paymongo-cli 1.4.8 → 1.4.10

package/dist/commands/config.js

@@ -35,6 +35,8 @@ command
     .description('Set time window in seconds')
     .arguments('<seconds>')
     .action(rateLimitSetWindowAction))
-    .addCommand(new Command('status').description('Show current rate limiting settings').action(rateLimitStatusAction)));
+    .addCommand(new Command('status')
+    .description('Show current rate limiting settings')
+    .action(rateLimitStatusAction)));
 export { showAction, setAction, backupAction, resetAction, importAction, rateLimitEnableAction, rateLimitDisableAction, rateLimitSetMaxRequestsAction, rateLimitSetWindowAction, rateLimitStatusAction, };
 export default command;

package/dist/commands/dev.js

@@ -119,7 +119,7 @@ command
             let cleanedCount = 0;
             for (const webhook of config.registeredWebhooks) {
                 try {
-                    await apiClient.deleteWebhook(webhook.id);
+                    await apiClient.disableWebhook(webhook.id);
                     cleanedCount++;
                 }
                 catch {
@@ -226,13 +226,13 @@ command
                 await devServer.stop();
                 if (webhookId) {
                     spinner.start('Cleaning up webhook...');
-                    await new ApiClient({ config }).deleteWebhook(webhookId);
+                    await new ApiClient({ config }).disableWebhook(webhookId);
                     if (config.registeredWebhooks) {
                         config.registeredWebhooks = config.registeredWebhooks.filter((w) => w.id !== webhookId);
                         delete config.webhookSecrets[webhookId];
                         await configManager.save(config);
                     }
-                    spinner.succeed('Webhook deleted');
+                    spinner.succeed('Webhook disabled');
                 }
             }
             catch (error) {

package/dist/commands/generate/templates/index.js

@@ -2,4 +2,4 @@ export { getWebhookHandlerTemplate as getJavaScriptWebhookHandler } from './webh
 export { getWebhookHandlerTemplate as getTypeScriptWebhookHandler } from './webhook-handler/typescript.js';
 export { getPaymentIntentTemplate as getJavaScriptPaymentIntent } from './payment-intent/javascript.js';
 export { getPaymentIntentTemplate as getTypeScriptPaymentIntent } from './payment-intent/typescript.js';
-export { getCheckoutPageTemplate, getHtmlTemplate, getReactTemplate, getVueTemplate } from './checkout-page/index.js';
+export { getCheckoutPageTemplate, getHtmlTemplate, getReactTemplate, getVueTemplate, } from './checkout-page/index.js';

package/dist/commands/generate/templates/webhook-handler/javascript.js

@@ -18,14 +18,16 @@ app.use(express.json());
 // Webhook secret from PayMongo dashboard
 const WEBHOOK_SECRET = process.env.PAYMONGO_WEBHOOK_SECRET;
 
-function verifySignature(payload, signatureHeader, secret) {
+function verifySignature(payload, signatureHeader, secret, livemode) {
   if (!signatureHeader) {
     return false;
   }
 
   const parts = signatureHeader.split(',');
   const timestamp = parts.find((part) => part.startsWith('t='))?.split('=')[1];
-  const signature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const testSignature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const liveSignature = parts.find((part) => part.startsWith('li='))?.split('=')[1];
+  const signature = livemode ? liveSignature : testSignature || liveSignature;
 
   if (!timestamp || !signature) {
     return false;
@@ -48,7 +50,7 @@ app.post('/webhooks/paymongo', (req, res) => {
     const payload = JSON.stringify(req.body);
 
     // Verify webhook signature (optional but recommended)
-    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET)) {
+    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET, req.body.data.attributes.livemode)) {
       console.log('Invalid signature');
       return res.status(400).json({ error: 'Invalid signature' });
     }
@@ -81,14 +83,16 @@ const crypto = require('crypto');
 // Webhook secret from PayMongo dashboard
 const WEBHOOK_SECRET = process.env.PAYMONGO_WEBHOOK_SECRET;
 
-function verifySignature(payload, signatureHeader, secret) {
+function verifySignature(payload, signatureHeader, secret, livemode) {
   if (!signatureHeader) {
     return false;
   }
 
   const parts = signatureHeader.split(',');
   const timestamp = parts.find((part) => part.startsWith('t='))?.split('=')[1];
-  const signature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const testSignature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const liveSignature = parts.find((part) => part.startsWith('li='))?.split('=')[1];
+  const signature = livemode ? liveSignature : testSignature || liveSignature;
 
   if (!timestamp || !signature) {
     return false;
@@ -111,7 +115,7 @@ fastify.post('/webhooks/paymongo', async (request, reply) => {
     const payload = JSON.stringify(request.body);
 
     // Verify webhook signature (optional but recommended)
-    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET)) {
+    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET, request.body.data.attributes.livemode)) {
       console.log('Invalid signature');
       return reply.code(400).send({ error: 'Invalid signature' });
     }
@@ -151,14 +155,16 @@ const crypto = require('crypto');
 // Webhook secret from PayMongo dashboard
 const WEBHOOK_SECRET = process.env.PAYMONGO_WEBHOOK_SECRET;
 
-function verifySignature(payload, signatureHeader, secret) {
+function verifySignature(payload, signatureHeader, secret, livemode) {
   if (!signatureHeader) {
     return false;
   }
 
   const parts = signatureHeader.split(',');
   const timestamp = parts.find((part) => part.startsWith('t='))?.split('=')[1];
-  const signature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const testSignature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const liveSignature = parts.find((part) => part.startsWith('li='))?.split('=')[1];
+  const signature = livemode ? liveSignature : testSignature || liveSignature;
 
   if (!timestamp || !signature) {
     return false;
@@ -181,7 +187,7 @@ function handleWebhook(request, response) {
     const payload = JSON.stringify(request.body);
 
     // Verify webhook signature (optional but recommended)
-    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET)) {
+    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET, request.body.data.attributes.livemode)) {
       console.log('Invalid signature');
       response.writeHead(400, { 'Content-Type': 'application/json' });
       response.end(JSON.stringify({ error: 'Invalid signature' }));

package/dist/commands/generate/templates/webhook-handler/typescript.js

@@ -32,14 +32,21 @@ interface PayMongoWebhookPayload {
   };
 }
 
-function verifySignature(payload: string, signatureHeader: string, secret: string): boolean {
+function verifySignature(
+  payload: string,
+  signatureHeader: string,
+  secret: string,
+  livemode: boolean
+): boolean {
   if (!signatureHeader) {
     return false;
   }
 
   const parts = signatureHeader.split(',');
   const timestamp = parts.find((part) => part.startsWith('t='))?.split('=')[1];
-  const signature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const testSignature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const liveSignature = parts.find((part) => part.startsWith('li='))?.split('=')[1];
+  const signature = livemode ? liveSignature : testSignature || liveSignature;
 
   if (!timestamp || !signature) {
     return false;
@@ -62,7 +69,7 @@ app.post('/webhooks/paymongo', (req: Request, res: Response) => {
     const payload = JSON.stringify(req.body);
 
     // Verify webhook signature (optional but recommended)
-    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET)) {
+    if (WEBHOOK_SECRET && !verifySignature(payload, signature, WEBHOOK_SECRET, req.body.data.attributes.livemode)) {
       console.log('Invalid signature');
       return res.status(400).json({ error: 'Invalid signature' });
     }
@@ -109,14 +116,21 @@ interface PayMongoWebhookPayload {
   };
 }
 
-function verifySignature(payload: string, signatureHeader: string, secret: string): boolean {
+function verifySignature(
+  payload: string,
+  signatureHeader: string,
+  secret: string,
+  livemode: boolean
+): boolean {
   if (!signatureHeader) {
     return false;
   }
 
   const parts = signatureHeader.split(',');
   const timestamp = parts.find((part) => part.startsWith('t='))?.split('=')[1];
-  const signature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const testSignature = parts.find((part) => part.startsWith('te='))?.split('=')[1];
+  const liveSignature = parts.find((part) => part.startsWith('li='))?.split('=')[1];
+  const signature = livemode ? liveSignature : testSignature || liveSignature;
 
   if (!timestamp || !signature) {
     return false;
@@ -138,7 +152,11 @@ export function handleWebhook(body: PayMongoWebhookPayload, signature?: string):
     const payload = JSON.stringify(body);
 
     // Verify webhook signature (optional but recommended)
-    if (WEBHOOK_SECRET && signature && !verifySignature(payload, signature, WEBHOOK_SECRET)) {
+    if (
+      WEBHOOK_SECRET &&
+      signature &&
+      !verifySignature(payload, signature, WEBHOOK_SECRET, body.data.attributes.livemode)
+    ) {
       console.log('Invalid signature');
       throw new Error('Invalid signature');
     }

package/dist/commands/generate.js

@@ -85,14 +85,14 @@ async function generateWebhookHandler(options) {
         let events = [];
         const { input } = await import('@inquirer/prompts');
         if (options.events) {
-            events = options.events.split(',').map(e => e.trim());
+            events = options.events.split(',').map((e) => e.trim());
         }
         else {
             const eventInput = await input({
                 message: 'Enter webhook events (comma-separated):',
                 default: 'payment.paid,payment.failed',
             });
-            events = eventInput.split(',').map(e => e.trim());
+            events = eventInput.split(',').map((e) => e.trim());
         }
         const validEvents = [
             'payment.paid',
@@ -102,7 +102,7 @@ async function generateWebhookHandler(options) {
             'checkout_session.payment.paid',
             'qrph.expired',
         ];
-        const invalidEvents = events.filter(e => !validEvents.includes(e));
+        const invalidEvents = events.filter((e) => !validEvents.includes(e));
         if (invalidEvents.length > 0) {
             console.log(chalk.yellow(`Warning: Unknown events: ${invalidEvents.join(', ')}`));
             console.log(chalk.gray(`Valid events: ${validEvents.join(', ')}`));
@@ -141,7 +141,7 @@ async function generatePaymentIntent(options) {
     try {
         let methods = ['card', 'gcash', 'paymaya'];
         if (options.methods) {
-            methods = options.methods.split(',').map(m => m.trim());
+            methods = options.methods.split(',').map((m) => m.trim());
         }
         let code;
         if (options.language === 'typescript') {

package/dist/commands/payments/actions.js

@@ -197,7 +197,7 @@ export async function createIntentAction(options) {
         handlePaymentsError('❌ Failed to create payment intent:', spinner, error);
     }
 }
-export async function confirmAction(intentId, options) {
+export async function attachAction(intentId, options) {
     const { spinner, configManager } = createPaymentsContext();
     try {
         const config = await loadPaymentsConfig(spinner, configManager);
@@ -256,15 +256,15 @@ export async function confirmAction(intentId, options) {
             console.log(chalk.gray(`Simulation type: ${result.simulationType} (${result.delayApplied}ms delay)`));
             return;
         }
-        spinner.start('Confirming payment intent...');
-        const result = await createApiClient(config).confirmPaymentIntent(intentId, options.paymentMethod ?? '', options.returnUrl);
-        spinner.succeed('Payment intent confirmed');
+        spinner.start('Attaching payment method to payment intent...');
+        const result = await createApiClient(config).attachPaymentIntent(intentId, options.paymentMethod ?? '', options.returnUrl);
+        spinner.succeed('Payment method attached');
         if (options.json) {
             console.log(JSON.stringify(result, null, 2));
             return;
         }
         const attrs = result.attributes;
-        console.log('\n' + chalk.bold('Payment Intent Confirmed'));
+        console.log('\n' + chalk.bold('Payment Method Attached'));
         console.log(chalk.gray('─'.repeat(50)));
         console.log(`${chalk.bold('ID:')} ${result.id}`);
         console.log(`${chalk.bold('Amount:')} ₱${(attrs.amount / 100).toFixed(2)} ${attrs.currency}`);
@@ -273,12 +273,13 @@ export async function confirmAction(intentId, options) {
         console.log(`${chalk.bold('Created:')} ${new Date(attrs.created_at * 1000).toLocaleString()}`);
         console.log(`${chalk.bold('Updated:')} ${new Date(attrs.updated_at * 1000).toLocaleString()}`);
         console.log('');
-        console.log(chalk.gray(`Payment will be processed. Check status with: paymongo payments show-intent ${result.id}`));
+        console.log(chalk.gray(`Check status with: paymongo payments show-intent ${result.id}`));
     }
     catch (error) {
-        handlePaymentsError('❌ Failed to confirm payment intent:', spinner, error);
+        handlePaymentsError('❌ Failed to attach payment method:', spinner, error);
     }
 }
+export const confirmAction = attachAction;
 export async function captureAction(intentId, options) {
     const { spinner, configManager } = createPaymentsContext();
     try {
@@ -319,7 +320,9 @@ export async function refundAction(paymentId, options) {
         if (options.reason && !validReasons.includes(options.reason)) {
             throw new Error(`Invalid reason. Must be one of: ${validReasons.join(', ')}`);
         }
-        const amount = options.amount ? parseBoundedInt(options.amount, options.amount, 'Refund amount must be a positive number in centavos', (parsed) => parsed > 0) : undefined;
+        const amount = options.amount
+            ? parseBoundedInt(options.amount, options.amount, 'Refund amount must be a positive number in centavos', (parsed) => parsed > 0)
+            : undefined;
         spinner.start('Creating refund...');
         const refund = await createApiClient(config).createRefund(paymentId, amount, options.reason);
         spinner.succeed('Refund created');

package/dist/commands/payments.js

@@ -1,5 +1,5 @@
 import { Command } from 'commander';
-import { captureAction, confirmAction, createIntentAction, exportAction, importAction, listAction, refundAction, showAction, } from './payments/actions.js';
+import { attachAction, captureAction, confirmAction, createIntentAction, exportAction, importAction, listAction, refundAction, showAction, } from './payments/actions.js';
 const command = new Command('payments');
 command
     .description('Manage PayMongo payments')
@@ -30,8 +30,9 @@ command
     .option('-d, --description <description>', 'Payment description')
     .option('-j, --json', 'Output as JSON')
     .action(createIntentAction))
-    .addCommand(new Command('confirm')
-    .description('Confirm a payment intent with a payment method')
+    .addCommand(new Command('attach')
+    .alias('confirm')
+    .description('Attach a payment method to a payment intent')
     .arguments('<intentId>')
     .option('-p, --payment-method <id>', 'Payment method ID to attach (required unless --simulate)')
     .option('-r, --return-url <url>', 'Return URL after payment processing')
@@ -40,7 +41,7 @@ command
     .option('-m, --method <method>', 'Payment method for simulation (gcash, maya, grabpay)')
     .option('-o, --outcome <outcome>', 'Simulation outcome (success, failure, timeout)', 'success')
     .option('-d, --delay <ms>', 'Custom simulation delay in milliseconds')
-    .action(confirmAction))
+    .action(attachAction))
     .addCommand(new Command('capture')
     .description('Capture an authorized payment intent')
     .arguments('<intentId>')
@@ -53,5 +54,5 @@ command
     .option('-r, --reason <reason>', 'Refund reason: duplicate, fraudulent, requested_by_customer')
     .option('-j, --json', 'Output as JSON')
     .action(refundAction));
-export { exportAction, importAction, listAction, showAction, createIntentAction, confirmAction, captureAction, refundAction, };
+export { exportAction, importAction, listAction, showAction, createIntentAction, attachAction, confirmAction, captureAction, refundAction, };
 export default command;

package/dist/commands/trigger/helpers.js

@@ -23,7 +23,7 @@ export const AVAILABLE_TRIGGER_EVENTS = [
     'link.payment.paid',
     'qrph.expired',
 ];
-export function buildSignatureHeader(config, webhookUrl, body) {
+export function buildSignatureHeader(config, webhookUrl, body, livemode) {
     if (!config?.webhookSecrets || Object.keys(config.webhookSecrets).length === 0) {
         return undefined;
     }
@@ -42,17 +42,19 @@ export function buildSignatureHeader(config, webhookUrl, body) {
         return undefined;
     }
     const timestamp = Math.floor(Date.now() / 1000).toString();
-    const signature = crypto.createHmac('sha256', secret).update(`${timestamp}.${body}`).digest('hex');
-    const parts = [`t=${timestamp}`, `te=${signature}`];
-    if (webhookId) {
-        parts.push(`li=${webhookId}`);
-    }
+    const signature = crypto
+        .createHmac('sha256', secret)
+        .update(`${timestamp}.${body}`)
+        .digest('hex');
+    const parts = [`t=${timestamp}`, livemode ? 'te=' : `te=${signature}`, livemode ? `li=${signature}` : 'li='];
     return parts.join(',');
 }
 export async function sendWebhookRequest(config, webhookUrl, payload) {
     const { request } = await import('undici');
     const body = JSON.stringify(payload);
-    const signatureHeader = buildSignatureHeader(config, webhookUrl, body);
+    const livemode = 'data' in payload &&
+        Boolean(payload.data.attributes?.livemode);
+    const signatureHeader = buildSignatureHeader(config, webhookUrl, body, livemode);
     return request(webhookUrl, {
         method: 'POST',
         headers: {

package/dist/commands/webhooks/actions.js

@@ -333,7 +333,7 @@ export async function listAction(options) {
         throw new CommandError();
     }
 }
-export async function deleteAction(id, options) {
+export async function disableAction(id, options) {
     const { spinner, configManager } = createWebhooksContext();
     try {
         const config = await loadWebhooksConfig(spinner, configManager);
@@ -342,18 +342,18 @@ export async function deleteAction(id, options) {
         }
         if (!options.yes) {
             const { confirm } = await import('@inquirer/prompts');
-            const shouldDelete = await confirm({
-                message: `This will permanently delete webhook ${id}. Continue?`,
+            const shouldDisable = await confirm({
+                message: `This will disable webhook ${id}. Continue?`,
                 default: false,
             });
-            if (!shouldDelete) {
-                console.log(chalk.yellow('Webhook deletion cancelled.'));
+            if (!shouldDisable) {
+                console.log(chalk.yellow('Webhook disable cancelled.'));
                 return;
             }
         }
-        spinner.start('Deleting webhook...');
-        await createApiClient(config).deleteWebhook(id);
-        spinner.succeed('Webhook deleted successfully');
+        spinner.start('Disabling webhook...');
+        await createApiClient(config).disableWebhook(id);
+        spinner.succeed('Webhook disabled successfully');
     }
     catch (error) {
         spinner.stop();
@@ -373,11 +373,38 @@ export async function deleteAction(id, options) {
             console.log(chalk.gray('• Use "paymongo webhooks list" to see available webhooks'));
         }
         else {
-            console.error(chalk.red('❌ Failed to delete webhook:'), err.message);
+            console.error(chalk.red('❌ Failed to disable webhook:'), err.message);
         }
         throw new CommandError();
     }
 }
+export async function enableAction(id) {
+    const { spinner, configManager } = createWebhooksContext();
+    try {
+        const config = await loadWebhooksConfig(spinner, configManager);
+        if (!config) {
+            return;
+        }
+        spinner.start('Enabling webhook...');
+        await createApiClient(config).enableWebhook(id);
+        spinner.succeed('Webhook enabled successfully');
+    }
+    catch (error) {
+        spinner.stop();
+        const err = error;
+        if (err.message.includes('API key') || err.message.includes('unauthorized')) {
+            console.error(chalk.red('❌ Authentication failed:'), err.message);
+        }
+        else if (err.message.includes('not found') || err.message.includes('404')) {
+            console.error(chalk.red('❌ Webhook not found:'), err.message);
+        }
+        else {
+            console.error(chalk.red('❌ Failed to enable webhook:'), err.message);
+        }
+        throw new CommandError();
+    }
+}
+export const deleteAction = disableAction;
 export async function showAction(id) {
     const { spinner, configManager } = createWebhooksContext();
     try {

package/dist/commands/webhooks.js

@@ -1,5 +1,5 @@
 import { Command } from 'commander';
-import { createAction, deleteAction, exportAction, importAction, listAction, showAction, } from './webhooks/actions.js';
+import { createAction, deleteAction, disableAction, enableAction, exportAction, importAction, listAction, showAction, } from './webhooks/actions.js';
 const command = new Command('webhooks')
     .description('Manage PayMongo webhooks')
     .addCommand(new Command('export')
@@ -23,14 +23,19 @@ const command = new Command('webhooks')
     .option('-s, --status <status>', 'Filter by status (enabled/disabled)')
     .option('-e, --events <events>', 'Filter by event type (e.g., payment, source)')
     .action(async (options) => listAction(options)))
-    .addCommand(new Command('delete')
-    .description('Delete a webhook')
-    .argument('<id>', 'Webhook ID to delete')
+    .addCommand(new Command('disable')
+    .alias('delete')
+    .description('Disable a webhook')
+    .argument('<id>', 'Webhook ID to disable')
     .option('-y, --yes', 'Skip confirmation prompt')
-    .action(async (id, options) => deleteAction(id, options)))
+    .action(async (id, options) => disableAction(id, options)))
+    .addCommand(new Command('enable')
+    .description('Enable a webhook')
+    .argument('<id>', 'Webhook ID to enable')
+    .action(async (id) => enableAction(id)))
     .addCommand(new Command('show')
     .description('Show webhook details')
     .argument('<id>', 'Webhook ID to show')
     .action(async (id) => showAction(id)));
-export { exportAction, importAction, createAction, listAction, deleteAction, showAction };
+export { exportAction, importAction, createAction, listAction, disableAction, enableAction, deleteAction, showAction, };
 export default command;

package/dist/index.js

@@ -43,13 +43,13 @@ EXAMPLES
     $ paymongo webhooks list                             # List all webhooks
     $ paymongo webhooks create                           # Create a new webhook interactively
     $ paymongo webhooks show wh_123                      # Show webhook details
-    $ paymongo webhooks delete wh_123                    # Delete a webhook
+    $ paymongo webhooks disable wh_123                   # Disable a webhook
 
   Payment Operations:
     $ paymongo payments list                             # List recent payments
     $ paymongo payments show pay_123                     # Show payment details
     $ paymongo payments create-intent --amount 10000     # Create payment intent for ₱100
-    $ paymongo payments confirm pi_123 --simulate        # Simulate payment confirmation
+    $ paymongo payments attach pi_123 --simulate         # Simulate payment method attachment
 
   Code Generation:
     $ paymongo generate webhook-handler                  # Generate webhook handler boilerplate

package/dist/services/api/client.js

@@ -219,12 +219,18 @@ export class ApiClient {
             },
         }).then((response) => response.data.data));
     }
-    async deleteWebhook(id) {
+    async disableWebhook(id) {
         await this.cache.invalidate(`webhook_${id}`);
         await this.cache.invalidate(`webhooks_${this.config.environment}`);
-        return withRetry(async () => {
-            await this.makeRequest('DELETE', `/v1/webhooks/${id}`);
-        });
+        return withRetry(() => this.makeRequest('POST', `/v1/webhooks/${id}/disable`).then((response) => response.data.data));
+    }
+    async enableWebhook(id) {
+        await this.cache.invalidate(`webhook_${id}`);
+        await this.cache.invalidate(`webhooks_${this.config.environment}`);
+        return withRetry(() => this.makeRequest('POST', `/v1/webhooks/${id}/enable`).then((response) => response.data.data));
+    }
+    async deleteWebhook(id) {
+        await this.disableWebhook(id);
     }
     async getPayment(id) {
         return withRetry(() => this.makeRequest('GET', `/v1/payments/${id}`).then((response) => response.data.data));
@@ -253,14 +259,14 @@ export class ApiClient {
             },
         }).then((response) => response.data.data));
     }
-    async confirmPaymentIntent(id, paymentMethodId, returnUrl) {
+    async attachPaymentIntent(id, paymentMethodId, returnUrl) {
         const attributes = {
             payment_method: paymentMethodId,
         };
         if (returnUrl !== undefined) {
             attributes.return_url = returnUrl;
         }
-        return withRetry(() => this.makeRequest('POST', `/v1/payment_intents/${id}/confirm`, {
+        return withRetry(() => this.makeRequest('POST', `/v1/payment_intents/${id}/attach`, {
             body: {
                 data: {
                     attributes,
@@ -268,6 +274,9 @@ export class ApiClient {
             },
         }).then((response) => response.data.data));
     }
+    async confirmPaymentIntent(id, paymentMethodId, returnUrl) {
+        return this.attachPaymentIntent(id, paymentMethodId, returnUrl);
+    }
     async capturePaymentIntent(id) {
         return withRetry(() => this.makeRequest('POST', `/v1/payment_intents/${id}/capture`).then((response) => response.data.data));
     }

package/dist/services/dev/process-manager.js

@@ -16,7 +16,9 @@ export class DevProcessManager {
             return JSON.parse(content);
         }
         catch (error) {
-            if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
+            if (error instanceof Error &&
+                'code' in error &&
+                error.code === 'ENOENT') {
                 return null;
             }
             return null;
@@ -27,7 +29,9 @@ export class DevProcessManager {
             await fs.unlink(STATE_FILE);
         }
         catch (error) {
-            if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
+            if (error instanceof Error &&
+                'code' in error &&
+                error.code === 'ENOENT') {
                 return;
             }
         }
@@ -62,11 +66,13 @@ export class DevProcessManager {
     static async readLogs(lines = 50) {
         try {
             const content = await fs.readFile(LOG_FILE, 'utf-8');
-            const allLines = content.split('\n').filter(line => line.trim());
+            const allLines = content.split('\n').filter((line) => line.trim());
             return allLines.slice(-lines);
         }
         catch (error) {
-            if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
+            if (error instanceof Error &&
+                'code' in error &&
+                error.code === 'ENOENT') {
                 return [];
             }
             return [];
@@ -77,7 +83,9 @@ export class DevProcessManager {
             await fs.writeFile(LOG_FILE, '');
         }
         catch (error) {
-            if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
+            if (error instanceof Error &&
+                'code' in error &&
+                error.code === 'ENOENT') {
                 return;
             }
         }

package/dist/services/dev/server.js

@@ -55,7 +55,7 @@ export class DevServer {
     async processWebhookBody(body, req, res) {
         try {
             const event = JSON.parse(body);
-            const signatureValid = this.verifyWebhookSignature(req, body);
+            const signatureValid = this.verifyWebhookSignature(req, body, event);
             if (!signatureValid) {
                 this.logger.failure('Webhook signature verification failed');
                 res.writeHead(401, { 'Content-Type': 'application/json' });
@@ -105,7 +105,7 @@ export class DevServer {
         }
         console.log(chalk.gray('└─'), `View: https://dashboard.paymongo.com/${eventType === 'payment' ? 'payments' : 'webhooks'}/${eventId}`);
     }
-    verifyWebhookSignature(req, body) {
+    verifyWebhookSignature(req, body, event) {
         if (!this.config.dev.verifyWebhookSignatures) {
             this.logger.warn('Webhook signature verification disabled in config');
             return true;
@@ -121,25 +121,16 @@ export class DevServer {
             return false;
         }
         const timestamp = signatureParts.find((part) => part.startsWith('t='))?.split('=')[1];
-        const signature = signatureParts.find((part) => part.startsWith('te='))?.split('=')[1];
+        const testSignature = signatureParts.find((part) => part.startsWith('te='))?.split('=')[1];
+        const liveSignature = signatureParts.find((part) => part.startsWith('li='))?.split('=')[1];
+        const livemode = Boolean(event?.data?.attributes?.livemode);
+        const signature = livemode ? liveSignature : testSignature || liveSignature;
         if (!timestamp || !signature) {
             this.logger.failure('Missing timestamp or signature in header');
             return false;
         }
-        const webhookId = signatureParts.find((part) => part.startsWith('li='))?.split('=')[1];
         const webhookSecrets = this.config.webhookSecrets || {};
-        const configuredSecret = webhookId ? webhookSecrets[webhookId] : undefined;
-        let secretKeys = [];
-        if (configuredSecret) {
-            secretKeys = [configuredSecret];
-        }
-        else {
-            secretKeys = Object.values(webhookSecrets).filter((secret) => typeof secret === 'string' && secret.length > 0);
-            if (webhookId && secretKeys.length > 0) {
-                this.logger.warning(`No webhook secret found for id ${webhookId}. Update your configuration.`);
-                return false;
-            }
-        }
+        const secretKeys = Object.values(webhookSecrets).filter((secret) => typeof secret === 'string' && secret.length > 0);
         if (secretKeys.length === 0) {
             this.logger.failure('Signature verification enabled but no webhook secrets are configured');
             return false;

package/dist/utils/constants.js

@@ -42,7 +42,7 @@ export const ERROR_MESSAGES = {
 export const SUCCESS_MESSAGES = {
     CONFIG_SAVED: 'Configuration saved successfully',
     WEBHOOK_CREATED: 'Webhook created successfully',
-    WEBHOOK_DELETED: 'Webhook deleted successfully',
+    WEBHOOK_DELETED: 'Webhook disabled successfully',
     LOGIN_SUCCESSFUL: 'Login successful',
     DEV_SERVER_STARTED: 'Development server started',
 };