How to integrate FraudLabs Pro fraud detection with Affirm payment

Description: This tutorial demonstrates how to integrate FraudLabs Pro fraud detection service into the Affirm payment process. We will show you with step-by-step instructions using the PHP language in the below section.

Using PHP

Create a new table to store the transaction value of FraudLabs Pro and Affirm payment processing. This table will be used during the settlement, void or refund processes.

CREATE TABLE `fraudlabs_pro` (
	`flp_transaction_id` CHAR(15) NOT NULL,
	`flp_status` VARCHAR(10) NOT NULL, 
	`affirm_charge_id` VARCHAR(30) NOT NULL,
	`affirm_amount` DECIMAL(12,2) NOT NULL,
	PRIMARY KEY (`flp_transaction_id`)
)
COLLATE='utf8_general_ci'
ENGINE=MyISAM;

Download the FraudLabs Pro PHP class from https://github.com/fraudlabspro/fraudlabspro-php/releases

Integrate FraudLabs Pro fraud detection logic with your Affirm code. This code will perform a simple validation check of one credit card purchase and perform the appropriate action based on the fraud validation result.

// Include FraudLabs Pro library
require_once 'PATH_TO_FRAUDLABSPRO/lib/FraudLabsPro.php';

$public_key = 'your_affirm_public_key';
$private_key = 'your_affirm_private_key';

FraudLabsPro\Configuration::apiKey('your_fraudlabspro_api_key');

// Check this transaction for possible fraud. FraudLabs Pro support comprehensive validation check,
// and for this example, we only perform the IP address, BIN and billing country validation.
// For complete validation, please check our developer page at https://www.fraudlabspro.com/developer
$orderDetails = [
	'order'		=> [
		'amount'	=> $_POST['amount'], 
	],
	'billing'	=> [
		'country'	=> $_POST['country'],
	],
];

// Sends the order details to FraudLabs Pro
$fraudResult = FraudLabsPro\Order::validate($orderDetails);

// This transaction is legitimate, let's submit to Affirm
if ($fraudResult->fraudlabspro_status == 'APPROVE') {
	$checkout_token = $_REQUEST["checkout_token"];
	$url = "https://api.affirm.com/api/v2/charges";
	$data = array("checkout_token" => $checkout_token);

	$json = json_encode($data);
	$header = array('Content-Type: application/json','Content-Length: ' . strlen($json));

	$keypair = $public_key . ":" . $private_key;

	$curl = curl_init();

	curl_setopt($curl, CURLOPT_URL, $url);
	curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
	curl_setopt($curl, CURLOPT_POST, 1);
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($curl, CURLOPT_USERPWD, $keypair);
	curl_setopt($curl, CURLOPT_POSTFIELDS, $json);
	curl_setopt($curl, CURLOPT_HTTPHEADER, $header);

	$response = curl_exec($curl);
	$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);

	curl_close($curl);
}

// Transaction has been rejected by FraudLabs Pro based on your custom validation rules.
elseif ($fraudResult->fraudlabspro_status == 'REJECT') {
	/*
	Do something here, try contact the customer for verification
	*/
}

// Transaction is marked for a manual review by FraudLabs Pro based on your custom validation rules.
elseif ($fraudResult->fraudlabspro_status == 'REVIEW') {
	try {
		$checkout_token = $_REQUEST['checkout_token'];
		$url = "https://api.affirm.com/api/v2/charges/";
		$data = array("checkout_token" => $checkout_token);

		$json = json_encode($data);
		$header = array('Content-Type: application/json','Content-Length: ' . strlen($json));

		$keypair = $public_key . ":" . $private_key;

		$curl = curl_init();

		curl_setopt($curl, CURLOPT_URL, $url);
		curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
		curl_setopt($curl, CURLOPT_POST, 1);
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($curl, CURLOPT_USERPWD, $keypair);
		curl_setopt($curl, CURLOPT_POSTFIELDS, $json);
		curl_setopt($curl, CURLOPT_HTTPHEADER, $header);

		$response = json_decode(curl_exec($curl), true);
		$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);

		curl_close($curl);

		try{
			// Initial MySQL connection
			$db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
			$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

			// Store the transaction information for decision making
			$st = $db->prepare('INSERT INTO `fraudlabs_pro` VALUES (:flpId, :flpStatus, :affirmId, :affirmAmount)');
			$st->execute(array(
				':flpId'=>$fraudResult->fraudlabspro_id,
				':flpStatus'=>$fraudResult->fraudlabspro_status,
				':affirmId'=>$response['id'],
				':affirmAmount'=>$response['amount']
			));
		}
		catch(PDOException $e){
			// MySQL error
			die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
		}

	} catch (Exception\Declined $e) {
		echo $e->getErrors();
	}
}

Now, we are going to create a callback page to receive the review action, APPROVE or REJECT, performed by the merchant.

Note: You need to configure the callback URL at the FraudLabs Pro merchant area->settings page. It has to be pointed to the location where you hosted this “fraudlabspro-callback.php” file. Below is the sample code for fraudlabspro-callback.php

$id = (isset($_POST['id'])) ? $_POST['id'] : '';
$action = (isset($_POST['action'])) ? $_POST['action'] : '';

if($id && in_array($action, array('APPROVE', 'REJECT'))){
	try{
		// Initial MySQL connection
		$db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
		$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

		// Get the Affirm Charge ID
		$st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId AND `flp_status`=\'REVIEW\'');
		$st->execute(array(
			':flpId'=>$id
		));

		if($st->rowCount() == 1){
			$row = $st->fetch(PDO::FETCH_ASSOC);

			$public_key = 'your_affirm_public_key';
			$private_key = 'your_affirm_private_key';

			$charge_id = $row['affirm_charge_id'];

			if($action == 'REJECT'){
				// Merchant rejected the order. Void the transaction in Affirm
				$url = "https://api.affirm.com/api/v2/charges/" . $charge_id . "/void";
				$data = "";
			}
			else{
				// Merchant approved the order. Capture the transaction in Affirm
				$url = "https://api.affirm.com/api/v2/charges/" . $charge_id . "/capture";
				$data = "";
			}
			$json = json_encode($data);
			$header = array('Content-Type: application/json','Content-Length: ' . strlen($json));

			$keypair = $public_key . ":" . $private_key;

			$curl = curl_init();

			curl_setopt($curl, CURLOPT_URL, $url);
			curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
			curl_setopt($curl, CURLOPT_POST, 1);
			curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
			curl_setopt($curl, CURLOPT_USERPWD, $keypair);
			curl_setopt($curl, CURLOPT_POSTFIELDS, $json);
			curl_setopt($curl, CURLOPT_HTTPHEADER, $header);

			$response = curl_exec($curl);
			$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);

			curl_close($curl);

			// Update database
			$st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=:action WHERE `flp_transaction_id`=:flpId');
			$st->execute(array(
				':flpId'=>$id,
				':action'=>$action
			));
		}
	}
	catch(PDOException $e){
		// MySQL error
		die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
	}
}

If there is a need to issue a refund for a settled transaction, below is the sample code of how to accomplish it.

try{
	// Initial MySQL connection
	$db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

	// Get the Affirm Charge ID based on the FraudLabs Pro ID
	$st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId');
	$st->execute(array(
		':flpId'=>$_POST['flpId']
	));

	if($st->rowCount() == 1){
		$row = $st->fetch(PDO::FETCH_ASSOC);

		$public_key = 'your_affirm_public_key';
		$private_key = 'your_affirm_private_key';

		$charge_id = $row['affirm_charge_id'];
		$amount = $row['affirm_amount'];

		$url = "https://api.affirm.com/api/v2/charges/" . $charge_id . "/refund";
		$data = array('amount' => $amount);

		$json = json_encode($data);
		$header = array('Content-Type: application/json','Content-Length: ' . strlen($json));

		$keypair = $public_key . ":" . $private_key;

		$curl = curl_init();

		curl_setopt($curl, CURLOPT_URL, $url);
		curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
		curl_setopt($curl, CURLOPT_POST, 1);
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($curl, CURLOPT_USERPWD, $keypair);
		curl_setopt($curl, CURLOPT_POSTFIELDS, $json);
		curl_setopt($curl, CURLOPT_HTTPHEADER, $header);

		$response = curl_exec($curl);
		$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);

		curl_close($curl);

		// Update database
		$st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=\'REFUNDED\' WHERE `flp_transaction_id`=:flpId');
		$st->execute(array(
			':flpId'=>$_POST['flpId']
		));
	}
}
catch(PDOException $e){
	// MySQL error
	die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
}

Was this article helpful?

Related Articles