How to Integrate Pay360 Advanced Hosted in PHP

With the state of service providers’ documentation it often feels like they don’t actually want anyone to integrate their product and Pay360 was no exception; there are no PHP examples so here’s a quick guide to help anyone attempting it.

A long-standing client of ours originally had a payment solution from SecPay but recently Pay360 (who have taken over from SecPay) announced the old platform was being decommissioned so we essentially needed to change our payment provider.

The documention starts here but doesn’t make it clear there are more pages you need to read before going into the “Make a payment” section, the most pertinent being which gives a lot of useful information.

Step 1 – Set Up

Set up a test account here You should receive an email with your test API Username, API Password, and Hosted Cashier Installation ID (amonst others that we don’t need for this integration).

Step 2 – POSTing to Pay360

We need to POST the order information, so we will use cURL. The information needs to be in the form of a JSON object so let’s first create an array of all the information we need which we can then convert into JSON.

Note you’ll need to change the URLs to ones relevant to your website (the customer will be redirected back to the “returnUrl” and the payment notification will be sent to the “transactionNotification” URL) plus enter all the customer and order information with your own PHP variables.

$post = array(
    "session" => array(
                    "returnUrl" => array("url" => "$order->id"),
                    "transactionNotification" => array("url" => "",
                                                    "format" => "REST_JSON")
    "transaction" => array("merchantReference" => "$order->id",
                            "money" => array("amount" => array("fixed" => $order->totalgross),
                                            "currency" => "GBP"
    "customer" => array("registered" => false,
                        "details" => array(
                                        "name" => $order->name,
                                        "address" => array("line1" => $order->addr1,
                                                            "line2" => $order->addr2,
                                                            "city" => $order->city,
                                                            "region" => $order->county,
                                                            "postcode" => $order->postcode,
                                                            "countryCode" => $order->country),
                                        "telephone" => $order->telephone,
                                        "emailAddress" => $order->email,
                                        "ipAddress" => $_SERVER['REMOTE_ADDR'],
                                        "defaultCurrency" => "GBP"

Then cURL this to Pay360.

$instid = ; // Hosted Cashier Installation ID
$u = ""; // API Username
$p = ""; // API Password
$host = ""; // Test
//$host = ""; // Live

$ch = curl_init("$host/hosted/rest/sessions/$instid/payments");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($post));

curl_setopt($ch, CURLOPT_USERPWD, "$u:$p");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type:application/json"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

(Please note comment below from Nicholas if this isn’t working for you).

The response should contain a Pay360 URL to which we redirect the customer so they can enter their card details.

$obj = json_decode($response);


Step 3 – Notification

The documentation for this is handily hidden away under “Common features”

After the customer has attempted to pay, Pay360 send all the transaction information back to the transactionNotification URL we set up in Step 1. Find the useful information as per the below, then update your database for that particular order.

$data = json_decode(file_get_contents("php://input"));
if($orderid = $data->transaction->merchantRef){
    $transactionStatus = $data->transaction->status;
    $total = $data->transaction->amount;

    if($transactionStatus == "SUCCESS"){
        // Transaction successful

Step 4 – Customer Return

The customer will be redirected back to the returnUrl we set up in Step 1. Check the order for the order ID in the query string and display the relevant message to the customer. Sometimes the customer will return to the website before the notification has fired; if the order hasn’t been updated yet you’ll need to put in a sleep(5) command then check the order again.

Thanks to Nicholas for a couple of pointers in the comments.

This code is free to use at your own discretion. It comes without warranty. Please feel free to feedback any edits.

We'd love to hear from you!

If you think Bronco has the skills to take your business forward then what are you waiting for?

Get in Touch Today!


Write a comment...
  • Steven Lilley

    Thanks for this, useful to see an example in conjunction with the (slightly lacking) official documentation.

    • Chris Antcliff

      You’re welcome, glad it helped.

  • Nicholas

    Thanks for the really helpful article! A couple of updates:

    CURLOPT_USERPWD doesn’t work as the response returns “This request requires HTTP authentication.” You have to provide the credentials using Basic authentication. I.e.

    curl_setopt($ch, CURLOPT_HTTPHEADER, [
    ‘Content-Type: application/json’,
    ‘Authorization: Basic ‘ . base64_encode(“$u:$p”),

    $transactionStatus = $data->history[0]->transactionStatus; is not correct either as the most recent item in the array is at the end. The status is included in the transaction object anyway so it can be obtained simply using $data->transaction->status.

    • Chris Antcliff

      Hi Nicholas,

      Thanks for these points; I have encorporated them into the blog post.

Add a Comment