Official Flutter SDK for the HayBTech Payment Gateway -- integrate mobile money payments into your Flutter apps.
NEVER use your Secret Key (sk_...) in a Flutter app.
Secrets stored in mobile binaries (APK/IPA) can be easily extracted by attackers.
The Flutter SDK only accepts Public Keys (pk_...). All sensitive operations (like creating a payment) must be performed on your backend server using our server-side SDKs (PHP, Node.js, Python, Ruby, Java, Go, .NET).
Add this to your pubspec.yaml:
dependencies:
haybtech_flutter_sdk: ^1.0.0
webview_flutter: ^4.0.0Then run:
flutter pub getFlutter App Your Backend HayBTech API
| | |
|-- 1. Send order details ----->| |
| |-- 2. Create payment ------>|
| |<--- paymentUrl ------------|
|<-- 3. Return paymentUrl ------| |
| | |
|-- 4. Open HayBTechCheckout -->| |
| (WebView with paymentUrl) | |
- Your Flutter App sends order details to Your Backend.
- Your Backend creates a payment via HayBTech API (using Secret Key) and returns the
paymentUrl. - Your Flutter App receives the
paymentUrland opens it using theHayBTechCheckoutwidget.
import 'package:haybtech_flutter_sdk/haybtech_flutter_sdk.dart';
final haybtech = HayBTechClient('pk_test_your_public_key');import 'package:flutter/material.dart';
import 'package:haybtech_flutter_sdk/haybtech_flutter_sdk.dart';
class PaymentPage extends StatelessWidget {
final String paymentUrl; // Received from your backend
const PaymentPage({super.key, required this.paymentUrl});
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: AppBar(title: const Text("Paiement HayBTech")),
body: HayBTechCheckout(
paymentUrl: paymentUrl,
onSuccess: (url) {
Navigator.pop(context);
ScaffoldMessenger.of(context).showSnackBar(
const SnackBar(content: Text("Paiement reussi !")),
);
},
onCancel: (url) => Navigator.pop(context),
onFailure: (url) {
Navigator.pop(context);
ScaffoldMessenger.of(context).showSnackBar(
const SnackBar(content: Text("Paiement echoue.")),
);
},
),
);
}
}// After receiving paymentUrl from your backend
Navigator.push(
context,
MaterialPageRoute(
builder: (_) => PaymentPage(paymentUrl: paymentUrl),
),
);Since the Flutter SDK only handles the frontend, your backend must generate the paymentUrl. Here is an example of what your backend team needs to do using our Server SDKs:
PHP Backend (using haybtech/php-sdk):
$result = HayBTech::payments()->create([
'merchant_ref' => 'ORDER-123',
'amount' => 5000,
'currency' => 'XOF',
'return_url' => 'https://haybtech.sn/status=success', // Intercepted by Flutter
'cancel_url' => 'https://haybtech.sn/status=cancelled', // Intercepted by Flutter
]);
// Send this URL to your Flutter app
echo json_encode(['paymentUrl' => $result['data']['payment_url']]);Node.js Backend (using @haybtech/sdk):
const payment = await haybtech.payments.create({
merchant_ref: 'ORDER-123',
amount: 5000,
currency: 'XOF',
return_url: 'https://haybtech.sn/status=success',
cancel_url: 'https://haybtech.sn/status=cancelled'
});
// Send payment.data.payment_url to your Flutter app| Callback | Triggered When |
|---|---|
onSuccess |
Payment completed successfully |
onCancel |
Customer cancelled the payment |
onFailure |
Payment failed or an error occurred |
Add internet permission in android/app/src/main/AndroidManifest.xml:
<uses-permission android:name="android.permission.INTERNET"/>No additional configuration required. WebView is supported natively.
- Public Key Enforcement: The SDK throws an
ArgumentErrorif a Secret Key (sk_...) is used. - Secure WebView Isolation: Uses
webview_flutterwith isolated navigation delegates. - No Sensitive Data on Device: The SDK acts as a pure UI layer; no card or credential data ever touches the mobile persistent storage.
- URL Monitoring: Navigation delegate detects return/cancel/failure URLs without exposing internal state.
| Requirement | Version |
|---|---|
| Flutter | 3.0+ |
| Dart | 2.17+ |
| webview_flutter | 4.0+ |
| Android SDK | 21+ |
| iOS | 12.0+ |
MIT License