey -> with hash function you would be able to encrypt the request combination in SHA512 by specifying the type of encryption you want as the first parameter of the hash inbuilt function. The next is the string you want to encrypt.

You need to be careful with the order of the request. This also got me into trouble until I had to write their support team.

2. The amount is in kobo
It might be confusing to get to the WebPay page and realize that the amount you sent to the application is being reduced by two zeros. Yes I noticed WebPay works with their amount in kobo, so you need to multiply the price you are sending to them by 100.

3. Response Pitfall
Response for me is not as easy as I expected because this was where I got my worst nightmare. Anyway, I will help you through the pitfalls that you need to avoid being trapped in the web. Please, read through the comments on the code to understand what I am trying to do.

I would be using the GET web service. Below is my code to get a response:

$txnRef = $_POST['txnref']
$payRef = $_POST['payRef'];
$refRef = $_POST['refRef'];
$cardNum = $_POST['cardNum'];
$apprAmt = $_POST['apprAmt'];

//we got our request with post global variable because WebPay would push the response to us through post.

$request = ""; //initialising resuest variable

$param["productid"] = $product_id = PRODUCT_ID; //PRODUCT_ID should represent your product id as given by Interswitch
$param["transactionreference"] = $txnRef; //Your transaction reference 
$param["amount"] = $amount_sent_to_webpay_on_request //Retrieve the amount you sent to the server for comparison with the one sent from WebPay
$macaddress = "*******************************************************"; //as received from WebPay

foreach($param as $key=>$val) //traverse through each member of the param array
    $request.= $key."=".urlencode($val); //we have to urlencode the values
    $request.= "&"; //append the ampersand (&) sign after each paramter/value pair

$request = substr($request, 0, strlen($request)-1); //remove the final ampersand sign from the request

$newhash = hash('SHA512', $product_id.$txnRef.$macaddress); //hash your request variable combinations.

$url = "".$request; //prepare the url

//parsing the hash as header
 $opts = array(
     'header'=> "Hash: ".$newhash

$context = stream_context_create($opts);

// Open the file using the HTTP headers set above
$response = file_get_contents($url, false, $context); //done

print_r($response); //print out the response to see what it is.

The response you get should be in xml format so you are free to work with what you have.

4. Working with Response Code
From the previous step above (Step 3), the most important code is the "00" which implies a successful transaction. WebPay makes it compulsory that you print the payment reference and the response from WebPay to the user. See how I have solved this below:

    case "00": 
    $returned_status = "Transaction successful";
    $returned_reason = $response_reason;
    $payment_reference = $payment_reference;

    //update your db with paid transaction

    //send an email to whoever you want to send email to


    $returned_status = "Your Transaction was not Successful";
    $returned_reason = $response_reason;
    $payment_reference = "";


$response_reason and $payment_reference are what you extract from your XML.

5. Send an Email
Please this is very important. It saved my black ass. Whenever you feel confused or any time the going gets tough; when any of the steps I wrote above couldn't help you, please contact their support team. They are prompt, they even respond on Saturdays.


comments powered by Disqus