Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I integrated a payment API into my system and user will be re-directed to the payment portal website with a randomly generated token on the URL for security. Upon successful payment and transaction, a callback function will be sent back with the data(transaction code,bill code,amount,etc) and I need to persist those data to my database.
PaymentController:
public function createBill(Request $request){
$credit = ($request->amount)*100;
$option = array(
'userSecretKey'=>config('payment.key'),
'categoryCode'=>config('payment.category'),
'billName'=>'FUIYOH HUB',
'billDescription'=>'Top Up Credit',
'billPriceSetting'=>1,
'billPayorInfo'=>0,
'billAmount'=>$credit,
'billReturnUrl'=>route('payment-status'),
'billCallbackUrl'=>route('payment-callback'),
'billExternalReferenceNo' => '',
'billTo'=>'',
'billEmail'=>'',
'billPhone'=>'',
'billSplitPayment'=>0,
'billSplitPaymentArgs'=>'',
'billPaymentChannel'=>0,
'billContentEmail'=>'Thank you for using our platform!',
'billChargeToCustomer'=>2
);
$url = 'https://dev.paymentxxx.com/index.php/api/createBill';
$response = Http::asForm()->post($url,$option);
$billCode = $response[0]['BillCode'];
return redirect('https://dev.paymentxxx.com/'.$billCode);
}
public function paymentStatus(Request $request){
//if success save payment record to db
$response = $request->all();
// check if transaction is successful
if($request->status_id == 1){
Log::info('Payment Status complete');
Log::info($response);
//return $response;
return view('payments.success')
->with('transaction_id',$request->transaction_id);
}else{
return view('payments.failed')
->with('errorMessage',$request->msg);
}
}
public function callback(Request $request){
Log::info('callback function is called');
$response = request()->all();
Log::info($response);
Log::info('This is user id:'.auth()->id());
if($request->status == 1){
//store transaction details
$transaction = new Transaction();
//Requires the user id here......currently returns null
$transaction->user_id = auth()->id();
$transaction->billcode = $request->billcode;
$transaction->transaction_id = $request->refno;
$transaction->amount = $request->amount;
$transaction->save();
//update new credit balance for user
$user_credit = UserInfo::where('user_id',auth()->id());
$user_credit->credit += $request->amount;
$user_credit->save();
}
}
I tested and simulate the POST request to my side and it works but the only issue is I couldn't retrieve the user id using auth()->id() as it returns null. I am not sure if this happens in local environment but not in production environment since the callback will pass the data to my system only if my system is live. So I am not 100% sure if this actually returns auth()->id() if it's on production since the payment API server is able to talk to my system.
Is there a way to retrieve the user id in this scenario?
The third party processor is not your authenticated user - it is not a request coming from your user's Session.
You can probably pass some dynamic data to the payment processor which can be returned in the callback; something that can be used to uniquely identify the user or the user's Session.
So it is also pointless to use auth middleware for the payment controller?
It is pointless to use the auth middleware for the callback endpoint because there is no authenticated user
Anything that the User is directly interacting with should be protected by auth middleware (if that is relevant to your application)
What if I can't pass data or session to the payment processor?
What comes back from the payment processor that can identify the original of the charge (on your application). There must be some state that links the callback to an order?
I don't think so. Basically the flow goes something like this:
Proceed to go to top up page to enter an amount $ to top up(my application).
Submits the form and it redirects to the payment page with amount shown in the request(payment processor).
Enter payment info and select respective bank(through FPX payment) (payment processor page).
Proceed and it redirects to another bank respective page ( likely the bank login page to make FPX).
Once successful login, confirm the amount and authorized the transaction. (bank page).
Once done, will be redirected to a successful payment page (my application) - this is where the callback from the payment processor will send the data to me.
If I am going to pass some dynamic data (user_id) from the 1st step, I don't think it will be possible to retrieve it in the last step. Unless there is another way I didn't thought of. And I updated my post to show all the methods to handle the payment.
Please or to participate in this conversation.