Developer-friendly & type-safe Php SDK specifically catered to leverage gando/partner API.
Important
This SDK is not yet ready for production use. To complete setup please follow the steps outlined in your workspace. Delete this section before > publishing to a package manager.
Gando Partner API: API for rental management software and multi–rental-operator platforms integrating Gando on behalf of linked rental operators. Use gando_pk_ keys (x-api-key or Authorization: Bearer) on /api/partner/*.
The SDK relies on Composer to manage its dependencies.
To install the SDK and add it as a dependency to an existing composer.json file:
composer require "gando/partner"Gando Partner integrations use two different secrets depending on what you are doing.
| Secret | Prefix | Class | Use |
|---|---|---|---|
| Partner API key | gando_pk_ |
Gando\Partner\Api\Client |
Call /api/partner/* |
| Connect secret | gando_cs_ |
Gando\Partner\Connect\UrlBuilder |
Build signed /register URLs |
| Webhook secret | gando_whsec_ |
Gando\Partner\WebhookVerifier |
Verify inbound webhooks |
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner\Api\Client;
use Gando\Partner\Connect\UrlBuilder;
$api = new Client(apiKey: getenv('GANDO_API_KEY') ?: 'gando_pk_...');
$response = $api->accounts->list();
$builder = new UrlBuilder(
connectSecret: getenv('GANDO_CONNECT_SECRET') ?: 'gando_cs_...',
partnerSlug: 'fleetee',
baseUrl: 'https://dashboard.gando.app',
);
$signupUrl = $builder->signupUrl(externalId: 'fleet_acct_42');Gando\Partner\Api\Client accepts optional PSR interfaces so you can reuse your existing stack:
- PSR-18:
Psr\Http\Client\ClientInterface - PSR-17:
Psr\Http\Message\RequestFactoryInterface - PSR-3:
Psr\Log\LoggerInterface - PSR-16:
Psr\SimpleCache\CacheInterface - PSR-14:
Psr\EventDispatcher\EventDispatcherInterface
declare(strict_types=1);
use Gando\Partner\Api\Client;
use Psr\EventDispatcher\EventDispatcherInterface;
use Psr\Http\Client\ClientInterface as HttpClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use Psr\Log\LoggerInterface;
use Psr\SimpleCache\CacheInterface;
/** @var HttpClientInterface $httpClient */
/** @var RequestFactoryInterface $requestFactory */
/** @var LoggerInterface $logger */
/** @var CacheInterface $cache */
/** @var EventDispatcherInterface $events */
$api = new Client(
apiKey: $_ENV['GANDO_API_KEY'],
httpClient: $httpClient,
requestFactory: $requestFactory,
logger: $logger,
cache: $cache,
events: $events,
);All PSR dependencies are optional. If you omit httpClient and requestFactory, the SDK auto-discovers implementations through php-http/discovery (works out-of-the-box when guzzlehttp/guzzle v7 is installed).
POST /api/partner/deposits is idempotent when the Idempotency-Key header is sent (UUID v4, 24h deduplication via Redis on the API). Gando\Partner\Api\Client auto-generates that key on deposits->create() when you omit it, so SDK retries do not create duplicate deposits. Pass your own key to override.
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner;
use Gando\Partner\Models\Components;
$sdk = Partner\Gando::builder()
->setSecurity(
new Components\Security(
partnerApiKeyAuth: '<YOUR_API_KEY_HERE>',
)
)
->build();
$response = $sdk->accounts->list(
page: 1,
limit: 20
);
if ($response->object !== null) {
// handle response
}This SDK supports the following security schemes globally:
| Name | Type | Scheme |
|---|---|---|
partnerApiKeyAuth |
apiKey | API key |
partnerBearerAuth |
http | HTTP Bearer |
You can set the security parameters through the setSecurity function on the SDKBuilder when initializing the SDK. The selected scheme will be used by default to authenticate with the API for all operations that support it. For example:
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner;
use Gando\Partner\Models\Components;
$sdk = Partner\Gando::builder()
->setSecurity(
new Components\Security(
partnerApiKeyAuth: '<YOUR_API_KEY_HERE>',
)
)
->build();
$response = $sdk->accounts->list(
page: 1,
limit: 20
);
if ($response->object !== null) {
// handle response
}Available methods
- list - List clients across linked rental operator accounts
- create - Create a client for a linked rental operator account
- update - Update a partner-accessible client
- list - List deposits
- create - Create a deposit for a linked rental operator
- retrieve - Get deposit by id
- delete - Delete or archive a deposit
- update - Update deposit (change client or cancel pending payment)
- getCapture - Get latest capture for a deposit
- capture - Create a capture (encaissement)
- sendEmails - Send deposit link to multiple emails
- sendDepositMail - Send deposit link to one email
- cancel - Close deposit (status close + optional email)
- getPaymentMethod - Masked card info for the deposit
- getPdf - Download deposit summary PDF
- list - List partner webhook endpoints
- create - Create partner webhook endpoint
- delete - Delete partner webhook endpoint
- update - Update partner webhook endpoint
- rotateSecret - Rotate partner webhook secret
- getSecret - Get partner webhook secret
- test - Send test partner webhook delivery
- getDeliveries - List partner webhook deliveries
All Partner API operations use the global x-speakeasy-retries extension from the Partner OpenAPI document (PARTNER_SPEAKEASY_RETRIES in gando-app → lib/api/openapi/shared.ts). Out of the box, the SDK retries transient failures without custom loops in partner integrations.
| Setting | Value |
|---|---|
| Strategy | Exponential backoff (initialInterval 500 ms, maxInterval 60 s, exponent 1.5) |
| Max elapsed time | 30 s |
| Status codes | 429, 5xx (server errors) |
| Connection errors | Retried when enabled |
| Attempts | Up to 3 (1 initial + 2 retries) within the elapsed window |
The SDK respects a Retry-After response header when present. Override globally via Gando::builder()->setRetryConfig(...) or per call via Utils\Options (see below).
Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.
To change the default retry strategy for a single API call, simply provide an Options object built with a RetryConfig object to the call:
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner;
use Gando\Partner\Models\Components;
use Gando\Partner\Utils\Retry;
$sdk = Partner\Gando::builder()
->setSecurity(
new Components\Security(
partnerApiKeyAuth: '<YOUR_API_KEY_HERE>',
)
)
->build();
$response = $sdk->accounts->list(
page: 1,
limit: 20,
options: Utils\Options->builder()->setRetryConfig(
new Retry\RetryConfigBackoff(
initialInterval: 1,
maxInterval: 50,
exponent: 1.1,
maxElapsedTime: 100,
retryConnectionErrors: false,
))->build()
);
if ($response->object !== null) {
// handle response
}If you'd like to override the default retry strategy for all operations that support retries, you can pass a RetryConfig object to the SDKBuilder->setRetryConfig function when initializing the SDK:
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner;
use Gando\Partner\Models\Components;
use Gando\Partner\Utils\Retry;
$sdk = Partner\Gando::builder()
->setRetryConfig(
new Retry\RetryConfigBackoff(
initialInterval: 1,
maxInterval: 50,
exponent: 1.1,
maxElapsedTime: 100,
retryConnectionErrors: false,
)
)
->setSecurity(
new Components\Security(
partnerApiKeyAuth: '<YOUR_API_KEY_HERE>',
)
)
->build();
$response = $sdk->accounts->list(
page: 1,
limit: 20
);
if ($response->object !== null) {
// handle response
}Handling errors in this SDK should largely match your expectations. All operations return a response object or throw an exception.
By default an API error will raise a Errors\APIException exception, which has the following properties:
| Property | Type | Description |
|---|---|---|
$message |
string | The error message |
$statusCode |
int | The HTTP status code |
$rawResponse |
?\Psr\Http\Message\ResponseInterface | The raw HTTP response |
$body |
string | The response content |
When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the list method throws the following exceptions:
| Error Type | Status Code | Content Type |
|---|---|---|
| Errors\ErrorEnvelope | 400, 401, 403, 404, 409, 422, 429 | application/json |
| Errors\ErrorEnvelope | 500 | application/json |
| Errors\APIException | 4XX, 5XX | */* |
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner;
use Gando\Partner\Models\Components;
use Gando\Partner\Models\Errors;
$sdk = Partner\Gando::builder()
->setSecurity(
new Components\Security(
partnerApiKeyAuth: '<YOUR_API_KEY_HERE>',
)
)
->build();
try {
$response = $sdk->accounts->list(
page: 1,
limit: 20
);
if ($response->object !== null) {
// handle response
}
} catch (Errors\ErrorEnvelopeThrowable $e) {
// handle $e->$container data
throw $e;
} catch (Errors\ErrorEnvelopeThrowable $e) {
// handle $e->$container data
throw $e;
} catch (Errors\APIException $e) {
// handle default exception
throw $e;
}The default server can be overridden globally using the setServerUrl(string $serverUrl) builder method when initializing the SDK client instance. For example:
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner;
use Gando\Partner\Models\Components;
$sdk = Partner\Gando::builder()
->setServerURL('http://localhost:3000')
->setSecurity(
new Components\Security(
partnerApiKeyAuth: '<YOUR_API_KEY_HERE>',
)
)
->build();
$response = $sdk->accounts->list(
page: 1,
limit: 20
);
if ($response->object !== null) {
// handle response
}Inbound partner webhooks are signed by Gando. Verify every delivery before processing the JSON payload.
Headers: X-Gando-Signature (sha256=<hex>), X-Gando-Timestamp (Unix seconds), X-Gando-Event (event name).
Use the raw request body (not json_decode output). The signing secret is returned once when you create a webhook endpoint (gando_whsec_...).
declare(strict_types=1);
require 'vendor/autoload.php';
use Gando\Partner\Exceptions\WebhookSignatureException;
use Gando\Partner\WebhookVerifier;
$rawBody = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_GANDO_SIGNATURE'] ?? '';
$timestamp = $_SERVER['HTTP_X_GANDO_TIMESTAMP'] ?? '';
$secret = getenv('GANDO_WEBHOOK_SECRET'); // your signing secret
try {
WebhookVerifier::verify($rawBody, $signature, $timestamp, $secret);
} catch (WebhookSignatureException $e) {
// $e->getReason() is "invalid" or "expired"
http_response_code(400);
exit;
}
$payload = json_decode($rawBody, true, flags: JSON_THROW_ON_ERROR);
// handle $payload...See also Webhooks SDK docs and the recipe snippet at recipes/snippets/webhooks.verify.php.
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.