Skip to content

README.md

Latest commit

 

History

History
89 lines (63 loc) · 2.49 KB

README.md

File metadata and controls

89 lines (63 loc) · 2.49 KB

MakePay Drupal Commerce Module

Drupal Commerce payment gateway module for MakePay hosted payment links.

The module adds an off-site MakePay checkout gateway for Drupal Commerce stores. It creates MakePay payment links during checkout, redirects buyers to hosted checkout, and reconciles signed MakePay webhook notifications back into Drupal Commerce payments.

Features

  • Drupal Commerce off-site redirect gateway plugin.
  • Server-side MakePay payment link creation with merchant credentials.
  • Signed webhook/IPN verification with X-MakePay-Signature.
  • Payment reconciliation through Drupal Commerce payments, not direct order mutations.
  • Configuration schema for API credentials and webhook secrets.
  • Local validator and GitHub Actions workflow for module hygiene.

Requirements

  • Drupal 10.3 or Drupal 11.
  • Drupal Commerce 2.x with Commerce Payment enabled.
  • PHP 8.1 or newer.
  • A MakePay merchant account with partner API keys.

Installation

Install as a Drupal module with Composer:

composer require makepay/drupal-commerce
drush en makepay_commerce -y

For development, place this repository in web/modules/contrib/makepay_commerce or another enabled custom module directory.

Configuration

  1. Enable Commerce Payment.
  2. Go to /admin/commerce/config/payment-gateways.
  3. Add a payment gateway and choose MakePay hosted checkout.
  4. Configure:
    • MakePay Key ID
    • MakePay Key Secret
    • MakePay Webhook Secret
    • Partner API base URL, default https://www.makecrypto.io
  5. Set the gateway mode to test or live.

Never expose the key secret or webhook secret in browser code. The module uses them only on the Drupal server.

Webhooks

Configure MakePay to send signed webhook events to the Drupal Commerce notification URL:

https://your-store.example/payment/notify/PAYMENT_GATEWAY_ID

PAYMENT_GATEWAY_ID is the machine name of the configured Drupal Commerce payment gateway entity, for example makepay.

The module verifies the X-MakePay-Signature header before processing a notification. The expected signature format is:

t=UNIX_TIMESTAMP,v1=HEX_HMAC_SHA256

The signed payload is timestamp.raw_body.

Development

Run the local checks:

node scripts/validate.mjs
find . -name '*.php' -not -path './vendor/*' -print0 | xargs -0 -n1 php -l
composer validate --strict

Security

Report security concerns privately. Do not open public issues for suspected credential leaks, signature bypasses, or payment reconciliation problems.