MakePay Ecwid/Lightspeed App

Ecwid by Lightspeed payment app source for MakePay hosted payment links.

The app implements the Ecwid payment app flow: Ecwid redirects a buyer to the app paymentUrl, the app decrypts the encoded payment request, creates a MakePay hosted payment link, sends the buyer to MakePay, updates the Ecwid transaction status when payment completes, and redirects the buyer back to the Ecwid returnUrl.

Features

• Ecwid paymentUrl handler with AES-128-GCM request decoding.
• MakePay hosted payment-link creation.
• Return handler that updates Ecwid payment status before redirecting back.
• MakePay webhook handler for server-side reconciliation.
• In-memory transaction store for local development.
• Tests for Ecwid decoding, MakePay requests, Ecwid status updates, and webhook signatures.

Required Ecwid App Scopes

Configure the Ecwid app with:

• add_payment_method
• read_store_profile
• read_orders
• update_orders

Set the app payment URL to:

https://your-app.example/ecwid/payment

Environment

ECWID_CLIENT_SECRET=
MAKEPAY_KEY_ID=
MAKEPAY_KEY_SECRET=
MAKEPAY_WEBHOOK_SECRET=
MAKEPAY_BASE_URL=https://www.makecrypto.io
PUBLIC_BASE_URL=https://your-app.example
PORT=8788

Never expose MakePay key secrets, Ecwid app secrets, or Ecwid access tokens to the browser. The local in-memory state store is for development; production deployments should use durable storage.

Development

npm test
npm run validate
npm run dev

See docs/SETUP.md for app registration and production notes.