Struggling custom payment gateway and secret api key in PHP

I’m trying to create a custom payment gateway.
I’m at the point where I need to update the order, so trying to connect with the ‘private/custom-payment-gateway/payment’, but getting 401 no matter what I try.
I’m using GuzzleHttp to connect in my PHP script:

$snipClient = new Client(['base_uri' => "https://payment.snipcart.com/api/"]);
try {
$snipClient->post('private/custom-payment-gateway/payment', [
                    'headers' => [
                        'Authorization' => "Basic " . base64_encode(App::env('SNIPCART_SECRET_API_KEY') . ':'),
                        'Content-Type' => 'application/json'
                    ],
                    'body' => json_encode([
                    'paymentSessionId' => $paymentSessionId,
                      'state' => $state,
                        'transactionId' => $transactionId,
                    ])
                ]);
            } catch (ClientException $e) {
                throw new MethodNotAllowedHttpException($e->getMessage(), 401);
            }

I also tried, as told in the documentation:

'Authorization' => "Bearer " . App::env('SNIPCART_SECRET_API_KEY'),

Secret key generated on Login - Snipcart
What am I doing wrong?

Hi @WHITE-developer, thanks for reaching out!

Is this the first request you make to the Payments API?
You need to use the appropriate API keys, as they are different from the regular API. You can generate them here:
https://app.snipcart.com/dashboard/account/gateway/customgateway

An 'Accept' => 'application/json' header could also help, but your issue is probably the API key.

Thanks!

Hi @nelitow

You are right, it was the payment API key, didn’t try that one for this request. Bit confusing as it says “secret key”, didn’t expect the “payment key” there.

Next thing I have troubles with now is the changing from “publicToken” to a “paymentSessionId publicToken”. What I understand is that those 2 are different and the “paymentSessionId” is added to the “checkoutUrl”. I don’t have the control anymore what happens with that token and it gets lost. Is there any way to retrieve that token again? What I got so far:

  1. Snipcart connects with my “payment methods test url”
  2. I connect with the gateway which gives me back the external “checkoutUrl” where the customer can do the payment
  3. Customer clicks on that link and pays
  4. The gateway triggers a webhook of mine
  5. My webhook needs to update Snipcart, but I lost the “paymentSessionId”

I know this is an old thread. But I just stumbled upon the very same problem with the private API key where I thought this would be the secret API key as the documentation really is misleading here. So this post helped me

Also, I had the exact same new problem OP has and could solve it. So for completeness’ sake:

Luckily, I could send the paymentSessionId as metadata to the external payment provider and in the webhook, refer back to the metadata to get the paymentSessionId back. I didn’t find another way to accomplish that.