Guide to integrating VNPAY in Laravel with a Sandbox account

A detailed guide on how to integrate VNPAY into a Laravel project using VNPAY's Sandbox account to process online payments, including configuration, payment URL creation, handling callback responses, and creating the interface.

This article guides you through the steps to integrate the VNPAY payment gateway into a Laravel project using a Sandbox account. This allows you to test and validate the online payment functionality before moving to a live account.

Laravel Code

VNPAY Configuration in Laravel:

1. Add the following configurations in the .env file:

VNP_TMN_CODE= // Your VNPAY merchant code
VNP_HASH_SECRET= // VNPAY provided secret hash
VNP_URL=https://sandbox.vnpayment.vn/paymentv2/vpcpay.html // Payment gateway URL
VNP_RETURN_URL= // Your website return URL for transaction result

2. Create a configuration file config/vnpay.php:

return [
    'vnp_TmnCode' => env('VNP_TMN_CODE'),
    'vnp_HashSecret' => env('VNP_HASH_SECRET'),
    'vnp_Url' => env('VNP_URL'),
    'vnp_Returnurl' => env('VNP_RETURN_URL'),
];

3. Create routes and controllers for handling payment and callback:

• Route:

use App\Http\Controllers\Payment\VnPayController;

Route::get('/payment', [VnPayController::class, 'createPayment'])->name('payment.create');
Route::get('/vnpay-return', [VnPayController::class, 'vnpayReturn'])->name('vnpay.return');

• Controller:

namespace App\Http\Controllers\Payment;

use Illuminate\Http\Request;

class VnPayController extends Controller
{
    public function createPayment(Request $request){
        $vnp_TmnCode = config('vnpay.vnp_TmnCode');
        $vnp_HashSecret = config('vnpay.vnp_HashSecret');
        $vnp_Url = config('vnpay.vnp_Url');
        $vnp_ReturnUrl = config('vnpay.vnp_Returnurl');
        
        $order = (object)[
            "code" => 'ORDER' . rand(100000, 999999),
            "total" => 100000,
            "bankCode" => 'NCB',
            "type" => "billpayment",
            "info" => "Payment for order"
        ];

        $vnp_TxnRef = $order->code;
        $vnp_OrderInfo = $order->info;
        $vnp_OrderType =  $order->type;
        $vnp_Amount = $order->total * 100;
        $vnp_Locale = 'vn';
        $vnp_BankCode = $order->bankCode;
        $vnp_IpAddr = $request->ip();

        $inputData = array(
            "vnp_Version" => "2.1.0",
            "vnp_TmnCode" => $vnp_TmnCode,
            "vnp_Amount" => $vnp_Amount,
            "vnp_Command" => "pay",
            "vnp_CreateDate" => date('YmdHis'),
            "vnp_CurrCode" => "VND",
            "vnp_IpAddr" => $vnp_IpAddr,
            "vnp_Locale" => $vnp_Locale,
            "vnp_OrderInfo" => $vnp_OrderInfo,
            "vnp_OrderType" => $vnp_OrderType,
            "vnp_ReturnUrl" => $vnp_ReturnUrl,
            "vnp_TxnRef" => $vnp_TxnRef,
        );

        if (isset($vnp_BankCode) && $vnp_BankCode != "") {
            $inputData['vnp_BankCode'] = $vnp_BankCode;
        }

        ksort($inputData);

        $hashdata = "";
        $query = "";
        $i = 0;
        foreach ($inputData as $key => $value) {
            if ($i == 1) {
                $hashdata .= '&' . urlencode($key) . "=" . urlencode($value);
            } else {
                $hashdata .= urlencode($key) . "=" . urlencode($value);
                $i = 1;
            }
            $query .= urlencode($key) . "=" . urlencode($value) . '&';
        }

        $vnp_Url = $vnp_Url . "?" . $query;

        if (isset($vnp_HashSecret)) {
            $vnpSecureHash = hash_hmac('sha512', $hashdata, $vnp_HashSecret);
            $vnp_Url .= 'vnp_SecureHash=' . $vnpSecureHash;
        }

        return redirect($vnp_Url);
    }

    public function vnpayReturn(Request $request){
        $vnp_SecureHash = $request->vnp_SecureHash;
        $inputData = $request->all();

        unset($inputData['vnp_SecureHash']);
        ksort($inputData);
        $hashData = "";
        foreach ($inputData as $key => $value) {
            $hashData .= urlencode($key) . "=" . urlencode($value) . '&';
        }
        $hashData = rtrim($hashData, '&');

        $secureHash = hash_hmac('sha512', $hashData, config('vnpay.vnp_HashSecret'));

        if ($secureHash === $vnp_SecureHash) {
            if ($request->vnp_ResponseCode == '00') {
                return view('payment_success', compact('inputData'));
            } else {
                return view('payment_failed');
            }
        } else {
            return view('payment_failed');
        }
    }
}

Payment Button and Transaction Result Interface:

• VNPAY Payment Button:

<a href="{{ route('payment.create') }}" class="btn btn-primary">Pay with VNPay</a>

• payment_success.blade.php Interface:

<h1>Payment Successful!</h1>
<p>Transaction ID: {{ $inputData['vnp_TxnRef'] }}</p>
<p>Amount: {{ number_format($inputData['vnp_Amount'] / 100) }} VND</p>

• payment_failed.blade.php Interface:

<h1>Payment Failed!</h1>
<p>Please try again.</p>

Detailed Explanation of Each Line:

1. Configuration in .env: Set up necessary VNPAY parameters, including merchant code, secret hash, and payment gateway URL.
2. Creating vnpay.php: To manage VNPAY-related configuration settings in Laravel.
3. Routes and Controllers: Define routes for payment initiation and callback processing. In the controller, createPayment generates the payment URL, while vnpayReturn handles the callback and verifies the transaction result.
4. Payment Button and Interface: Provide a frontend interface with a button to initiate payment and pages to display success or failure messages after the transaction.

System Requirements:

• Laravel 8.x or later.
• VNPAY Sandbox account for testing before switching to live mode.

Recommendations:

• Ensure thorough testing in the Sandbox environment before deploying the VNPAY gateway to a live production environment.
• Take care to secure sensitive data such as the vnp_HashSecret.
• See VNPAY 's API documentation here: https://sandbox.vnpayment.vn/apis/