MultiGateway Hub API

Overview

The MultiGateway Hub API is a secure, RESTful payment orchestration platform offering unified transaction handling, refunds, webhooks, fraud prevention, and gateway abstraction across 30+ providers.

Quick Start Guide

Installation (5 minutes)

# Navigate to your project directory
cd /path/to/your/website

# Run installation script
php api/tools/install.php

This will:

• Create required database tables
• Set up logging directories
• Configure security defaults

Generate API Key

php api/tools/key_manager.php

• User ID: from tbl_users
• Client Name: My Application
• Permissions: *
• Allowed IPs: * or specific IPs
• Expiry: optional

⚠ Save your API key securely. It is shown only once.

Test the API

curl https://yourdomain.com/api/v1/health

curl -X POST https://yourdomain.com/api/v1/transactions/create \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{
  "amount": 10,
  "currency": "USD",
  "user_id": 1,
  "description": "Test transaction"
}'

Basic Usage

Create a Payment Transaction

<?php
$apiKey = 'mgw_your_api_key';
$apiUrl = 'https://yourdomain.com/api/v1';

$ch = curl_init($apiUrl . '/transactions/create');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode([
        'amount' => 99.99,
        'currency' => 'USD',
        'user_id' => 123,
        'description' => 'Premium subscription'
    ]),
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'Authorization: Bearer ' . $apiKey
    ]
]);

$response = curl_exec($ch);
$result = json_decode($response, true);

if ($result['success']) {
    header('Location: ' . $result['data']['payment_url']);
}
?>

Verify Transaction

<?php
$ch = curl_init($apiUrl . '/transactions/verify');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode([
        'transaction_id' => 'txn_xxx'
    ]),
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'Authorization: Bearer ' . $apiKey
    ]
]);
$response = curl_exec($ch);
?>

Integration Patterns

Pattern 1: Direct Payment Flow

1. Create order
2. Create transaction via API
3. Redirect user to payment URL
4. Webhook updates transaction
5. Deliver product/service

Pattern 2: Webhook Notification

<?php
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_SIGNATURE'] ?? '';
$secret = 'your_webhook_secret';

if (!hash_equals(hash_hmac('sha256', $payload, $secret), $signature)) {
    http_response_code(401);
    exit('Invalid signature');
}

$data = json_decode($payload, true);
?>

Common Use Cases

E-commerce Checkout

$transaction = createAPITransaction([
  'amount' => $cartTotal,
  'currency' => 'USD',
  'user_id' => $userId,
  'custom_data' => ['order_id' => $orderId]
]);

Subscription Billing

$transaction = createAPITransaction([
  'amount' => 29.99,
  'currency' => 'USD',
  'description' => 'Monthly Pro Plan'
]);

Taxes & Shipping

$transaction = createAPITransaction([
  'amount' => 123.00,
  'taxes' => [
    ['label' => 'GST', 'rate' => 18, 'amount' => 18]
  ],
  'shipping_fee' => 5
]);

Security Checklist

• HTTPS enabled
• Production API keys created
• IP whitelisting configured
• Webhook secrets verified
• Rate limiting tested
• Logs enabled & rotated
• Database backups configured

Troubleshooting

• Invalid API credentials: Verify key starts with mgw_
• Rate limit exceeded: Wait or request higher limits
• Transaction not found: Verify transaction ID
• Webhook not received: Check logs in api/logs/api.log

Support & Resources

• Docs: api/README.md
• Logs: api/logs/api.log
• Schema: api/database/schema.sql

Next Steps

1. Integrate API into your app
2. Configure webhooks
3. Test in sandbox mode
4. Monitor logs regularly