Razorpay Integration in PHP: Step-by-Step Guide

Introduction

Imagine losing customers at checkout because your payment system is slow. Razorpay integration in PHP solves this instantly.

In this guide, we’ll walk through each step. First, we cover prerequisites and setup. Next, we implement orders and checkout. Finally, we test and secure your integration.

1. Prerequisites for Razorpay Integration in PHP

Before you begin Razorpay integration in PHP, gather the essentials. This ensures a smooth setup.

1.1 Developer Account & API Keys

• Sign up for a free Razorpay account at the Dashboard.
• Navigate to Settings → API Keys.
• Generate a new pair: Key ID and Key Secret.

Credential	Location in Dashboard
Key ID	Settings → API Keys
Key Secret	Settings → API Keys

Internal link: See our guide on How to Integrate Razorpay in WordPress – Beginner’s Guidehttps://payapprove.in/how-to-integrate-razorpay-in-wordpress/
External link: Official Razorpay PHP docs at https://razorpay.com/docs/payments/server-integration/php/

1.2 PHP Version & Extensions

• Ensure your server runs PHP 7.2 or higher.
• Verify cURL and JSON extensions are enabled.
• Check with:

<?php
phpinfo();

1.3 Composer & SDK Installation

• Install Composer globally from https://getcomposer.org/.
• In your project root, run:

composer require razorpay/razorpay

• Confirm the vendor/ folder contains razorpay/razorpay.

2. Implementing Razorpay Integration in PHP

We’ll cover four main steps in plain English. Wherever you see a description like “load the autoloader” or “send a POST,” substitute in your own code.

External link: MDN’s PHP forms tutorial (https://developer.mozilla.org/en-US/docs/Learn/Server-side/PHP/forms)

---

2.1 Set up the Razorpay client

• Install the SDK via Composer in your project folder.
• Load Composer’s autoloader at the top of your PHP file (e.g. include or require your vendor/autoload.php).
• Instantiate the Razorpay API object by passing in your public and secret keys.
• Result: You now have an API client ready to create orders and capture payments.

---

2.2 Create a new order on the server

• Prepare an array of order parameters:
  • amount: the total in paise (for ₹300, use 30000).
  • currency: the three-letter code, e.g. INR.
  • receipt: your own reference string.
• Call the client’s order->create(...) method with that array.
• Capture the returned order ID (a string like order_XXXX).
• Tip: Log the response so you can inspect the full payload.

---

2.3 Display the checkout popup on the client

• Include Razorpay’s checkout.js by linking to its URL in your page’s <head>.
• Add a button or link labeled clearly, for example “Pay ₹300.”
• In JavaScript, build an options object:
  • Set your public key.
  • Pass the order ID you just created.
  • Define a handler function that will receive the payment ID and signature.
• Instantiate a new Razorpay popup with those options, then call its open() method when your button is clicked.
• Finally, in the handler, send the payment details back to your server—often via a JSON POST.

---

2.4 Capture and verify the payment

• On your server endpoint (for example, /capture.php), read the incoming JSON payload from the request body.
• Use the Razorpay utility method to verify the signature against your webhook or secret.
• If valid, fetch the payment by its ID and call the client’s capture() method to settle the amount.
• If verification fails, log the mismatch and return an error status to the client.

---

3. Testing, Handling Webhooks & Security

Now that your basic flow is in place, it’s time to verify everything works smoothly and lock down your integration against tampering.

---

3.1 Testing in Sandbox Mode

1. Swap to test credentials in your code or configuration.
2. Run a few transactions on your development site, deliberately forcing both successes and failures.
3. Check your server logs to confirm that each step—from order creation to capture—logs the expected details.
4. Reset test orders between runs so old data doesn’t confuse your results.

---

3.2 Configuring and Handling Webhooks

1. Register a webhook endpoint in the Razorpay Dashboard, pointing to your server URL (for example /webhook-handler).
2. On incoming requests, grab the raw request body and the signature header that Razorpay includes.
3. Use Razorpay’s utility method to compare that signature against your secret—this stops anyone from faking events.
4. Parse the JSON payload to inspect events like payment.captured or order.paid, then update your order records accordingly.
5. Reply with HTTP 200 immediately so Razorpay knows you received the event.

---

3.3 Security Best Practices

• Keep your API keys out of your codebase—store them in environment variables or a secret manager.
• Enforce HTTPS on all endpoints, especially those handling payment callbacks and webhooks.
• Validate and sanitize every input or parameter before using it in API calls or database queries.
• Log suspicious activity, such as repeated signature verification failures, and set up alerts.

Conclusion

You’ve now walked through every step of Razorpay integration in PHP—setting up the API client, creating orders, displaying the checkout, and securing payments. By testing in sandbox mode and handling webhooks with signature checks, you ensure your system is both functional and safe.

Key takeaways:

• Always start with the official SDK and your own API keys.
• Create and log your order IDs before rendering the payment popup.
• Open the Razorpay modal with clear button text and handle the callback responsibly.
• Verify signatures on both the client response and any webhooks.
• Keep secrets out of your codebase and enforce HTTPS everywhere.

Ready to start accepting payments? Get your test keys from the Razorpay dashboard, slot them into your code, and go live when you’re confident everything works. Happy coding!