The official PkPayPlus PHP SDK lets you use the Merchant API from plain PHP or Laravel. You can manage products, create and verify checkout sessions, and authenticate with your Merchant Secret Key.
This SDK is for server-side (merchant backend) use only. Never expose your secret key in frontend code.
Requirements
Installation
Install the SDK with Composer:
composer require pkpayplus/pkpayplus-php
Configuration
The SDK loads configuration in this order:
- Config array passed to
Client
- Environment variables
- Default base URL
Environment variables (recommended)
Create a .env file in your project root:
PKPAYPLUS_SECRET_KEY=sk_live_xxxxxxxxx
.env to version control.
Passing config manually
You can pass options when creating the client:
$pk = new Client([
'base_url' => 'https://api.pkpayplus.com',
'secret_key' => 'sk_live_xxx'
]);
Quick start (plain PHP)
<?php
require __DIR__ . '/vendor/autoload.php';
use PkPayPlus\Client;
$pk = new Client();
$products = $pk->products()->list(['per_page' => 20]);
print_r($products);
Authentication
All Merchant API requests use:
Authorization: Bearer {secret_key}
Products API
The merchant is inferred from your secret key. The SDK uses these endpoints:
| Method | Endpoint |
|---|
| GET | /merchant-api/products |
| POST | /merchant-api/products |
| GET | /merchant-api/products/{product_id} |
| PUT | /merchant-api/products/{product_id} |
| DELETE | /merchant-api/products/{product_id} |
List products
$products = $pk->products()->list([
'per_page' => 20,
'page' => 1,
'search' => 'shirt'
]);
Create product
$created = $pk->products()->create([
'name' => 'Black T-Shirt',
'description' => 'Cotton tee',
'status' => 'draft',
'currency' => 'USD',
'unit_amount' => 1999
]);
$productId = $created['product']['id'];
Get product
$product = $pk->products()->get($productId);
Update product
$updated = $pk->products()->update($productId, [
'name' => 'Black T-Shirt (Updated)',
'status' => 'published'
]);
Delete product
$pk->products()->delete($productId);
Checkout sessions (Merchant API)
Use checkout sessions for backend-driven flows (e.g. WooCommerce-style plugins).
Endpoints:
POST /merchant-api/{merchant_id}/checkout-sessions — create sessionGET /merchant-api/{merchant_id}/{session_id} — get/verify session
Create checkout session
$session = $pk->sessions()->create($merchantId, [
'amount' => 1999,
'currency' => 'USD',
'description' => 'Order #1001',
'source' => 'custom_php'
]);
$sessionId = $session['session_id'];
Verify checkout session
$status = $pk->sessions()->verify($merchantId, $sessionId);
Laravel usage
.env
Add to your .env:
PKPAYPLUS_BASE_URL=https://api.pkpayplus.com
PKPAYPLUS_SECRET_KEY=sk_live_xxx
config/services.php
Register the PkPayPlus config:
'pkpayplus' => [
'base_url' => env('PKPAYPLUS_BASE_URL'),
'secret_key' => env('PKPAYPLUS_SECRET_KEY'),
],
Example usage
$pk = new \PkPayPlus\Client(config('services.pkpayplus'));
$products = $pk->products()->list();
Testing
The SDK ships with:
- Unit tests — mocked HTTP
- Integration tests — real API (opt-in)
Run unit tests
Integration tests (real API)
Integration tests are skipped unless you enable them.
Add to .env:
PKPAYPLUS_INTEGRATION=1
PKPAYPLUS_BASE_URL=http://localhost:8000
PKPAYPLUS_SECRET_KEY=sk_test_xxx
./vendor/bin/phpunit tests/Integration/ProductsIntegrationTest.php --testdox
Common errors
Missing secret key
Ensure your environment has:
PKPAYPLUS_SECRET_KEY=sk_test_xxx
Security notes
- Never expose your secret key in frontend or client-side code.
- Use the publishable key for client-side checkout.
- Use the secret key only on the backend.
Resources
