Official PHP SDK for PayzCore. Create payments, verify webhook signatures, handle errors. Laravel and vanilla PHP examples. Requires PHP 8.1+ with cURL.

PHP SDK

The official PHP SDK for PayzCore.

Source: github.com/payzcore/php-sdk
Package name: payzcore/payzcore-php
Requirements: PHP 8.1+, cURL extension

Installation

composer require payzcore/payzcore-php

Initialization

use PayzCore\PayzCore;

// Project API (payment monitoring)
$client = new PayzCore('pk_live_YOUR_KEY');

// With options
$client = new PayzCore('pk_live_YOUR_KEY', [
    'baseUrl' => 'https://api.payzcore.com', // optional, default
    'timeout' => 30,                          // optional, seconds
    'maxRetries' => 2,                        // optional, retries on 5xx
]);

// Admin API (project management)
$admin = new PayzCore('mk_YOUR_MASTER_KEY', ['masterKey' => true]);

Create a Payment

$result = $client->payments->create([
    'amount' => 50,
    'chain' => 'TRC20',
    'token' => 'USDT',                  // optional
    'externalRef' => 'customer-123',
    'externalOrderId' => 'ORD-456',     // optional
    'expiresIn' => 3600,                // optional
    'metadata' => ['type' => 'topup'],  // optional
]);

$payment = $result['payment'];
echo $payment['address'];  // blockchain address
echo $payment['amount'];   // "50.00"
echo $payment['qrCode'];   // base64 PNG

Get Payment Status

$result = $client->payments->get('payment-uuid');

$payment = $result['payment'];
echo $payment['status'];       // 'pending', 'paid', etc.
echo $payment['paidAmount'];

List Payments

$result = $client->payments->list([
    'status' => 'paid',
    'limit' => 25,
    'offset' => 0,
]);

foreach ($result['payments'] as $payment) {
    echo $payment['id'] . ': ' . $payment['status'] . "\n";
}

Cancel a Payment

$result = $client->payments->cancel('payment-uuid');

Confirm Transaction Hash

$result = $client->payments->confirm('payment-uuid', 'abc123def...');
echo $result['verified']; // true if found on blockchain

Webhook Verification

The SDK provides a Webhook class with static methods for signature verification. No client instance is needed:

use PayzCore\Webhook;

Verify Signature Only

use PayzCore\Webhook;

$isValid = Webhook::verifySignature(
    $rawBody,                                    // raw request body string
    $_SERVER['HTTP_X_PAYZCORE_SIGNATURE'],        // signature header
    'whsec_YOUR_SECRET'                          // webhook secret
);

Verify and Parse (Recommended)

use PayzCore\Webhook;
use PayzCore\Exceptions\WebhookSignatureException;

// Verifies signature and returns a parsed array
// Throws WebhookSignatureException if signature is invalid
try {
    $event = Webhook::constructEvent(
        $rawBody,
        $_SERVER['HTTP_X_PAYZCORE_SIGNATURE'],
        'whsec_YOUR_SECRET'
    );
} catch (WebhookSignatureException $e) {
    http_response_code(401);
    echo json_encode(['error' => 'Invalid signature']);
    exit;
}

echo $event['event'];        // "payment.completed"
echo $event['paymentId'];    // UUID
echo $event['paidAmount'];   // "50.00"

Both methods accept optional timestamp replay protection:

$event = Webhook::constructEvent(
    $rawBody,
    $signature,
    'whsec_YOUR_SECRET',
    $_SERVER['HTTP_X_PAYZCORE_TIMESTAMP'] ?? null, // optional timestamp header
    300                                             // tolerance in seconds (default)
);

Laravel Webhook Handler

use Illuminate\Http\Request;
use PayzCore\Webhook;
use PayzCore\Exceptions\WebhookSignatureException;

Route::post('/webhooks/payzcore', function (Request $request) {
    $body = $request->getContent();
    $signature = $request->header('x-payzcore-signature');

    try {
        $event = Webhook::constructEvent(
            $body,
            $signature,
            config('services.payzcore.webhook_secret')
        );
    } catch (WebhookSignatureException $e) {
        return response()->json(['error' => 'Invalid signature'], 401);
    }

    switch ($event['event']) {
        case 'payment.completed':
            User::where('external_id', $event['externalRef'])
                ->increment('balance', (float) $event['paidAmount']);
            break;
        case 'payment.expired':
            // Handle expired payment
            break;
    }

    return response()->json(['ok' => true]);
});

Vanilla PHP Webhook Handler

use PayzCore\Webhook;
use PayzCore\Exceptions\WebhookSignatureException;

$body = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_PAYZCORE_SIGNATURE'] ?? '';

try {
    $event = Webhook::constructEvent($body, $signature, 'whsec_YOUR_SECRET');
} catch (WebhookSignatureException $e) {
    http_response_code(401);
    echo json_encode(['error' => 'Invalid signature']);
    exit;
}

if ($event['event'] === 'payment.completed') {
    // Process payment
    // $event['externalRef'], $event['paidAmount'], etc.
}

http_response_code(200);
echo json_encode(['ok' => true]);

Error Handling

The SDK throws typed exception classes for different HTTP status codes:

use PayzCore\Exceptions\PayzCoreException;
use PayzCore\Exceptions\ValidationException;
use PayzCore\Exceptions\AuthenticationException;
use PayzCore\Exceptions\RateLimitException;

try {
    $result = $client->payments->create([...]);
} catch (ValidationException $e) {
    echo "Invalid request: {$e->getMessage()} (details: " . json_encode($e->getDetails()) . ")";
} catch (AuthenticationException $e) {
    echo "Auth error: {$e->getMessage()}";
} catch (RateLimitException $e) {
    echo "Rate limited: {$e->getMessage()}";
} catch (PayzCoreException $e) {
    echo "Error {$e->getStatusCode()}: {$e->getMessage()}";
}

Exception Class	Status	Meaning
`ValidationException`	400	Invalid request parameters
`AuthenticationException`	401	Invalid or missing API key
`ForbiddenException`	403	Project inactive or limit exceeded
`NotFoundException`	404	Payment not found
`RateLimitException`	429	Daily API call limit reached
`PayzCoreException`	5xx	Server error (auto-retried)

PHP SDK

On this page