payfrit-api/api/config/stripe.php

<?php
/**
 * Stripe Configuration
 *
 * Returns Stripe API keys and fee settings based on environment.
 */

function getStripeConfig(): array {
    $mode = 'test';

    $testSecretKey = 'sk_test_LfbmDduJxTwbVZmvcByYmirw';
    $testPublishableKey = 'pk_test_sPBNzSyJ9HcEPJGC7dSo8NqN';
    $liveSecretKey = 'sk_live_REPLACE_ME';
    $livePublishableKey = 'pk_live_REPLACE_ME';

    $testWebhookSecret = 'whsec_TJlxt9GPoUWeObmiWbjy8X5fChjQbJHp';
    $liveWebhookSecret = 'whsec_8t6s9Lz0S5M1SYcEYvZ73qFP4zmtlG6h';

    if ($mode === 'test') {
        return [
            'secretKey' => $testSecretKey,
            'publishableKey' => $testPublishableKey,
            'webhookSecret' => $testWebhookSecret,
        ];
    }

    return [
        'secretKey' => $liveSecretKey,
        'publishableKey' => $livePublishableKey,
        'webhookSecret' => $liveWebhookSecret,
    ];
}

/**
 * Make a Stripe API request.
 *
 * @param string $method  HTTP method (GET, POST, DELETE)
 * @param string $url     Full Stripe API URL
 * @param array  $params  Form params for POST, ignored for GET
 * @param array  $headers Extra headers (e.g., Stripe-Version, Idempotency-Key)
 * @return array Decoded JSON response
 */
function stripeRequest(string $method, string $url, array $params = [], array $headers = []): array {
    $config = getStripeConfig();

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERPWD, $config['secretKey'] . ':');

    $curlHeaders = [];
    foreach ($headers as $k => $v) {
        $curlHeaders[] = "$k: $v";
    }
    if (!empty($curlHeaders)) {
        curl_setopt($ch, CURLOPT_HTTPHEADER, $curlHeaders);
    }

    if ($method === 'POST') {
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
        curl_setopt($ch, CURLOPT_URL, $url);
    } elseif ($method === 'DELETE') {
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
        curl_setopt($ch, CURLOPT_URL, $url);
    } else {
        curl_setopt($ch, CURLOPT_URL, $url);
    }

    $response = curl_exec($ch);
    curl_close($ch);

    return json_decode($response, true) ?: [];
}

/**
 * Make a Stripe API POST and return raw response body (for ephemeral keys).
 */
function stripeRequestRaw(string $url, array $params = [], array $headers = []): string {
    $config = getStripeConfig();

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERPWD, $config['secretKey'] . ':');
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
    curl_setopt($ch, CURLOPT_URL, $url);

    $curlHeaders = [];
    foreach ($headers as $k => $v) {
        $curlHeaders[] = "$k: $v";
    }
    if (!empty($curlHeaders)) {
        curl_setopt($ch, CURLOPT_HTTPHEADER, $curlHeaders);
    }

    $response = curl_exec($ch);
    curl_close($ch);

    return $response ?: '';
}