webirr
diff --git a/‎composer.json
+1-1 b/‎composer.json
+1-1
diff --git a/‎examples/example1.php ‎examples/example1-create-update-bill.php b/‎examples/example1.php ‎examples/example1-create-update-bill.php
diff --git a/‎examples/example2.php ‎examples/example2-payment-status-single-poll.php b/‎examples/example2.php ‎examples/example2-payment-status-single-poll.php
diff --git a/‎examples/example3.php ‎examples/example3-delete-bill.php b/‎examples/example3.php ‎examples/example3-delete-bill.php
diff --git a/‎examples/example4.php ‎examples/example4-payment-status-bulk-poll.php
+8-5 b/‎examples/example4.php ‎examples/example4-payment-status-bulk-poll.php
+8-5
diff --git a/‎examples/example5.php ‎examples/example5-stat-report.php b/‎examples/example5.php ‎examples/example5-stat-report.php
diff --git a/‎examples/example6-payment-status-webhook.php
+116 b/‎examples/example6-payment-status-webhook.php
+116
@@ -1,7 +1,7 @@
 {
     "name": "webirr/webirr",
     "type": "library",
-    "version": "2.0.0",
+    "version": "2.0.1",
     "description": "Official PHP Client Library for WeBirr Payment Gateway APIs",
     "keywords": ["ethiopia", "fintech"],
     "homepage": "https://github.com/webirr/webirr-api-php-client",
 
@@ -25,13 +25,13 @@ public function Run()
     {
         while (true) {
             echo "\nRetrieving Payments...";
-            $this->FetchPayments();
+            $this->fetchAndProcessPayments();
             echo "\nSleeping for 5 seconds...";
             sleep(5); // Sleep for 5 seconds before the next polling
         }
     }
 
-    private function FetchPayments()
+    private function fetchAndProcessPayments()
     {
         $limit = 100;  // Number of records to retrieve depending on your processing requirement & capacity
         $response = $this->api->getPayments($this->lastTimeStamp, $limit);
@@ -43,7 +43,7 @@ private function FetchPayments()
             }
             foreach ($response->res as $obj) {
                 $payment = new Payment($obj);
-                $this->ProcessPayment($payment);
+                $this->processPayment($payment);
                 echo "\n-----------------------------";
             }
 
@@ -59,8 +59,11 @@ private function FetchPayments()
         }
     }
 
-    // Process Payment should be impleneted as idempotent operation for production use cases
-    private function ProcessPayment(Payment $payment)
+    /**
+      * Process Payment should be impleneted as idempotent operation for production use cases
+      * This method and logic can be shared among all payment processing consumers: 1. bulk polling, 2. webhook, 3. single payment polling.
+     */
+    private function processPayment(Payment $payment)
     {
         echo "\nPayment Status: " . $payment->status;
         if ($payment->IsPaid()) {
 
@@ -0,0 +1,116 @@
+<?php
+
+require 'vendor/autoload.php';
+
+use WeBirr\Payment;
+
+class Webhook
+{
+    /**
+     * Handle incoming webhook POST requests.
+     *  Validates request method (must be POST).
+     *  Checks authentication using the authKey from the query string, otherwise system will not know if the request is coming from WeBirr(authorized) or not
+     */
+    public function handleRequest()
+    {
+        // Validate request method is POST
+        if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+            http_response_code(405);  // Method Not Allowed
+            header('Content-Type: application/json');
+            echo json_encode(["error" => "Method Not Allowed. POST required."]);
+            return;
+        }
+
+        // Authenticate using authKey query string parameter, otherwise system will not know if the request is from WeBirr(authorized) or not
+        if (!$this->isAuthenticated()) {
+            http_response_code(403);  
+            header('Content-Type: application/json');
+            echo json_encode(["error" => "Unauthorized access. Invalid authKey."]);
+            return;
+        }
+
+        // Read the raw JSON input
+        $rawPayload = file_get_contents('php://input');
+        if (empty($rawPayload)) {
+            http_response_code(400);  // Bad Request
+            header('Content-Type: application/json');
+            echo json_encode(["error" => "Empty request body."]);
+            return;
+        }
+
+        // Decode the JSON payload into an associative array
+        $data = json_decode($rawPayload, true);
+        if (json_last_error() !== JSON_ERROR_NONE) {
+            http_response_code(400);
+            header('Content-Type: application/json');
+            echo json_encode(["error" => "Invalid JSON format."]);
+            return;
+        }
+
+        try {
+            $payment = new Payment($data);
+        } catch (Exception $e) {
+            http_response_code(400);
+            header('Content-Type: application/json');
+            echo json_encode(["error" => "Invalid payment data: " . $e->getMessage()]);
+            return;
+        }
+
+        // Process the payment asynchronously (or enqueue it for later processing)
+        // here instead of immediate processing, this should be handled asynchronously or enqueued to a background worker/job.
+        $this->processPayment($payment);
+
+        // Return a JSON success response (can also be just empty body with 200 OK status) 
+        http_response_code(200);
+        header('Content-Type: application/json');
+        echo json_encode(["success" => true, "message" => "Payment received and queued for processing"]);
+    }
+
+    /**
+     * Authenticate the request using authKey from the query string.
+     * 
+     * The authKey is compared against the environment variable `WB_WEBHOOK_AUTH_KEY`.
+     * 
+     * @return bool True if authentication succeeds, false otherwise.
+     */
+    private function isAuthenticated(): bool
+    {
+        // Retrieve the authKey from the query string
+        $providedAuthKey = $_GET['authKey'] ?? '';
+        
+        // TODO: Replace this with your own auth key (preferably from environment variable)
+         $expectedAuthKey = "please-change-me-to-secure-key-5114831AFD5D4646901DCDAC58B92F8E";
+        //$expectedAuthKey = getenv('wb_webhook_authkey') !== false ? getenv('wb_webhook_authkey') : ""; 
+    
+        // Compare the provided key with the expected key
+        return !empty($expectedAuthKey) && hash_equals($expectedAuthKey, $providedAuthKey);
+    }
+    
+     /**
+      *  Process Payment should be impleneted as idempotent operation for production use cases
+      *  Prefered approach is: Payment should be processed asynchronously or enqueued to a background worker.
+      *  This method and logic can be shared among all payment processing consumers: 1. bulk polling, 2. webhook, 3. single payment polling.
+      * @param Payment $payment The Payment object.
+      */
+     private function processPayment(Payment $payment)
+     {
+         echo "\nPayment Status: " . $payment->status;
+         if ($payment->IsPaid()) {
+             echo "\nPayment Status Text: Paid.";
+         }
+         if ($payment->IsReversed()) {
+             echo "\nPayment Status Text: Reversed.";
+         }
+         echo "\nBank: " . $payment->bankID;
+         echo "\nBank Reference Number: " . $payment->paymentReference;
+         echo "\nAmount Paid: " . $payment->amount;
+         echo "\nPayment Date: " . $payment->paymentDate;
+         echo "\nReversal/Cancel Date: " . $payment->canceledTime;
+         echo "\nUpdate Timestamp: " . $payment->updateTimeStamp;
+     }
+ 
+}
+
+// Instantiate and handle the webhook request. once hosted, the url needs to be shared with WeBirr for configuration
+$webhook = new Webhook();
+$webhook->handleRequest();
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "webirr/webirr",`
`3`	`3`	`"type": "library",`
`4`		`- "version": "2.0.0",`
	`4`	`+ "version": "2.0.1",`
`5`	`5`	`"description": "Official PHP Client Library for WeBirr Payment Gateway APIs",`
`6`	`6`	`"keywords": ["ethiopia", "fintech"],`
`7`	`7`	`"homepage": "https://github.com/webirr/webirr-api-php-client",`
Original file line number	Diff line number	Diff line change
`@@ -25,13 +25,13 @@ public function Run()`
`25`	`25`	`{`
`26`	`26`	`while (true) {`
`27`	`27`	`echo "\nRetrieving Payments...";`
`28`		`- $this->FetchPayments();`
	`28`	`+ $this->fetchAndProcessPayments();`
`29`	`29`	`echo "\nSleeping for 5 seconds...";`
`30`	`30`	`sleep(5); // Sleep for 5 seconds before the next polling`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
`34`		`- private function FetchPayments()`
	`34`	`+ private function fetchAndProcessPayments()`
`35`	`35`	`{`
`36`	`36`	`$limit = 100; // Number of records to retrieve depending on your processing requirement & capacity`
`37`	`37`	`$response = $this->api->getPayments($this->lastTimeStamp, $limit);`
`@@ -43,7 +43,7 @@ private function FetchPayments()`
`43`	`43`	`}`
`44`	`44`	`foreach ($response->res as $obj) {`
`45`	`45`	`$payment = new Payment($obj);`
`46`		`- $this->ProcessPayment($payment);`
	`46`	`+ $this->processPayment($payment);`
`47`	`47`	`echo "\n-----------------------------";`
`48`	`48`	`}`
`49`	`49`
`@@ -59,8 +59,11 @@ private function FetchPayments()`
`59`	`59`	`}`
`60`	`60`	`}`
`61`	`61`
`62`		`- // Process Payment should be impleneted as idempotent operation for production use cases`
`63`		`- private function ProcessPayment(Payment $payment)`
	`62`	`+ /**`
	`63`	`+ * Process Payment should be impleneted as idempotent operation for production use cases`
	`64`	`+ * This method and logic can be shared among all payment processing consumers: 1. bulk polling, 2. webhook, 3. single payment polling.`
	`65`	`+ */`
	`66`	`+ private function processPayment(Payment $payment)`
`64`	`67`	`{`
`65`	`68`	`echo "\nPayment Status: " . $payment->status;`
`66`	`69`	`if ($payment->IsPaid()) {`