PHP Quick Start

composer require payline/payline-php

<?php // checkout.php — Payment form with Payline.js Secure Fields $publicKey = 'pk_test_your_key'; // from Dashboard → Settings → API Keys $amount = 29900; // 299.00 SEK in minor units $currency = 'SEK'; ?> <!DOCTYPE html> <html> <head> <title>Checkout</title> <script src="https://js.payline.se/v1/payline.js"></script> </head> <body> <form id="payment-form"> <div id="card-number"></div> <div id="card-expiry"></div> <div id="card-cvc"></div> <button type="submit">Pay <?= number_format($amount / 100, 2) ?> <?= $currency ?></button> <div id="error"></div> </form> <script> const payline = Payline('<?= $publicKey ?>'); const fields = payline.secureFields({ locale: 'sv' }); fields.mount('cardNumber', '#card-number'); fields.mount('cardExpiry', '#card-expiry'); fields.mount('cardCvc', '#card-cvc'); document.getElementById('payment-form') .addEventListener('submit', async (e) => { e.preventDefault(); const { token, error } = await fields.tokenize(); if (error) { document.getElementById('error').textContent = error.message; return; } // Send token to process.php const res = await fetch('process.php', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: token.id }), }); const data = await res.json(); if (data.success) window.location = '/success.php'; else document.getElementById('error').textContent = data.error; }); </script> </body> </html>

<?php require_once __DIR__ . '/vendor/autoload.php'; $payline = new Payline\Client('sk_test_your_secret_key'); // Receive token from frontend $token = $_POST['token']; // Create payment $session = $payline->checkoutSessions->create([ 'amount' => 29900, // 299.00 SEK 'currency' => 'SEK', 'payment_token' => $token, 'success_url' => 'https://yoursite.com/success', 'push_url' => 'https://yoursite.com/webhooks', ]); // Return result header('Content-Type: application/json'); echo json_encode([ 'payment_id' => $session->payment_id, 'status' => $session->status, ]);

<?php // webhooks/payline.php — Verify payment completion $payload = file_get_contents('php://input'); $signature = $_SERVER['HTTP_X_PAYLINE_SIGNATURE'] ?? ''; $secret = 'your_push_secret'; // Verify signature $expected = hash_hmac('sha256', $payload, $secret); if (!hash_equals($expected, $signature)) { http_response_code(403); exit('Invalid signature'); } $data = json_decode($payload, true); // Fulfill the order // $orderId = $data['metadata']['order_id']; // updateOrderStatus($orderId, 'paid'); http_response_code(200); echo 'OK';

curl -X POST https://api.payline.se/v1/checkout-sessions \ -H "Authorization: Bearer sk_test_your_secret_key" \ -H "Content-Type: application/json" \ -d '{ "amount": 29900, "currency": "SEK", "payment_token": "pay_tok_xxx", "success_url": "https://yoursite.com/success", "push_url": "https://yoursite.com/webhooks" }'