6. PDT (Deprecated)

Payment Data Transfer

PDT callback flow

Note: The PDT callback method has been deprecated, we encourage developers to use the ITN method for integration instead.

The PDT process is handled by the page set by the return_url field on the confirm page. On this page, the following should be done:

  1. Capture the token sent to the return_url upon a successful transaction
  2. Create a validation string
  3. Send the validation string to the PayFast Payment engine
  4. Process the response

Step one: capture the token

Capture the token that has been sent to the return_url page as a GET variable.

$pmtToken = isset( $_GET['pt'] ) ? $_GET['pt'] : null;

Step two: validation string

Create a validation string using the captured token and your authentication token, you will find your authentication token in the logged in area of the PayFast website under the Settings tab.

$authToken = '';
$req = 'pt='. $pmtToken .'&at='. $authToken;

Step three: post to PayFast

Using fsockopen, cURL or similar, post the validation string to PayFast to confirm the payment information. Depending on whether you’re in the testing environment or production, you need to communicate with the correct payment engine.

define("SANDBOX",1); 
$host = SANDBOX ? 'sandbox.payfast.co.za' : 'www.payfast.co.za';
// Construct Header
$header = "POST /eng/query/fetch HTTP/1.0\r\n";
$header .= 'Host: '. $host ."\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= 'Content-Length: '. strlen( $req ) ."\r\n\r\n";
 
// Connect to server
$socket = fsockopen( 'ssl://'. $host, 443, $errno, $errstr, 10 );
 
if( !$socket )
{
 
    print( 'errno = '. $errno .', errstr = '. $errstr );
    exit();
}
// Send command to server
fputs( $socket, $header . $req );
 
// Read the response from the server
$res = '';
$headerDone = false;      
while( !feof( $socket ) )
{
    $line = fgets( $socket, 1024 );
 
    // Check if we are finished reading the header yet
    if( strcmp( $line, "\r\n" ) == 0 )
    {
        // read the header
        $headerDone = true;
    }
    // If header has been processed
    else if( $headerDone )
    {
        // Read the main response
        $res .= $line;
    }
}
 
// Parse the returned data
$lines = explode( "\n", $res );

Step four: process the response

Process the response from PayFast. The response is in the form of a multiline file, the first line is either ‘FAIL’ or ‘SUCCESS’. If the transaction was successful, the lines that follow are the transactional information as described on the return variables page.

$result = trim( $lines[0] );
 
// If the transaction was successful
if( strcmp( $result, 'SUCCESS' ) == 0 )
{
    // Process the reponse into an associative array of data
    for( $i = 1; $i < count( $lines ); $i++ )
    {
        list( $key, $val ) = explode( "=", $lines[$i] );
        $data[urldecode( $key )] = stripslashes( urldecode( $val ) );
    }
}
// If the transaction was NOT successful
else if( strcmp( $result, 'FAIL' ) == 0 )
{
    // Log for investigation
    exit();
    // 
}
// Get the data from the new array as needed
$nameFirst   = $data['name_first'];
$nameLast    = $data['name_last'];
$amountGross = $data['amount_gross'];
 
// Once you have access to this data, you should perform a number of
// checks to ensure the transaction is "correct" before processing it.
// - Check the payment_status is Completed
// - Check the pf_transaction_id has not already been processed
// - Check the merchant_id is correct for your account
 
// Process payment
// 
// Close socket if successfully opened
if( $socket )
{
    fclose( $socket );
}