paybridge 0.5.0 → 0.6.0

package/README.md

@@ -197,6 +197,9 @@ app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
 | **Adyen** | ✅ | ⛔ | ✅ | ✅ | **Production** |
 | **Mercado Pago** | ✅ | ✅ | ✅ | ✅ | **Production** |
 | **Razorpay** | ✅ | ✅ | ✅ | ✅ | **Production** |
+| **Mollie** | ✅ | ⛔ | ✅ | ✅ | **Production** |
+| **Square** | ✅ | ⛔ | ✅ | ✅ | **Production** |
+| **Pesapal** | ✅ | ⛔ | ✅ | ✅ | **Production** |
 
 ### Crypto on/off-ramp providers
 
@@ -204,6 +207,8 @@ app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
 |----------|---------|----------|-------|----------|--------|
 | **MoonPay** | ✅ | ✅ | ✅ | ✅ | **Production** |
 | **Yellow Card** | ⚠️ | ⚠️ | ⚠️ | ⚠️ | **Experimental** |
+| **Transak** | ✅ | ✅ | ✅ | ✅ | **Production** |
+| **Ramp Network** | ✅ | ✅ | ✅ | ✅ | **Production** |
 
 **Legend:** ✅ Supported | ⛔ Not supported by upstream API | ⚠️ Experimental (spec unverified)
 
@@ -313,6 +318,62 @@ const pay = new PayBridge({
 
 **Note:** Razorpay webhooks do not include timestamp-based replay protection.
 
+### Mollie
+
+```typescript
+const pay = new PayBridge({
+  provider: 'mollie',
+  credentials: {
+    apiKey: 'test_...' // Or live_... for production
+  },
+  sandbox: true,
+  webhookSecret: 'optional_webhook_secret'
+});
+```
+
+**Docs:** [Mollie API Reference](https://docs.mollie.com/reference)
+
+**Note:** Mollie subscriptions require Customer + Mandate setup (not yet supported by paybridge). Mollie webhooks have no signature scheme — security relies on getPayment() round-trip + source IP validation.
+
+### Square
+
+```typescript
+const pay = new PayBridge({
+  provider: 'square',
+  credentials: {
+    apiKey: 'EAAAEOuL...', // Access token
+    locationId: 'LOCATION123',
+    notificationUrl: 'https://example.com/webhook' // Required for signature verification
+  },
+  sandbox: true,
+  webhookSecret: 'your_webhook_secret'
+});
+```
+
+**Docs:** [Square API Reference](https://developer.squareup.com/reference/square)
+
+**Note:** Square subscriptions require multi-step Catalog + Customer + Plan setup (not yet supported by paybridge). Webhook signature uses notificationUrl + raw body.
+
+### Pesapal
+
+```typescript
+const pay = new PayBridge({
+  provider: 'pesapal',
+  credentials: {
+    apiKey: 'qkio1BGG...', // consumer_key
+    secretKey: 'osGQ364R...', // consumer_secret
+    notificationId: 'IPN123', // Register IPN URL with Pesapal first
+    username: 'merchant@example.com' // Required for refunds
+  },
+  sandbox: true,
+  webhookSecret: 'optional_webhook_secret'
+});
+```
+
+**Docs:** [Pesapal API Reference](https://developer.pesapal.com/)
+
+**Note:** Pesapal subscriptions not yet supported. Pesapal IPN has no signature scheme — security relies on getPayment() round-trip + source IP validation. OAuth-style token caching (5min expiry).
+
 ## Switch Providers in 1 Line
 
 ```typescript

package/dist/crypto/index.d.ts

@@ -8,8 +8,10 @@ export * from './base';
 export * from './moonpay';
 export * from './yellowcard';
 export * from './mock';
+export * from './transak';
+export * from './ramp';
 export * from './router';
-export type CryptoProvider = 'moonpay' | 'yellowcard' | 'mock';
+export type CryptoProvider = 'moonpay' | 'yellowcard' | 'mock' | 'transak' | 'ramp';
 export interface CryptoRampConfig {
     provider: CryptoProvider;
     credentials: {

package/dist/crypto/index.js

@@ -21,11 +21,15 @@ exports.CryptoRamp = void 0;
 const moonpay_1 = require("./moonpay");
 const yellowcard_1 = require("./yellowcard");
 const mock_1 = require("./mock");
+const transak_1 = require("./transak");
+const ramp_1 = require("./ramp");
 __exportStar(require("./types"), exports);
 __exportStar(require("./base"), exports);
 __exportStar(require("./moonpay"), exports);
 __exportStar(require("./yellowcard"), exports);
 __exportStar(require("./mock"), exports);
+__exportStar(require("./transak"), exports);
+__exportStar(require("./ramp"), exports);
 __exportStar(require("./router"), exports);
 class CryptoRamp {
     constructor(config) {
@@ -59,6 +63,25 @@ class CryptoRamp {
                     sandbox,
                     webhookSecret,
                 });
+            case 'transak':
+                if (!credentials.apiKey || !credentials.secretKey) {
+                    throw new Error('Transak requires apiKey and secretKey');
+                }
+                return new transak_1.TransakProvider({
+                    apiKey: credentials.apiKey,
+                    apiSecret: credentials.secretKey,
+                    sandbox,
+                    webhookSecret,
+                });
+            case 'ramp':
+                if (!credentials.apiKey) {
+                    throw new Error('Ramp Network requires apiKey (hostApiKey)');
+                }
+                return new ramp_1.RampProvider({
+                    hostApiKey: credentials.apiKey,
+                    webhookSecret,
+                    sandbox,
+                });
             case 'mock':
                 return new mock_1.MockCryptoRampProvider();
             default:

package/dist/crypto/ramp.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Ramp Network crypto on/off-ramp provider
+ * @see https://docs.ramp.network/
+ */
+import { CryptoRampProvider } from './base';
+import { OnRampParams, OffRampParams, RampQuote, RampResult, CryptoRampCapabilities } from './types';
+interface RampConfig {
+    hostApiKey: string;
+    webhookSecret?: string;
+    sandbox: boolean;
+}
+export declare class RampProvider extends CryptoRampProvider {
+    readonly name = "ramp";
+    private hostApiKey;
+    private webhookSecret?;
+    private sandbox;
+    private widgetUrl;
+    private apiUrl;
+    constructor(config: RampConfig);
+    getQuote(_direction: 'on' | 'off', fiatAmount: number, _fiatCurrency: string, _cryptoAsset: string, _network: string): Promise<RampQuote>;
+    createOnRamp(params: OnRampParams): Promise<RampResult>;
+    createOffRamp(params: OffRampParams): Promise<RampResult>;
+    getRamp(id: string): Promise<RampResult>;
+    parseWebhook(body: any, _headers?: any): any;
+    /**
+     * Ramp Network webhook verification (HMAC placeholder).
+     *
+     * TODO(verify): Ramp Network uses ECDSA secp256k1 for webhook signatures.
+     * This implementation uses HMAC-SHA256 as a placeholder. Production deployments
+     * should implement ECDSA verification using Ramp's public key.
+     */
+    verifyWebhook(body: string | Buffer, headers?: any): boolean;
+    getCapabilities(): CryptoRampCapabilities;
+    private mapRampStatus;
+}
+export {};

package/dist/crypto/ramp.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Ramp Network crypto on/off-ramp provider
+ * @see https://docs.ramp.network/
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RampProvider = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+class RampProvider extends base_1.CryptoRampProvider {
+    constructor(config) {
+        super();
+        this.name = 'ramp';
+        this.hostApiKey = config.hostApiKey;
+        this.webhookSecret = config.webhookSecret;
+        this.sandbox = config.sandbox;
+        this.widgetUrl = this.sandbox
+            ? 'https://ri-widget-staging.firebaseapp.com'
+            : 'https://buy.ramp.network';
+        this.apiUrl = 'https://api.ramp.network/api/host-api/v3';
+    }
+    async getQuote(_direction, fiatAmount, _fiatCurrency, _cryptoAsset, _network) {
+        return {
+            fiatAmount,
+            cryptoAmount: 0,
+            rate: 0,
+            feeFixed: 0,
+            feePercent: 2.9,
+            feeTotal: (fiatAmount * 2.9) / 100,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+    }
+    async createOnRamp(params) {
+        (0, base_1.validateWalletAddress)(params.destinationWallet, params.network);
+        const quote = await this.getQuote('on', params.fiatAmount, params.fiatCurrency, params.asset, params.network);
+        const swapAsset = `${params.asset}_${params.network}`;
+        const queryParams = new URLSearchParams({
+            hostApiKey: this.hostApiKey,
+            swapAsset: swapAsset.toUpperCase(),
+            fiatCurrency: params.fiatCurrency.toUpperCase(),
+            fiatValue: params.fiatAmount.toString(),
+            userAddress: params.destinationWallet,
+            userEmailAddress: params.customer.email,
+            finalUrl: params.urls.success,
+        });
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `ramp_on_${params.reference}`,
+            direction: 'on',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async createOffRamp(params) {
+        if (params.sourceWallet) {
+            (0, base_1.validateWalletAddress)(params.sourceWallet, params.network);
+        }
+        const quote = await this.getQuote('off', params.cryptoAmount, params.fiatCurrency, params.asset, params.network);
+        const swapAsset = `${params.asset}_${params.network}`;
+        const queryParams = new URLSearchParams({
+            hostApiKey: this.hostApiKey,
+            swapAsset: swapAsset.toUpperCase(),
+            defaultFlow: 'OFFRAMP',
+        });
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `ramp_off_${params.reference}`,
+            direction: 'off',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async getRamp(id) {
+        const response = await (0, fetch_1.timedFetch)(`${this.apiUrl}/${id}`);
+        if (!response.ok) {
+            throw new Error(`Ramp Network getRamp failed: ${response.status}`);
+        }
+        const data = (await response.json());
+        const direction = data.type === 'ONRAMP' ? 'on' : 'off';
+        const status = this.mapRampStatus(data.status);
+        const quote = {
+            fiatAmount: data.fiatValue || 0,
+            cryptoAmount: data.cryptoAmount || 0,
+            rate: data.assetExchangeRate || 0,
+            feeFixed: 0,
+            feePercent: 0,
+            feeTotal: data.appliedFee || 0,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+        return {
+            id: data.id,
+            direction,
+            status,
+            quote,
+            txHash: data.cryptoTxHash,
+            createdAt: data.createdAt,
+            raw: data,
+        };
+    }
+    parseWebhook(body, _headers) {
+        const event = typeof body === 'string' ? JSON.parse(body) : body;
+        return {
+            type: event.type,
+            data: event.purchase || event,
+            raw: event,
+        };
+    }
+    /**
+     * Ramp Network webhook verification (HMAC placeholder).
+     *
+     * TODO(verify): Ramp Network uses ECDSA secp256k1 for webhook signatures.
+     * This implementation uses HMAC-SHA256 as a placeholder. Production deployments
+     * should implement ECDSA verification using Ramp's public key.
+     */
+    verifyWebhook(body, headers) {
+        if (!this.webhookSecret)
+            return false;
+        const signature = headers?.['x-body-signature'];
+        if (!signature)
+            return false;
+        const rawBody = typeof body === 'string' ? body : body.toString('utf8');
+        const computedSig = crypto_1.default
+            .createHmac('sha256', this.webhookSecret)
+            .update(rawBody)
+            .digest('hex');
+        try {
+            const computedBuffer = Buffer.from(computedSig, 'hex');
+            const expectedBuffer = Buffer.from(signature, 'hex');
+            if (computedBuffer.length !== expectedBuffer.length) {
+                return false;
+            }
+            return crypto_1.default.timingSafeEqual(computedBuffer, expectedBuffer);
+        }
+        catch {
+            return false;
+        }
+    }
+    getCapabilities() {
+        return {
+            supportedAssets: ['BTC', 'ETH', 'USDT', 'USDC', 'DAI', 'MATIC'],
+            supportedNetworks: ['BTC', 'ETH', 'POLYGON', 'BSC'],
+            supportedFiat: ['USD', 'EUR', 'GBP', 'ZAR', 'AUD', 'CAD'],
+            country: 'GLOBAL',
+            kycRequired: true,
+            onRampLimits: { min: 30, max: 30000 },
+            offRampLimits: { min: 50, max: 30000 },
+            fees: {
+                onRampPercent: 2.9,
+                offRampPercent: 1.9,
+            },
+        };
+    }
+    mapRampStatus(rampStatus) {
+        const statusMap = {
+            INITIALIZED: 'pending',
+            PAYMENT_STARTED: 'pending',
+            PAYMENT_IN_PROGRESS: 'pending',
+            PAYMENT_EXECUTED: 'pending',
+            FIAT_SENT: 'pending',
+            FIAT_RECEIVED: 'pending',
+            RELEASING: 'pending',
+            RELEASED: 'completed',
+            EXPIRED: 'expired',
+            CANCELLED: 'expired',
+        };
+        return statusMap[rampStatus] || 'pending';
+    }
+}
+exports.RampProvider = RampProvider;

package/dist/crypto/transak.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Transak crypto on/off-ramp provider
+ * @see https://docs.transak.com/
+ */
+import { CryptoRampProvider } from './base';
+import { OnRampParams, OffRampParams, RampQuote, RampResult, CryptoRampCapabilities } from './types';
+interface TransakConfig {
+    apiKey: string;
+    apiSecret: string;
+    sandbox: boolean;
+    webhookSecret?: string;
+}
+export declare class TransakProvider extends CryptoRampProvider {
+    readonly name = "transak";
+    private apiKey;
+    private apiSecret;
+    private sandbox;
+    private widgetUrl;
+    private apiUrl;
+    private webhookSecret?;
+    constructor(config: TransakConfig);
+    getQuote(direction: 'on' | 'off', fiatAmount: number, fiatCurrency: string, cryptoAsset: string, _network: string): Promise<RampQuote>;
+    createOnRamp(params: OnRampParams): Promise<RampResult>;
+    createOffRamp(params: OffRampParams): Promise<RampResult>;
+    getRamp(id: string): Promise<RampResult>;
+    parseWebhook(body: any, _headers?: any): any;
+    verifyWebhook(body: string | Buffer, headers?: any): boolean;
+    getCapabilities(): CryptoRampCapabilities;
+    private signWidgetUrl;
+    private mapTransakStatus;
+}
+export {};

package/dist/crypto/transak.js

@@ -0,0 +1,212 @@
+"use strict";
+/**
+ * Transak crypto on/off-ramp provider
+ * @see https://docs.transak.com/
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TransakProvider = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+class TransakProvider extends base_1.CryptoRampProvider {
+    constructor(config) {
+        super();
+        this.name = 'transak';
+        this.apiKey = config.apiKey;
+        this.apiSecret = config.apiSecret;
+        this.sandbox = config.sandbox;
+        this.webhookSecret = config.webhookSecret;
+        this.widgetUrl = this.sandbox
+            ? 'https://global-stg.transak.com'
+            : 'https://global.transak.com';
+        this.apiUrl = this.sandbox
+            ? 'https://api-stg.transak.com'
+            : 'https://api.transak.com';
+    }
+    async getQuote(direction, fiatAmount, fiatCurrency, cryptoAsset, _network) {
+        const params = new URLSearchParams({
+            fiatCurrency: fiatCurrency.toUpperCase(),
+            cryptoCurrency: cryptoAsset.toUpperCase(),
+            fiatAmount: fiatAmount.toString(),
+            paymentMethod: 'credit_debit_card',
+            isBuyOrSell: direction === 'on' ? 'BUY' : 'SELL',
+        });
+        const url = `${this.apiUrl}/api/v2/currencies/price?${params}`;
+        const response = await (0, fetch_1.timedFetch)(url, {
+            headers: {
+                'api-secret': this.apiSecret,
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Transak quote failed: ${response.status}`);
+        }
+        const data = (await response.json());
+        const cryptoAmount = data.response?.cryptoAmount || 0;
+        const totalFee = data.response?.totalFee || 0;
+        const rate = fiatAmount > 0 ? cryptoAmount / fiatAmount : 0;
+        return {
+            fiatAmount,
+            cryptoAmount,
+            rate,
+            feeFixed: 0,
+            feePercent: (totalFee / fiatAmount) * 100,
+            feeTotal: totalFee,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+    }
+    async createOnRamp(params) {
+        (0, base_1.validateWalletAddress)(params.destinationWallet, params.network);
+        const quote = await this.getQuote('on', params.fiatAmount, params.fiatCurrency, params.asset, params.network);
+        const queryParams = new URLSearchParams({
+            apiKey: this.apiKey,
+            fiatAmount: params.fiatAmount.toString(),
+            fiatCurrency: params.fiatCurrency.toUpperCase(),
+            cryptoCurrencyCode: params.asset.toUpperCase(),
+            network: params.network.toUpperCase(),
+            walletAddress: params.destinationWallet,
+            email: params.customer.email,
+            partnerOrderId: params.reference,
+            redirectURL: params.urls.success,
+        });
+        const signature = this.signWidgetUrl(queryParams.toString());
+        queryParams.append('signature', signature);
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `transak_on_${params.reference}`,
+            direction: 'on',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async createOffRamp(params) {
+        if (params.sourceWallet) {
+            (0, base_1.validateWalletAddress)(params.sourceWallet, params.network);
+        }
+        const quote = await this.getQuote('off', params.cryptoAmount, params.fiatCurrency, params.asset, params.network);
+        const queryParams = new URLSearchParams({
+            apiKey: this.apiKey,
+            productsAvailed: 'SELL',
+            cryptoCurrencyCode: params.asset.toUpperCase(),
+            network: params.network.toUpperCase(),
+            fiatCurrency: params.fiatCurrency.toUpperCase(),
+            partnerOrderId: params.reference,
+        });
+        if (params.urls?.success) {
+            queryParams.append('redirectURL', params.urls.success);
+        }
+        const signature = this.signWidgetUrl(queryParams.toString());
+        queryParams.append('signature', signature);
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `transak_off_${params.reference}`,
+            direction: 'off',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async getRamp(id) {
+        const response = await (0, fetch_1.timedFetch)(`${this.apiUrl}/api/v2/orders/${id}`, {
+            headers: {
+                'api-secret': this.apiSecret,
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Transak getRamp failed: ${response.status}`);
+        }
+        const data = (await response.json());
+        const order = data.response;
+        const direction = order.isBuyOrSell === 'BUY' ? 'on' : 'off';
+        const status = this.mapTransakStatus(order.status);
+        const quote = {
+            fiatAmount: order.fiatAmount || 0,
+            cryptoAmount: order.cryptoAmount || 0,
+            rate: order.conversionPrice || 0,
+            feeFixed: 0,
+            feePercent: 0,
+            feeTotal: order.totalFee || 0,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+        return {
+            id: order.id,
+            direction,
+            status,
+            quote,
+            txHash: order.transactionHash,
+            createdAt: order.createdAt,
+            raw: data,
+        };
+    }
+    parseWebhook(body, _headers) {
+        const event = typeof body === 'string' ? JSON.parse(body) : body;
+        return {
+            type: event.eventName,
+            data: event.data,
+            raw: event,
+        };
+    }
+    verifyWebhook(body, headers) {
+        if (!this.webhookSecret)
+            return false;
+        const signature = headers?.['x-transak-signature'];
+        if (!signature)
+            return false;
+        const rawBody = typeof body === 'string' ? body : body.toString('utf8');
+        const computedSig = crypto_1.default
+            .createHmac('sha256', this.webhookSecret)
+            .update(rawBody)
+            .digest('hex');
+        try {
+            const computedBuffer = Buffer.from(computedSig, 'hex');
+            const expectedBuffer = Buffer.from(signature, 'hex');
+            if (computedBuffer.length !== expectedBuffer.length) {
+                return false;
+            }
+            return crypto_1.default.timingSafeEqual(computedBuffer, expectedBuffer);
+        }
+        catch {
+            return false;
+        }
+    }
+    getCapabilities() {
+        return {
+            supportedAssets: ['BTC', 'ETH', 'USDT', 'USDC', 'MATIC', 'BNB'],
+            supportedNetworks: ['BTC', 'ETH', 'POLYGON', 'BSC', 'TRON'],
+            supportedFiat: ['USD', 'EUR', 'GBP', 'ZAR', 'INR', 'AUD'],
+            country: 'GLOBAL',
+            kycRequired: true,
+            onRampLimits: { min: 30, max: 50000 },
+            offRampLimits: { min: 50, max: 50000 },
+            fees: {
+                onRampPercent: 2.0,
+                offRampPercent: 1.5,
+            },
+        };
+    }
+    signWidgetUrl(queryString) {
+        return crypto_1.default
+            .createHmac('sha256', this.apiSecret)
+            .update(queryString)
+            .digest('base64');
+    }
+    mapTransakStatus(transakStatus) {
+        const statusMap = {
+            AWAITING_PAYMENT_FROM_USER: 'pending',
+            PROCESSING: 'pending',
+            COMPLETED: 'completed',
+            FAILED: 'failed',
+            EXPIRED: 'expired',
+            CANCELLED: 'expired',
+        };
+        return statusMap[transakStatus] || 'pending';
+    }
+}
+exports.TransakProvider = TransakProvider;

package/dist/index.js

@@ -32,6 +32,9 @@ const flutterwave_1 = require("./providers/flutterwave");
 const adyen_1 = require("./providers/adyen");
 const mercadopago_1 = require("./providers/mercadopago");
 const razorpay_1 = require("./providers/razorpay");
+const mollie_1 = require("./providers/mollie");
+const square_1 = require("./providers/square");
+const pesapal_1 = require("./providers/pesapal");
 __exportStar(require("./types"), exports);
 __exportStar(require("./utils/currency"), exports);
 __exportStar(require("./utils/fetch"), exports);
@@ -168,6 +171,38 @@ class PayBridge {
                     sandbox,
                     webhookSecret,
                 });
+            case 'mollie':
+                if (!credentials.apiKey) {
+                    throw new Error('Mollie requires apiKey (test_* or live_*)');
+                }
+                return new mollie_1.MollieProvider({
+                    apiKey: credentials.apiKey,
+                    sandbox,
+                    webhookSecret,
+                });
+            case 'square':
+                if (!credentials.apiKey || !credentials.locationId) {
+                    throw new Error('Square requires apiKey (access token) and locationId');
+                }
+                return new square_1.SquareProvider({
+                    accessToken: credentials.apiKey,
+                    locationId: credentials.locationId,
+                    notificationUrl: credentials.notificationUrl,
+                    sandbox,
+                    webhookSecret,
+                });
+            case 'pesapal':
+                if (!credentials.apiKey || !credentials.secretKey) {
+                    throw new Error('Pesapal requires apiKey (consumer_key) and secretKey (consumer_secret)');
+                }
+                return new pesapal_1.PesapalProvider({
+                    consumerKey: credentials.apiKey,
+                    consumerSecret: credentials.secretKey,
+                    notificationId: credentials.notificationId,
+                    username: credentials.username,
+                    sandbox,
+                    webhookSecret,
+                });
             default:
                 throw new Error(`Unknown provider: ${provider}`);
         }

package/dist/providers/mollie.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Mollie payment provider
+ * EU-focused payment gateway supporting 9 currencies
+ * @see https://docs.mollie.com/reference
+ */
+import { PaymentProvider } from './base';
+import { CreatePaymentParams, PaymentResult, CreateSubscriptionParams, SubscriptionResult, RefundParams, RefundResult, WebhookEvent } from '../types';
+import { ProviderCapabilities } from '../routing-types';
+interface MollieConfig {
+    apiKey: string;
+    webhookSecret?: string;
+    sandbox?: boolean;
+}
+export declare class MollieProvider extends PaymentProvider {
+    readonly name = "mollie";
+    readonly supportedCurrencies: string[];
+    private apiKey;
+    private webhookSecret?;
+    private sandbox;
+    private baseUrl;
+    constructor(config: MollieConfig);
+    private apiRequest;
+    createPayment(params: CreatePaymentParams): Promise<PaymentResult>;
+    createSubscription(_params: CreateSubscriptionParams): Promise<SubscriptionResult>;
+    getPayment(id: string): Promise<PaymentResult>;
+    refund(params: RefundParams): Promise<RefundResult>;
+    parseWebhook(body: any, _headers?: any): WebhookEvent;
+    /**
+     * Mollie webhooks have no signature verification scheme.
+     * Security comes from:
+     * 1. Validating source IP (caller's responsibility)
+     * 2. Calling getPayment(id) to verify actual status
+     *
+     * Always returns true to indicate no validation error (Mollie design limitation).
+     */
+    verifyWebhook(_body: string | Buffer, _headers?: any): boolean;
+    getCapabilities(): ProviderCapabilities;
+}
+export {};