How to secure a php file

Question

I did a payment gateway integration on an existing website. The payment gateway gave me an API which I used and did the coding and stored it in a php file pay.php

Answer 1

To add to the answer of Commusoft and to give a slight alternative.

This piece of .htaccess denies php file requests via the browser and makes sure you can only include the file from a different php file.

Deny from All

Put this in a separate directory where pay.php is located.

I think the best way of dealing with this payment issue is to turn the pay.php into a full class and use it object oriented. That way you can use the functionality in any location and pass variables to it easily.