From 3d2747e6266bf8c78ac20c7bb7995ace28ef1e27 Mon Sep 17 00:00:00 2001
From: Komarudin <komarudin@midtrans.com>
Date: Mon, 13 Sep 2021 12:18:52 +0700
Subject: [PATCH 1/3] move authentication (3DS) param to backend

---
 examples/core-api/checkout-process.php |  70 +++-----------
 examples/core-api/checkout.php         | 127 +++++++++++++++----------
 2 files changed, 88 insertions(+), 109 deletions(-)

diff --git a/examples/core-api/checkout-process.php b/examples/core-api/checkout-process.php
index 2000984..0487cc6 100644
--- a/examples/core-api/checkout-process.php
+++ b/examples/core-api/checkout-process.php
@@ -1,13 +1,12 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+// Please refer to this docs:
+// https://docs.midtrans.com/en/core-api/credit-card?id=_2-sending-transaction-data-to-charge-api
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
 
-if (empty($_POST['token_id'])) {
-    die('Empty token_id!');
-}
-
 Config::$serverKey = '<your server key>';
 // Uncomment for append and override notification URL
 // Config::$appendNotifUrl = "https://example.com";
@@ -86,14 +85,17 @@
 
 // Token ID from checkout page
 $token_id = $_POST['token_id'];
+$authentication = isset($_POST['secure']);
+$save_token_id = isset($_POST['save_cc']);
 
 // Transaction data to be sent
 $transaction_data = array(
     'payment_type' => 'credit_card',
     'credit_card'  => array(
-        'token_id'      => $token_id,
-        // 'bank'          => 'bni', // optional acquiring bank, must be the same bank with get-token bank
-        'save_token_id' => isset($_POST['save_cc'])
+        'token_id'       => $token_id,
+        'authentication' => $authentication,
+        // 'bank'        => 'bni', // optional acquiring bank
+        'save_token_id'  => $save_token_id
     ),
     'transaction_details' => $transaction_details,
     'item_details'        => $items,
@@ -102,56 +104,8 @@
 
 try {
     $response = CoreApi::charge($transaction_data);
-} catch (Exception $e) {
+    header('Content-Type: application/json');
+    echo json_encode($response);
+} catch (\Exception $e) {
     echo $e->getMessage();
-    die();
-}
-
-// Success
-if ($response->transaction_status == 'capture') {
-    echo "<p>Transaksi berhasil.</p>";
-    echo "<p>Status transaksi untuk order id $response->order_id: " .
-        "$response->transaction_status</p>";
-
-    echo "<h3>Detail transaksi:</h3>";
-    echo "<pre>";
-    var_dump($response);
-    echo "</pre>";
 }
-// Deny
-else if ($response->transaction_status == 'deny') {
-    echo "<p>Transaksi ditolak.</p>";
-    echo "<p>Status transaksi untuk order id .$response->order_id: " .
-        "$response->transaction_status</p>";
-    echo "<h3>Detail transaksi:</h3>";
-    echo "<pre>";
-    var_dump($response);
-    echo "</pre>";
-}
-// Challenge
-else if ($response->transaction_status == 'challenge') {
-    echo "<p>Transaksi challenge.</p>";
-    echo "<p>Status transaksi untuk order id $response->order_id: " .
-        "$response->transaction_status</p>";
-
-    echo "<h3>Detail transaksi:</h3>";
-    echo "<pre>";
-    var_dump($response);
-    echo "</pre>";
-}
-// Error
-else {
-    echo "<p>Terjadi kesalahan pada data transaksi yang dikirim.</p>";
-    echo "<p>Status message: [$response->status_code] " .
-        "$response->status_message</p>";
-
-    echo "<pre>";
-    var_dump($response);
-    echo "</pre>";
-}
-
-echo "<hr>";
-echo "<h3>Request</h3>";
-echo "<pre>";
-var_dump($response);
-echo "</pre>";
diff --git a/examples/core-api/checkout.php b/examples/core-api/checkout.php
index fb37298..ce7a317 100644
--- a/examples/core-api/checkout.php
+++ b/examples/core-api/checkout.php
@@ -1,17 +1,22 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+// Please refer to this docs:
+// https://docs.midtrans.com/en/core-api/credit-card?id=_1-getting-the-card-token
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
-
-// YOUR CLIENT KEY
+// Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
-Config::$clientKey = "<your client key>";
-
+Config::$clientKey = '<your client key>';
 if (strpos(Config::$clientKey, 'your ') != false ) {
-    echo "<p style='background: #FFB588; padding: 10px;'>";
-    echo "Please set your client key in file " . __FILE__;
-    echo "</p>";
+    echo "<code>";
+    echo "<h4>Please set your server key from sandbox</h4>";
+    echo "In file: " . __FILE__;
+    echo "<br>";
+    echo "<br>";
+    echo htmlspecialchars('Config::$clientKey = \'<your client key>\';');
+    die();
 }
 ?>
 <html>
@@ -22,7 +27,7 @@
 </head>
 
 <body>
-    <script id="midtrans-script" type="text/javascript" src="https://api.midtrans.com/v2/assets/js/midtrans-new-3ds.min.js" data-environment="sandbox" data-client-key="VT-client-0N5ngRfFPbOhBa7k"></script>
+    <script id="midtrans-script" type="text/javascript" src="https://api.midtrans.com/v2/assets/js/midtrans-new-3ds.min.js" data-environment="sandbox" data-client-key="<?php echo Config::$clientKey;?>"></script>
     <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
     <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/featherlight/1.7.12/featherlight.min.js"></script>
 
@@ -33,29 +38,27 @@
             <small><strong>Field that may be presented to customer:</strong></small>
             <p>
                 <label>Card Number</label>
-                <input class="card-number" value="4811 1111 1111 1114" size="23" type="text" autocomplete="off" />
+                <input class="card-number" name="card-number" value="4811 1111 1111 1114" size="23" type="text" autocomplete="off" />
             </p>
             <p>
                 <label>Expiration (MM/YYYY)</label>
-                <input class="card-expiry-month" value="12" placeholder="MM" size="2" type="text" />
+                <input class="card-expiry-month" name="card-expiry-month" value="12" placeholder="MM" size="2" type="text" />
                 <span> / </span>
-                <input class="card-expiry-year" value="2020" placeholder="YYYY" size="4" type="text" />
+                <input class="card-expiry-year" name="card-expiry-year" value="2025" placeholder="YYYY" size="4" type="text" />
             </p>
             <p>
                 <label>CVV</label>
-                <input class="card-cvv" value="123" size="4" type="password" autocomplete="off" />
+                <input class="card-cvv" name="card-cvv" value="123" size="4" type="password" autocomplete="off" />
             </p>
             <p>
                 <label>Save credit card</label>
-                <input type="checkbox" name="save_cc" value="true">
+                <input type="checkbox" id="save_cc" name="save_cc" value="true">
             </p>
-
             <small><strong>Fields that shouldn't be presented to the customer:</strong></small>
             <p>
                 <label>3D Secure</label>
-                <input type="checkbox" name="secure" value="true" checked>
+                <input type="checkbox" id="secure" name="secure" value="true" checked>
             </p>
-
             <input id="token_id" name="token_id" type="hidden" />
             <button class="submit-button" type="submit">Submit Payment</button>
         </fieldset>
@@ -84,35 +87,24 @@
     <!-- Javascript for token generation -->
     <script type="text/javascript">
         $(function () {
-            // Sandbox URL
-            MidtransNew3ds.url = "https://api.sandbox.midtrans.com/v2/token";
-            // TODO: Change with your client key.
-            MidtransNew3ds.clientKey = "<?php echo Config::$clientKey ?>";
-
-            var card = {
-                "card_number": $(".card-number").val(),
-                "card_exp_month": $(".card-expiry-month").val(),
-                "card_exp_year": $(".card-expiry-year").val(),
-                "card_cvv": $(".card-cvv").val(),
-                "secure": $('[name=secure]')[0].checked,
-                // "bank": "bni", // optional acquiring bank
-                "gross_amount": 200000
-            };
+            // open the console log to check the flow
+            // 3ds new flow:
+            // 1. get token_id
+            // 2. send token_id to backend
+            // 3. initial charge from backend to midtrans api
+            // 4. open redirect_url
 
             var options = {
                 performAuthentication: function(redirect_url){
                     openDialog(redirect_url);
                 },
                 onSuccess: function(response){
-                    console.log('sukses');
+                    console.log('success');
                     console.log('response:',response);
                     closeDialog();
-                    // Submit form
-                    $("#token_id").val(response.token_id);
-                    $("#payment-form").submit();
                 },
                 onFailure: function(response){
-                    console.log('gagal');
+                    console.log('fail');
                     console.log('response:',response);
                     closeDialog();
                     alert(response.status_message);
@@ -125,21 +117,6 @@
                 }
             };
 
-            // callback functions
-            var callback = {
-                onSuccess: function(response){
-                    // Success to get card token_id, implement as you wish here
-                    console.log('Success to get card token_id, response:', response);
-                    MidtransNew3ds.authenticate(response.redirect_url, options);
-                },
-                onFailure: function(response){
-                    // Fail to get card token_id, implement as you wish here
-                    console.log('Fail to get card token_id, response:', response);
-                    closeDialog();
-                    $('button').removeAttr("disabled");
-                }
-            };
-
             function openDialog(url) {
                 $.featherlight({
                 iframe: url, 
@@ -157,12 +134,60 @@ function closeDialog() {
             }
 
             $(".submit-button").click(function (event) {
-                console.log("SUBMIT");
+                var card = {
+                    "card_number": $(".card-number").val(),
+                    "card_exp_month": $(".card-expiry-month").val(),
+                    "card_exp_year": $(".card-expiry-year").val(),
+                    "card_cvv": $(".card-cvv").val()
+                };
+                
                 event.preventDefault();
                 $(this).attr("disabled", "disabled");
+
+                console.log('1. get token_id');
                 MidtransNew3ds.getCardToken(card, callback);
                 return false;
             });
+
+            // callback functions
+            var callback = {
+                onSuccess: function(response) {
+                    // Success to get card token_id, implement as you wish here
+                    console.log('Success to get card token_id, response:', response);
+                    var token_id = response.token_id;
+                    $("#token_id").val(token_id);
+
+                    console.log('This is the card token_id:', token_id);
+                    // Implement sending the token_id to backend to proceed to next step
+                    console.log('2. send token_id to backend');
+                    // send token_id, save_cc and secure params
+                    // we send secure param for sample, in production, you should define transaction is secure/not in backend
+                    // we recommend always use secure=true
+                    // data: $("#token_id, #save_cc, #secure").serialize()
+                    $.ajax({
+                        type: 'POST',
+                        url: 'checkout-process.php',
+                        data: $("#token_id, #save_cc, #secure").serialize(),
+                        success: function(response){
+                            console.log('3. response charge from backend:', response);
+                            if (response.redirect_url){
+                                console.log('4. open redirect_url');
+                                MidtransNew3ds.authenticate(response.redirect_url, options);
+                            }
+                        },
+                        error: function(xhr, status, error){
+                            console.error(xhr);
+                        }
+                    });
+                    
+                },
+                onFailure: function(response) {
+                    // Fail to get card token_id, implement as you wish here
+                    console.log('Fail to get card token_id, response:', response);
+                    closeDialog();
+                    $('button').removeAttr("disabled");
+                }
+            };
         });
     </script>
 </body>

From 126bb3353e8d5dc0bdb6e7b3f7511c40efbc0bd2 Mon Sep 17 00:00:00 2001
From: Komarudin <komarudin@midtrans.com>
Date: Mon, 13 Sep 2021 12:19:24 +0700
Subject: [PATCH 2/3] add notes and add try catch

---
 examples/core-api/tokenization-process.php    | 24 +++++++++++++--
 .../core-api/transaction-manipulation.php     |  7 +++--
 examples/notification-handler.php             | 23 ++++++++++++--
 examples/snap-redirect/checkout-process.php   | 19 ++++++++++--
 .../snap/checkout-process-simple-version.php  | 29 +++++++++++++++---
 examples/snap/checkout-process.php            | 30 +++++++++++++++----
 6 files changed, 112 insertions(+), 20 deletions(-)

diff --git a/examples/core-api/tokenization-process.php b/examples/core-api/tokenization-process.php
index 7942c6b..fcf80e8 100644
--- a/examples/core-api/tokenization-process.php
+++ b/examples/core-api/tokenization-process.php
@@ -1,9 +1,21 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
-//Set Your server key
-Config::$serverKey = "<your server key>";
+// Set Your server key
+// can find in Merchant Portal -> Settings -> Access keys
+Config::$serverKey = '<your server key>';
+if (strpos(Config::$serverKey, 'your ') != false ) {
+    echo "<code>";
+    echo "<h4>Please set your server key from sandbox</h4>";
+    echo "In file: " . __FILE__;
+    echo "<br>";
+    echo "<br>";
+    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+    die();
+}
 
 // define variables and set to empty values
 $number = "";
@@ -21,7 +33,13 @@
     )
 );
 
-$response = CoreApi::linkPaymentAccount($params);
+try {
+    $response = CoreApi::linkPaymentAccount($params);
+} catch (\Exception $e) {
+    echo $e->getMessage();
+    die();
+}
+
 ?>
 
 <!DOCTYPE HTML>
diff --git a/examples/core-api/transaction-manipulation.php b/examples/core-api/transaction-manipulation.php
index 356732c..846badb 100644
--- a/examples/core-api/transaction-manipulation.php
+++ b/examples/core-api/transaction-manipulation.php
@@ -1,11 +1,12 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
-
+// Set Your server key
+// can find in Merchant Portal -> Settings -> Access keys
 Config::$serverKey = '<your server key>';
-
 if (strpos(Config::$serverKey, 'your ') != false ) {
     echo "<code>";
     echo "<h4>Please set your server key from sandbox</h4>";
@@ -21,7 +22,7 @@
 // Get transaction status to Midtrans API
 try {
     $status = Transaction::status($orderId);
-} catch (Exception $e) {
+} catch (\Exception $e) {
     echo $e->getMessage();
     die();
 }
diff --git a/examples/notification-handler.php b/examples/notification-handler.php
index 13fe318..1f05b3c 100644
--- a/examples/notification-handler.php
+++ b/examples/notification-handler.php
@@ -1,12 +1,31 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+// Please refer to this docs for sample HTTP notifications:
+// https://docs.midtrans.com/en/after-payment/http-notification?id=sample-of-different-payment-channels
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../Midtrans.php';
 Config::$isProduction = false;
-Config::$serverKey = '<your serverkey>';
-$notif = new Notification();
+Config::$serverKey = '<your server key>';
+if (strpos(Config::$serverKey, 'your ') != false ) {
+    echo "<code>";
+    echo "<h4>Please set your server key from sandbox</h4>";
+    echo "In file: " . __FILE__;
+    echo "<br>";
+    echo "<br>";
+    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+    die();
+}
+
+try {
+    $notif = new Notification();
+}
+catch (\Exception $e) {
+    exit($e->getMessage());
+}
 
+$notif = $notif->getResponse();
 $transaction = $notif->transaction_status;
 $type = $notif->payment_type;
 $order_id = $notif->order_id;
diff --git a/examples/snap-redirect/checkout-process.php b/examples/snap-redirect/checkout-process.php
index 5b5fcbc..4eb6aec 100644
--- a/examples/snap-redirect/checkout-process.php
+++ b/examples/snap-redirect/checkout-process.php
@@ -1,10 +1,23 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+// Please refer to this docs for snap-redirect:
+// https://docs.midtrans.com/en/snap/integration-guide?id=alternative-way-to-display-snap-payment-page-via-redirect
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
-//Set Your server key
-Config::$serverKey = "<your server key>";
+// Set Your server key
+// can find in Merchant Portal -> Settings -> Access keys
+Config::$serverKey = '<your server key>';
+if (strpos(Config::$serverKey, 'your ') != false ) {
+    echo "<code>";
+    echo "<h4>Please set your server key from sandbox</h4>";
+    echo "In file: " . __FILE__;
+    echo "<br>";
+    echo "<br>";
+    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+    die();
+}
 
 // Uncomment for production environment
 // Config::$isProduction = true;
@@ -86,6 +99,6 @@
     // Redirect to Snap Payment Page
     header('Location: ' . $paymentUrl);
 }
-catch (Exception $e) {
+catch (\Exception $e) {
     echo $e->getMessage();
 }
diff --git a/examples/snap/checkout-process-simple-version.php b/examples/snap/checkout-process-simple-version.php
index fe896e3..ee53703 100644
--- a/examples/snap/checkout-process-simple-version.php
+++ b/examples/snap/checkout-process-simple-version.php
@@ -1,10 +1,25 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+// Please refer to this docs for snap popup:
+// https://docs.midtrans.com/en/snap/integration-guide?id=integration-steps-overview
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
-//Set Your server key
-Config::$serverKey = "<your server key>";
+// Set Your server key
+// can find in Merchant Portal -> Settings -> Access keys
+Config::$serverKey = '<your server key>';
+if (strpos(Config::$serverKey, 'your ') != false ) {
+    echo "<code>";
+    echo "<h4>Please set your server key from sandbox</h4>";
+    echo "In file: " . __FILE__;
+    echo "<br>";
+    echo "<br>";
+    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+    die();
+}
+$client_key = '<your client key>';
+
 // Uncomment for production environment
 // Config::$isProduction = true;
 Config::$isSanitized = Config::$is3ds = true;
@@ -39,7 +54,13 @@
     'item_details' => $item_details,
 );
 
-$snapToken = Snap::getSnapToken($transaction);
+$snapToken = '';
+try {
+    $snapToken = Snap::getSnapToken($transaction);
+}
+catch (\Exception $e) {
+    echo $e->getMessage();
+}
 echo "snapToken = ".$snapToken;
 ?>
 
@@ -48,7 +69,7 @@
     <body>
         <button id="pay-button">Pay!</button>
         <!-- TODO: Remove ".sandbox" from script src URL for production environment. Also input your client key in "data-client-key" -->
-        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<Set your ClientKey here>"></script>
+        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<?php echo $client_key;?>"></script>
         <script type="text/javascript">
             document.getElementById('pay-button').onclick = function(){
                 // SnapToken acquired from previous step
diff --git a/examples/snap/checkout-process.php b/examples/snap/checkout-process.php
index d5b61f9..09a1c36 100644
--- a/examples/snap/checkout-process.php
+++ b/examples/snap/checkout-process.php
@@ -1,11 +1,24 @@
 <?php
+// This is just for very basic implementation reference, in production, you should validate the incoming requests and implement your backend more securely.
+// Please refer to this docs for snap popup:
+// https://docs.midtrans.com/en/snap/integration-guide?id=integration-steps-overview
 
 namespace Midtrans;
 
 require_once dirname(__FILE__) . '/../../Midtrans.php';
-
-//Set Your server key
-Config::$serverKey = "<your server key>";
+// Set Your server key
+// can find in Merchant Portal -> Settings -> Access keys
+Config::$serverKey = '<your server key>';
+if (strpos(Config::$serverKey, 'your ') != false ) {
+    echo "<code>";
+    echo "<h4>Please set your server key from sandbox</h4>";
+    echo "In file: " . __FILE__;
+    echo "<br>";
+    echo "<br>";
+    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+    die();
+}
+$client_key = '<your client key>';
 
 // Uncomment for production environment
 // Config::$isProduction = true;
@@ -88,7 +101,14 @@
     'item_details' => $item_details,
 );
 
-$snapToken = Snap::getSnapToken($transaction);
+$snapToken = '';
+try {
+    $snapToken = Snap::getSnapToken($transaction);
+}
+catch (\Exception $e) {
+    echo $e->getMessage();
+}
+
 echo "snapToken = ".$snapToken;
 ?>
 
@@ -99,7 +119,7 @@
         <pre><div id="result-json">JSON result will appear here after payment:<br></div></pre> 
 
         <!-- TODO: Remove ".sandbox" from script src URL for production environment. Also input your client key in "data-client-key" -->
-        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<Set your ClientKey here>"></script>
+        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<?php echo $client_key;?>"></script>
         <script type="text/javascript">
             document.getElementById('pay-button').onclick = function(){
                 // SnapToken acquired from previous step

From c7e321bcdbe34753c78b98919342a2f6dc922ff4 Mon Sep 17 00:00:00 2001
From: Komarudin <komarudin@midtrans.com>
Date: Tue, 14 Sep 2021 16:18:55 +0700
Subject: [PATCH 3/3] add warningMessage function

---
 examples/core-api/checkout-process.php        | 24 +++++++-----
 examples/core-api/checkout.php                | 26 ++++++++-----
 examples/core-api/tokenization-process.php    | 25 ++++++++-----
 .../core-api/transaction-manipulation.php     | 27 +++++++++-----
 examples/notification-handler.php             | 28 +++++++++-----
 examples/snap-redirect/checkout-process.php   | 24 +++++++-----
 .../snap/checkout-process-simple-version.php  | 37 +++++++++++--------
 examples/snap/checkout-process.php            | 37 +++++++++++--------
 8 files changed, 141 insertions(+), 87 deletions(-)

diff --git a/examples/core-api/checkout-process.php b/examples/core-api/checkout-process.php
index 0487cc6..cb1e88d 100644
--- a/examples/core-api/checkout-process.php
+++ b/examples/core-api/checkout-process.php
@@ -12,15 +12,8 @@
 // Config::$appendNotifUrl = "https://example.com";
 // Config::$overrideNotifUrl = "https://example.com";
 
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
 // Uncomment for production environment
 // Config::$isProduction = true;
@@ -109,3 +102,16 @@
 } catch (\Exception $e) {
     echo $e->getMessage();
 }
+
+function printExampleWarningMessage() {
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    } 
+}
+
diff --git a/examples/core-api/checkout.php b/examples/core-api/checkout.php
index ce7a317..07ecf67 100644
--- a/examples/core-api/checkout.php
+++ b/examples/core-api/checkout.php
@@ -9,14 +9,20 @@
 // Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
 Config::$clientKey = '<your client key>';
-if (strpos(Config::$clientKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$clientKey = \'<your client key>\';');
-    die();
+
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
+
+function printExampleWarningMessage() {
+    if (strpos(Config::$clientKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your client key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$clientKey = \'<your client key>\';');
+        die();
+    } 
 }
 ?>
 <html>
@@ -145,12 +151,12 @@ function closeDialog() {
                 $(this).attr("disabled", "disabled");
 
                 console.log('1. get token_id');
-                MidtransNew3ds.getCardToken(card, callback);
+                MidtransNew3ds.getCardToken(card, getCardTokenCallback);
                 return false;
             });
 
             // callback functions
-            var callback = {
+            var getCardTokenCallback = {
                 onSuccess: function(response) {
                     // Success to get card token_id, implement as you wish here
                     console.log('Success to get card token_id, response:', response);
diff --git a/examples/core-api/tokenization-process.php b/examples/core-api/tokenization-process.php
index fcf80e8..20dc907 100644
--- a/examples/core-api/tokenization-process.php
+++ b/examples/core-api/tokenization-process.php
@@ -7,15 +7,9 @@
 // Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
 Config::$serverKey = '<your server key>';
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
+
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
 // define variables and set to empty values
 $number = "";
@@ -33,6 +27,7 @@
     )
 );
 
+$response = '';
 try {
     $response = CoreApi::linkPaymentAccount($params);
 } catch (\Exception $e) {
@@ -40,6 +35,18 @@
     die();
 }
 
+function printExampleWarningMessage() {
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    } 
+}
+
 ?>
 
 <!DOCTYPE HTML>
diff --git a/examples/core-api/transaction-manipulation.php b/examples/core-api/transaction-manipulation.php
index 846badb..8053bc9 100644
--- a/examples/core-api/transaction-manipulation.php
+++ b/examples/core-api/transaction-manipulation.php
@@ -7,19 +7,13 @@
 // Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
 Config::$serverKey = '<your server key>';
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
 
-$orderId = '<your order id / transaction id>';
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
+$orderId = '<your order id / transaction id>';
 // Get transaction status to Midtrans API
+$status = '';
 try {
     $status = Transaction::status($orderId);
 } catch (\Exception $e) {
@@ -30,6 +24,19 @@
 echo '<pre>';
 echo json_encode($status);
 
+function printExampleWarningMessage() {
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    } 
+}
+
+
 // Approve a transaction that is in Challenge status
 // $approve = Transaction::approve($orderId);
 // var_dump($approve);
diff --git a/examples/notification-handler.php b/examples/notification-handler.php
index 1f05b3c..a010033 100644
--- a/examples/notification-handler.php
+++ b/examples/notification-handler.php
@@ -8,15 +8,9 @@
 require_once dirname(__FILE__) . '/../Midtrans.php';
 Config::$isProduction = false;
 Config::$serverKey = '<your server key>';
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
+
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
 try {
     $notif = new Notification();
@@ -59,4 +53,18 @@
     // TODO set payment status in merchant's database to 'Denied'
     echo "Payment using " . $type . " for transaction order_id: " . $order_id . " is canceled.";
 }
-?>
\ No newline at end of file
+
+function printExampleWarningMessage() {
+    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        echo 'Notification-handler are not meant to be opened via browser / GET HTTP method. It is used to handle Midtrans HTTP POST notification / webhook.';
+    }
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    }   
+}
diff --git a/examples/snap-redirect/checkout-process.php b/examples/snap-redirect/checkout-process.php
index 4eb6aec..2e92eaf 100644
--- a/examples/snap-redirect/checkout-process.php
+++ b/examples/snap-redirect/checkout-process.php
@@ -9,15 +9,9 @@
 // Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
 Config::$serverKey = '<your server key>';
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
+
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
 // Uncomment for production environment
 // Config::$isProduction = true;
@@ -102,3 +96,15 @@
 catch (\Exception $e) {
     echo $e->getMessage();
 }
+
+function printExampleWarningMessage() {
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    } 
+}
diff --git a/examples/snap/checkout-process-simple-version.php b/examples/snap/checkout-process-simple-version.php
index ee53703..9b9c535 100644
--- a/examples/snap/checkout-process-simple-version.php
+++ b/examples/snap/checkout-process-simple-version.php
@@ -9,16 +9,10 @@
 // Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
 Config::$serverKey = '<your server key>';
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
-$client_key = '<your client key>';
+Config::$clientKey = '<your client key>';
+
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
 // Uncomment for production environment
 // Config::$isProduction = true;
@@ -54,14 +48,27 @@
     'item_details' => $item_details,
 );
 
-$snapToken = '';
+$snap_token = '';
 try {
-    $snapToken = Snap::getSnapToken($transaction);
+    $snap_token = Snap::getSnapToken($transaction);
 }
 catch (\Exception $e) {
     echo $e->getMessage();
 }
-echo "snapToken = ".$snapToken;
+echo "snapToken = ".$snap_token;
+
+function printExampleWarningMessage() {
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    } 
+}
+
 ?>
 
 <!DOCTYPE html>
@@ -69,11 +76,11 @@
     <body>
         <button id="pay-button">Pay!</button>
         <!-- TODO: Remove ".sandbox" from script src URL for production environment. Also input your client key in "data-client-key" -->
-        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<?php echo $client_key;?>"></script>
+        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<?php echo Config::$clientKey;?>"></script>
         <script type="text/javascript">
             document.getElementById('pay-button').onclick = function(){
                 // SnapToken acquired from previous step
-                snap.pay('<?php echo $snapToken?>');
+                snap.pay('<?php echo $snap_token?>');
             };
         </script>
     </body>
diff --git a/examples/snap/checkout-process.php b/examples/snap/checkout-process.php
index 09a1c36..57a8a27 100644
--- a/examples/snap/checkout-process.php
+++ b/examples/snap/checkout-process.php
@@ -9,16 +9,10 @@
 // Set Your server key
 // can find in Merchant Portal -> Settings -> Access keys
 Config::$serverKey = '<your server key>';
-if (strpos(Config::$serverKey, 'your ') != false ) {
-    echo "<code>";
-    echo "<h4>Please set your server key from sandbox</h4>";
-    echo "In file: " . __FILE__;
-    echo "<br>";
-    echo "<br>";
-    echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
-    die();
-}
-$client_key = '<your client key>';
+Config::$clientKey = '<your client key>';
+
+// non-relevant function only used for demo/example purpose
+printExampleWarningMessage();
 
 // Uncomment for production environment
 // Config::$isProduction = true;
@@ -101,15 +95,28 @@
     'item_details' => $item_details,
 );
 
-$snapToken = '';
+$snap_token = '';
 try {
-    $snapToken = Snap::getSnapToken($transaction);
+    $snap_token = Snap::getSnapToken($transaction);
 }
 catch (\Exception $e) {
     echo $e->getMessage();
 }
 
-echo "snapToken = ".$snapToken;
+echo "snapToken = ".$snap_token;
+
+function printExampleWarningMessage() {
+    if (strpos(Config::$serverKey, 'your ') != false ) {
+        echo "<code>";
+        echo "<h4>Please set your server key from sandbox</h4>";
+        echo "In file: " . __FILE__;
+        echo "<br>";
+        echo "<br>";
+        echo htmlspecialchars('Config::$serverKey = \'<your server key>\';');
+        die();
+    } 
+}
+
 ?>
 
 <!DOCTYPE html>
@@ -119,11 +126,11 @@
         <pre><div id="result-json">JSON result will appear here after payment:<br></div></pre> 
 
         <!-- TODO: Remove ".sandbox" from script src URL for production environment. Also input your client key in "data-client-key" -->
-        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<?php echo $client_key;?>"></script>
+        <script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<?php echo Config::$clientKey;?>"></script>
         <script type="text/javascript">
             document.getElementById('pay-button').onclick = function(){
                 // SnapToken acquired from previous step
-                snap.pay('<?php echo $snapToken?>', {
+                snap.pay('<?php echo $snap_token?>', {
                     // Optional
                     onSuccess: function(result){
                         /* You may add your own js here, this is just example */ document.getElementById('result-json').innerHTML += JSON.stringify(result, null, 2);