npm - strapi-plugin-payone-provider - Versions diffs - 1.1.3 → 1.2.4 - Mend

strapi-plugin-payone-provider 1.1.3 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/README.md +1041 -377
package/admin/src/index.js +4 -1
package/admin/src/pages/App/components/AppHeader.js +37 -0
package/admin/src/pages/App/components/AppTabs.js +126 -0
package/admin/src/pages/App/components/ConfigurationPanel.js +34 -35
package/admin/src/pages/App/components/GooglePaybutton.js +300 -0
package/admin/src/pages/App/components/HistoryPanel.js +25 -38
package/admin/src/pages/App/components/PaymentActionsPanel.js +95 -280
package/admin/src/pages/App/components/TransactionHistoryItem.js +4 -1
package/admin/src/pages/App/components/paymentActions/AuthorizationForm.js +93 -0
package/admin/src/pages/App/components/paymentActions/CaptureForm.js +64 -0
package/admin/src/pages/App/components/paymentActions/PaymentMethodSelector.js +52 -0
package/admin/src/pages/App/components/paymentActions/PaymentResult.js +85 -0
package/admin/src/pages/App/components/paymentActions/PreauthorizationForm.js +93 -0
package/admin/src/pages/App/components/paymentActions/RefundForm.js +89 -0
package/admin/src/pages/App/index.js +41 -465
package/admin/src/pages/App/styles.css +294 -0
package/admin/src/pages/constants/paymentConstants.js +37 -0
package/admin/src/pages/hooks/usePaymentActions.js +271 -0
package/admin/src/pages/hooks/useSettings.js +111 -0
package/admin/src/pages/hooks/useTransactionHistory.js +87 -0
package/admin/src/pages/utils/api.js +10 -0
package/admin/src/pages/utils/injectGooglePayScript.js +31 -0
package/admin/src/pages/utils/paymentUtils.js +113 -13
package/package.json +1 -1
package/server/controllers/payone.js +71 -64
package/server/routes/index.js +17 -0
package/server/services/paymentService.js +214 -0
package/server/services/payone.js +25 -648
package/server/services/settingsService.js +59 -0
package/server/services/testConnectionService.js +190 -0
package/server/services/transactionService.js +114 -0
package/server/utils/normalize.js +51 -0
package/server/utils/paymentMethodParams.js +126 -0
package/server/utils/requestBuilder.js +110 -0
package/server/utils/responseParser.js +80 -0

package/README.md CHANGED Viewed

@@ -10,13 +10,8 @@ A comprehensive Strapi plugin that integrates the Payone payment gateway into yo
 - [Configuration](#configuration)
 - [Getting Started](#getting-started)
 - [Usage](#usage)
-  - [Admin Panel](#admin-panel)
-  - [API Endpoints](#api-endpoints)
+- [Payment Methods & Operations](#-payment-methods--operations)
 - [Supported Payment Methods](#supported-payment-methods)
-- [Payment Operations](#payment-operations)
-- [Transaction History](#transaction-history)
-- [Troubleshooting](#troubleshooting)
-- [License](#license)
 ## ✨ Features
@@ -24,8 +19,8 @@ A comprehensive Strapi plugin that integrates the Payone payment gateway into yo
 - **Payment Operations**:
   - Preauthorization (reserve funds)
   - Authorization (immediate charge)
-  - Capture (complete preauthorized transactions) — currently Credit Card only
-  - Refund (return funds to customers) — currently Credit Card only
+  - Capture (complete preauthorized transactions)
+  - Refund (return funds to customers)
 - **Admin Panel**:
   - Easy configuration interface
   - Transaction history viewer with filtering
@@ -57,7 +52,7 @@ You will need the following credentials from your Payone account:
 ## 📦 Installation
-### Option 1: Install from npm
+### Install from npm
 ```bash
 # Using npm
@@ -70,80 +65,6 @@ yarn add strapi-plugin-payone-provider
 pnpm add strapi-plugin-payone-provider
 ```
-### Option 2: Install from Git
-```bash
-# Using npm
-npm install git+https://github.com/your-repo/strapi-plugin-payone-provider.git
-# Using yarn
-yarn add git+https://github.com/your-repo/strapi-plugin-payone-provider.git
-# Using pnpm
-pnpm add git+https://github.com/your-repo/strapi-plugin-payone-provider.git
-```
-### Option 3: Manual Installation (Local Development)
-1. Clone or copy the plugin folder to your Strapi project's `src/plugins/` directory:
-```bash
-# From your Strapi project root
-mkdir -p src/plugins
-cp -r /path/to/strapi-plugin-payone src/plugins/
-```
-2. Install the plugin dependencies:
-```bash
-# Using npm
-npm install
-# Using yarn
-yarn install
-# Using pnpm
-pnpm install
-```
-3. Enable the plugin by adding it to your `config/plugins.js` (or `config/plugins.ts`):
-```javascript
-module.exports = {
-  // ... other plugins
-  'strapi-plugin-payone-provider': {
-    enabled: true,
-    resolve: './src/plugins/strapi-plugin-payone',
-  },
-};
-```
-4. Rebuild your Strapi admin panel:
-```bash
-# Using npm
-npm run build
-# Using yarn
-yarn build
-# Using pnpm
-pnpm build
-```
-5. Restart your Strapi application:
-```bash
-# Using npm
-npm run develop
-# Using yarn
-yarn develop
-# Using pnpm
-pnpm develop
-```
 ## ⚙️ Configuration
 After installation, you need to configure your Payone credentials:
@@ -163,50 +84,6 @@ After installation, you need to configure your Payone credentials:
 5. Click **"Test Connection"** to verify your credentials
 6. Click **"Save Configuration"** to store your settings
-### Manual Configuration (Alternative)
-You can also configure the plugin programmatically by adding settings to your `config/plugins.js`:
-```javascript
-module.exports = {
-  'strapi-plugin-payone-provider': {
-    enabled: true,
-    resolve: './src/plugins/strapi-plugin-payone',
-    config: {
-      settings: {
-        aid: 'YOUR_ACCOUNT_ID',
-        portalid: 'YOUR_PORTAL_ID',
-        mid: 'YOUR_MERCHANT_ID',
-        key: 'YOUR_PORTAL_KEY',
-        mode: 'test', // or 'live'
-        api_version: '3.10',
-      },
-    },
-  },
-};
-```
-> ⚠️ **Security Warning**: Never commit your production credentials to version control. Use environment variables instead:
-```javascript
-module.exports = {
-  'strapi-plugin-payone-provider': {
-    enabled: true,
-    resolve: './src/plugins/strapi-plugin-payone',
-    config: {
-      settings: {
-        aid: process.env.PAYONE_AID,
-        portalid: process.env.PAYONE_PORTAL_ID,
-        mid: process.env.PAYONE_MID,
-        key: process.env.PAYONE_KEY,
-        mode: process.env.PAYONE_MODE || 'test',
-        api_version: '3.10',
-      },
-    },
-  },
-};
-```
 ## 🚀 Getting Started
 ### 1. Test Your Connection
@@ -221,65 +98,62 @@ After configuring your credentials:
 ### 2. Try a Test Payment
 1. Go to the **Payment Actions** tab
-2. Try a **Preauthorization** operation (currently test UI supports Credit Card only):
+2. Try a **Preauthorization** operation:
    - Amount: 1000 (equals 10.00 EUR in cents)
    - Reference: Leave empty for auto-generation
    - Click **"Execute Preauthorization"**
 3. Check the **Transaction History** tab to see the logged transaction
-### 3. Review Transaction History
-1. Navigate to the **Transaction History** tab
-2. View all payment operations
-3. Use filters to search for specific transactions
-4. Click on any transaction to view full details
 ## 📖 Usage
-### Admin Panel
+### Base URL
-The plugin adds a new menu item **"Payone Provider"** to your Strapi admin panel with three tabs:
+All API endpoints are available at:
-#### 1. Configuration Tab
+**Content API (Frontend)**: `/api/strapi-plugin-payone-provider`
-- Configure Payone API credentials
-- Test connection to Payone servers
-- Switch between test and live modes
+**Admin API**: `/strapi-plugin-payone-provider`
-#### 2. Transaction History Tab
+> ⚠️ **Authentication Required**: All endpoints require authentication. Include your Bearer token in the Authorization header.
-- View all payment transactions
-- Filter by status, type, transaction ID, reference, or date range
-- View detailed request/response data for each transaction
-- Pagination support for large transaction lists
+### Common Request Headers
+```javascript
+{
+  "Content-Type": "application/json",
+  "Authorization": "Bearer YOUR_AUTH_TOKEN"
+}
+```
-#### 3. Payment Actions Tab
+### Common Response Fields
-- Test payment operations without writing code
-- Execute preauthorizations, authorizations, captures, and refunds
-- View real-time results and error messages
+All responses include:
-### API Endpoints
+- `status`: Transaction status (APPROVED, ERROR, REDIRECT, etc.)
+- `txid`: Transaction ID (for successful transactions)
+- `errorcode`: Error code (if status is ERROR)
+- `errormessage`: Error message (if status is ERROR)
-The plugin provides REST API endpoints for programmatic access:
+---
-#### Content API Endpoints (Public with Auth Policy)
+## 💳 Payment Methods & Operations
-All content API endpoints require authentication via the `isAuth` policy. These are meant for your frontend application.
+### Credit Card
-Base URL: `/api/strapi-plugin-payone-provider`
+<details>
+<summary><strong>Credit Card Payment Method</strong></summary>
-##### POST `/api/strapi-plugin-payone-provider/preauthorization`
+#### Preauthorization
-Reserve funds on a customer's card without immediate charge.
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
-**Request Body:**
+**Request Body**:
 ```json
 {
   "amount": 1000,
   "currency": "EUR",
-  "reference": "ORDER-12345",
+  "reference": "PAY1234567890ABCDEF",
   "clearingtype": "cc",
   "cardtype": "V",
   "cardpan": "4111111111111111",
@@ -287,15 +161,24 @@ Reserve funds on a customer's card without immediate charge.
   "cardcvc2": "123",
   "firstname": "John",
   "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
   "street": "Main Street 123",
   "zip": "12345",
   "city": "Berlin",
   "country": "DE",
-  "email": "john.doe@example.com"
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
 }
 ```
-**Response:**
+**Response**:
 ```json
 {
@@ -307,316 +190,1097 @@ Reserve funds on a customer's card without immediate charge.
 }
 ```
-##### POST `/api/strapi-plugin-payone-provider/authorization`
+#### Authorization
-Immediately charge a customer's card.
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "cc",
+  "cardtype": "V",
+  "cardpan": "4111111111111111",
+  "cardexpiredate": "2512",
+  "cardcvc2": "123",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-**Request Body:** (Same as preauthorization)
+**Response**:
-> Note: For redirect-based methods (PayPal, Online Banking) you must provide `successurl`, `errorurl`, and `backurl`. The plugin will auto-fill safe defaults when missing, using `settings.return_base` or `PAYONE_RETURN_BASE`/`FRONTEND_URL`/`NEXT_PUBLIC_SITE_URL`.
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
+  }
+}
+```
-##### POST `/api/strapi-plugin-payone-provider/capture`
+#### Capture
-Complete a preauthorized transaction and capture the funds.
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
-**Request Body:**
+**Request Body**:
 ```json
 {
   "txid": "123456789",
   "amount": 1000,
-  "currency": "EUR"
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
 }
 ```
-##### POST `/api/strapi-plugin-payone-provider/refund`
+#### Refund
-Refund a captured transaction.
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
-**Request Body:**
+**Request Body**:
 ```json
 {
   "txid": "123456789",
   "amount": -1000,
   "currency": "EUR",
-  "reference": "REFUND-12345",
+  "reference": "REF1234567890ABCDEF",
   "sequencenumber": 2
 }
 ```
-#### Admin API Endpoints
-These endpoints require admin authentication and are available at `/strapi-plugin-payone-provider/`.
-- `GET /strapi-plugin-payone-provider/settings` - Get current settings
-- `PUT /strapi-plugin-payone-provider/settings` - Update settings
-- `GET /strapi-plugin-payone-provider/transaction-history` - Get transaction history
-- `POST /strapi-plugin-payone-provider/test-connection` - Test Payone connection
-- All payment operation endpoints (same as content API)
+**Response**:
-### JavaScript/TypeScript Usage Example
-```javascript
-// In your frontend application
-import axios from 'axios';
-const processPayment = async (orderData) => {
-  try {
-    // Step 1: Preauthorize the payment
-    const preauth = await axios.post(
-      'http://localhost:1337/api/strapi-plugin-payone-provider/preauthorization',
-      {
-        amount: orderData.amount, // in cents, e.g., 1000 = 10.00 EUR
-        currency: 'EUR',
-        reference: orderData.orderId,
-        clearingtype: 'cc',
-        cardtype: 'V', // Visa
-        cardpan: orderData.cardNumber,
-        cardexpiredate: orderData.cardExpiry, // YYMM format
-        cardcvc2: orderData.cardCvc,
-        firstname: orderData.firstName,
-        lastname: orderData.lastName,
-        street: orderData.street,
-        zip: orderData.zip,
-        city: orderData.city,
-        country: orderData.country,
-        email: orderData.email,
-      },
-      {
-        headers: {
-          Authorization: `Bearer ${yourAuthToken}`,
-        },
-      }
-    );
-    if (preauth.data.data.status === 'APPROVED') {
-      const txid = preauth.data.data.txid;
-      // Step 2: Capture the preauthorized amount
-      const capture = await axios.post(
-        'http://localhost:1337/api/strapi-plugin-payone-provider/capture',
-        {
-          txid: txid,
-          amount: orderData.amount,
-          currency: 'EUR',
-        },
-        {
-          headers: {
-            Authorization: `Bearer ${yourAuthToken}`,
-          },
-        }
-      );
-      return {
-        success: true,
-        transactionId: txid,
-      };
-    }
-  } catch (error) {
-    console.error('Payment failed:', error);
-    return {
-      success: false,
-      error: error.message,
-    };
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
   }
-};
+}
 ```
-## 💳 Payment Operations
-## ✅ Supported Payment Methods
+</details>
-The plugin supports the following Payone clearing types. Required fields are listed per method. All methods also require the common customer and address fields shown below.
+---
-Common required fields (all methods):
+### PayPal
-- `amount` (in cents), `currency`, `reference` (max 20 chars; auto-normalized)
-- `firstname`, `lastname`, `email`, `telephonenumber`
-- `street`, `zip`, `city`, `country`
+<details>
+<summary><strong>PayPal Payment Method</strong></summary>
-Credit Card (`clearingtype = cc`):
+#### Preauthorization
-- Required: `cardtype` (V/M/A...), `cardpan`, `cardexpiredate` (MMyy), `cardcvc2`
-- Operations: preauthorization, authorization, capture, refund
-- Test payment in Admin currently supported for Credit Card only
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
-PayPal Wallet (`clearingtype = wlt`, `wallettype = PPE`):
+**Request Body**:
-- Required: `successurl`, `errorurl`, `backurl` (redirect URLs)
-- Recommended shipping fields: `shipping_firstname`, `shipping_lastname`, `shipping_street`, `shipping_zip`, `shipping_city`, `shipping_country`
-- Operations: preauthorization, authorization (capture/refund roadmap)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "PPE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-SEPA Direct Debit (`clearingtype = elv`):
+**Response**:
-- Required: `iban`, `bic`, `bankaccountholder`, `bankcountry`
-- Operations: preauthorization, authorization (capture/refund roadmap)
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
-Online Banking/PNT (`clearingtype = sb`):
+#### Authorization
-- Required: `onlinebanktransfertype` (e.g. `PNT`), `bankcountry`, redirect URLs (`successurl`, `errorurl`, `backurl`)
-- Operations: authorization (capture/refund roadmap)
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-Notes:
+**Request Body**: (Same as Preauthorization)
-- The plugin normalizes `reference` server-side to comply with Payone (alphanumeric only, max 20 chars, auto-generated fallback).
-- For redirect flows, the plugin auto-fills redirect URLs when missing using a base URL from settings or environment.
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "PPE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-### Preauthorization vs Authorization
+**Response**:
-- **Preauthorization**: Reserves funds on the customer's card but doesn't charge it immediately. Use this when you need to verify funds availability before fulfilling an order (e.g., hotel bookings, rentals). You must later call "Capture" to actually charge the card.
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
-- **Authorization**: Immediately charges the customer's card. Use this for instant payments (e.g., e-commerce purchases).
+#### Capture
-### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
-After a successful preauthorization, you must capture the transaction to receive the funds. Captures can be:
+**Request Body**:
-- **Full capture**: Capture the entire preauthorized amount
-- **Partial capture**: Capture less than the preauthorized amount
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1,
+  "capturemode": "full"
+}
+```
-### Refund
+**Response**:
-Refunds return money to the customer. Important notes:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-- Amount must be negative (e.g., -1000 for 10.00 EUR)
-- Requires a valid transaction ID (txid)
-- Requires a sequence number (start with 2, increment for each additional refund on same transaction)
+#### Refund
-> Current limitation: Capture and Refund are implemented for Credit Card only. Support for PayPal/SEPA/Online Banking will be added in future updates.
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
-## 📊 Transaction History
+**Request Body**:
-All payment operations are automatically logged to the transaction history. Each entry includes:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
-- **Transaction ID (txid)**: Payone's unique transaction identifier
-- **Reference**: Your custom order/payment reference
-- **Type**: Operation type (authorization, preauthorization, capture, refund)
-- **Amount**: Transaction amount in cents
-- **Currency**: Currency code (EUR, USD, etc.)
-- **Status**: APPROVED, ERROR, REDIRECT, etc.
-- **Timestamp**: When the transaction occurred
-- **Raw Request/Response**: Complete API request and response data for debugging
+**Response**:
-### Filtering Transactions
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-Use the filters in the Transaction History tab to find specific transactions:
+</details>
-- **Status**: Filter by APPROVED, ERROR, etc.
-- **Type**: Filter by operation type
-- **Transaction ID**: Search by specific txid
-- **Reference**: Search by your order reference
-- **Date Range**: Filter by date
+---
-## 🔍 Troubleshooting
+### Google Pay
-### Connection Test Fails
+<details>
+<summary><strong>Google Pay Payment Method</strong></summary>
-**Problem**: "Authentication failed" or "Invalid credentials"
+#### Overview
-**Solutions**:
+Google Pay integration requires obtaining an encrypted payment token from Google Pay API and sending it to Payone. The token must be Base64 encoded before sending to Payone.
-1. Verify your AID, Portal ID, Merchant ID, and Portal Key are correct
-2. Ensure you're using the correct mode (test/live)
-3. Check that your Payone account is active and not suspended
-4. Verify the Portal Key is the MD5 hash key from your Payone PMI
+#### Getting Google Pay Token
-### Payment Gets Rejected
+**1. Include Google Pay Script**
-**Problem**: Transactions return ERROR status
+```html
+<script async src="https://pay.google.com/gp/p/js/pay.js"></script>
+```
-**Common Causes**:
+**2. Initialize Google Pay**
-1. **Invalid card data**: Check card number, expiry date, and CVC
-2. **Insufficient funds**: Test cards may have limits
-3. **Duplicate reference**: Each transaction needs a unique reference
-4. **Missing required fields**: Ensure all required customer data is provided
-5. **Test mode restrictions**: Some features may be limited in test mode
+```javascript
+const paymentsClient = new google.payments.api.PaymentsClient({
+  environment: 'TEST', // or "PRODUCTION" for live
+});
-**Debug Steps**:
+const baseRequest = {
+  apiVersion: 2,
+  apiVersionMinor: 0,
+};
-1. Check the Transaction History for error codes and messages
-2. Review the raw response data for detailed error information
-3. Consult the Payone API documentation for error code meanings
-4. Check your Strapi server logs for detailed error traces
+const allowedCardNetworks = ['MASTERCARD', 'VISA'];
+const allowedAuthMethods = ['PAN_ONLY', 'CRYPTOGRAM_3DS'];
-### Plugin Not Appearing in Admin
+const tokenizationSpecification = {
+  type: 'PAYMENT_GATEWAY',
+  parameters: {
+    gateway: 'payonegmbh',
+    gatewayMerchantId: 'YOUR_PAYONE_MERCHANT_ID', // Use your Payone MID or Portal ID
+  },
+};
-**Problem**: Payone Provider menu item doesn't appear
+const cardPaymentMethod = {
+  type: 'CARD',
+  parameters: {
+    allowedCardNetworks,
+    allowedAuthMethods,
+  },
+  tokenizationSpecification,
+};
-**Solutions**:
+const isReadyToPayRequest = Object.assign({}, baseRequest);
+isReadyToPayRequest.allowedPaymentMethods = [cardPaymentMethod];
-1. Ensure the plugin is enabled in `config/plugins.js`
-2. Run `npm run build` to rebuild the admin panel
-3. Clear your browser cache and refresh
-4. Restart your Strapi server
-5. Check browser console for JavaScript errors
+paymentsClient.isReadyToPay(isReadyToPayRequest).then(function (response) {
+  if (response.result) {
+    // Google Pay is available, show button
+  }
+});
+```
-### API Requests Return 403 Forbidden
+**3. Create Payment Button and Get Token**
-**Problem**: Content API endpoints return authorization errors
+```javascript
+const paymentDataRequest = Object.assign({}, baseRequest);
+paymentDataRequest.allowedPaymentMethods = [cardPaymentMethod];
+paymentDataRequest.transactionInfo = {
+  totalPriceStatus: 'FINAL',
+  totalPrice: '10.00',
+  currencyCode: 'EUR',
+};
+paymentDataRequest.merchantInfo = {
+  merchantId: 'YOUR_GOOGLE_MERCHANT_ID', // Optional: from Google Console
+  merchantName: 'Your Merchant Name',
+};
-**Solutions**:
+const button = paymentsClient.createButton({
+  onClick: async () => {
+    try {
+      const paymentData = await paymentsClient.loadPaymentData(paymentDataRequest);
+      const token = paymentData.paymentMethodData.tokenizationData.token;
-1. Ensure you're sending a valid authentication token
-2. Check that the `isAuth` policy is properly configured
-3. Verify your user has the necessary permissions
-4. Review Strapi's role and permissions settings
+      // Token is a JSON string, encode it to Base64 for Payone
+      const base64Token = btoa(unescape(encodeURIComponent(token)));
-### Transactions Not Logging
+      // Send to your backend
+      await fetch('/api/strapi-plugin-payone-provider/preauthorization', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Authorization: 'Bearer YOUR_TOKEN',
+        },
+        body: JSON.stringify({
+          amount: 1000,
+          currency: 'EUR',
+          reference: 'PAY1234567890ABCDEF',
+          googlePayToken: base64Token,
+        }),
+      });
+    } catch (error) {
+      console.error('Google Pay error:', error);
+    }
+  },
+});
-**Problem**: Transaction history is empty
+document.getElementById('google-pay-button').appendChild(button);
+```
-**Solutions**:
+**Token Format**
-1. Check that requests are actually reaching Payone (check server logs)
-2. Verify database write permissions
-3. Check for JavaScript errors in the browser console
-4. Ensure the plugin store is accessible
+The token from Google Pay is a JSON string with the following structure:
-## 🔐 Security Best Practices
+```json
+{
+  "signature": "MEUCIFr4ETGzv0uLZX3sR+i1ScARXnRBrncyYFDX/TI/VSLCAiEAvC/Q4dqXMQhwcSdg/ZvXj8+up0wXsfHja3V/6z48/vk=",
+  "intermediateSigningKey": {
+    "signedKey": "{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7PWUi+e6WPUhNmTSQ2WN006oWlcWy0FtBWizw9sph1wvX9XcXUNRLcfcsmCBfI5IsKQkjAmYxpCSB+L5sIudLw\\u003d\\u003d\",\"keyExpiration\":\"1722393105282\"}",
+    "signatures": ["MEUCIQCpU30A3g2pP93IBE5NxgO9ZcJlGF9YPzCZS7H4/IR1CQIgF6+I5t8olT8YsRDUcj7w3R1bvX4ZCcyFXE2+YXa+3H0="]
+  },
+  "protocolVersion": "ECv2",
+  "signedMessage": "{\"encryptedMessage\":\"...\",\"ephemeralPublicKey\":\"...\",\"tag\":\"...\"}"
+}
+```
-1. **Never expose your Portal Key**: Keep it secure and never commit it to version control
-2. **Use environment variables**: Store credentials in `.env` files (excluded from git)
-3. **Enable HTTPS**: Always use HTTPS in production for API requests
-4. **Validate user input**: Always validate and sanitize payment data on the server side
-5. **Use test mode**: Test thoroughly in test mode before going live
-6. **Monitor transactions**: Regularly review transaction history for suspicious activity
-7. **PCI Compliance**: If handling card data directly, ensure PCI DSS compliance
+**Important**: The token must be Base64 encoded before sending to Payone.
-## 📝 License
+#### Preauthorization
-MIT
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
-## 🤝 Support
+**Request Body**:
-If you encounter issues or need help:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "GGP",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "googlePayToken": "BASE64_ENCODED_TOKEN",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-1. Check this README thoroughly
-2. Review your Strapi server logs
-3. Consult the [Payone API Documentation](https://docs.payone.com/)
-4. Check the Transaction History for detailed error messages
+**Payone Request Parameters** (automatically added by plugin):
-## 🔄 Updates
+```json
+{
+  "request": "preauthorization",
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "GGP",
+  "add_paydata[paymentmethod_token_data]": "BASE64_ENCODED_TOKEN",
+  "add_paydata[paymentmethod]": "GGP",
+  "add_paydata[paymentmethod_type]": "GOOGLEPAY",
+  "add_paydata[gatewayid]": "payonegmbh",
+  "add_paydata[gateway_merchantid]": "YOUR_PAYONE_MERCHANT_ID",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back"
+}
+```
-To update the plugin:
+**Response**:
-```bash
-# Using npm
-npm update strapi-plugin-payone-provider
-npm run build
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-# Using yarn
-yarn upgrade strapi-plugin-payone-provider
-yarn build
+#### Authorization
-# Using pnpm
-pnpm update strapi-plugin-payone-provider
-pnpm build
-```
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-Then restart your Strapi application.
+**Request Body**: (Same as Preauthorization, include `googlePayToken`)
----
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "GGP",
+  "googlePayToken": "BASE64_ENCODED_TOKEN",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Required Parameters for Google Pay
+- `clearingtype`: Must be `"wlt"` (wallet)
+- `wallettype`: Must be `"GGP"` (Google Pay)
+- `add_paydata[paymentmethod_token_data]`: Base64 encoded Google Pay token (automatically added by plugin)
+- `add_paydata[paymentmethod]`: `"GGP"` (automatically added by plugin)
+- `add_paydata[paymentmethod_type]`: `"GOOGLEPAY"` (automatically added by plugin)
+- `add_paydata[gatewayid]`: `"payonegmbh"` (automatically added by plugin)
+- `add_paydata[gateway_merchantid]`: Your Payone Merchant ID (automatically added by plugin)
+- Shipping address parameters (required for wallet payments)
+</details>
+---
+### Apple Pay
+<details>
+<summary><strong>Apple Pay Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "APL",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "APL",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1,
+  "capturemode": "full"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+</details>
+---
+### SEPA Direct Debit
+<details>
+<summary><strong>SEPA Direct Debit Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "elv",
+  "iban": "DE89370400440532013000",
+  "bic": "COBADEFFXXX",
+  "bankaccountholder": "John Doe",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "elv",
+  "iban": "DE89370400440532013000",
+  "bic": "COBADEFFXXX",
+  "bankaccountholder": "John Doe",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+</details>
+---
+### Sofort Banking
+<details>
+<summary><strong>Sofort Banking Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "sb",
+  "onlinebanktransfertype": "PNT",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "sb",
+  "onlinebanktransfertype": "PNT",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+</details>
+---
+## ✅ Supported Payment Methods
+Click on any payment method to see detailed API documentation:
+- [Credit Card](#credit-card)
+- [PayPal](#paypal)
+- [Google Pay](#google-pay)
+- [Apple Pay](#apple-pay)
+- [SEPA Direct Debit](#sepa-direct-debit)
+- [Sofort Banking](#sofort-banking)
+---
+## 📝 Notes
+### Important Parameters
+- **amount**: Always in cents (e.g., 1000 = 10.00 EUR)
+- **reference**: Max 20 characters, alphanumeric only. Auto-normalized by the plugin.
+- **cardexpiredate**: Format is YYMM (e.g., "2512" = December 2025)
+- **sequencenumber**: Start with 1 for capture, 2 for first refund, increment for subsequent refunds
+- **Refund amount**: Must be negative (e.g., -1000 for 10.00 EUR refund)
+### Redirect URLs
+For redirect-based payment methods (PayPal, Google Pay, Apple Pay, Sofort), you must provide:
+- `successurl`: URL to redirect after successful payment
+- `errorurl`: URL to redirect after payment error
+- `backurl`: URL to redirect if user cancels payment
+### Preauthorization vs Authorization
+- **Preauthorization**: Reserves funds but doesn't charge immediately. Requires a Capture call later.
+- **Authorization**: Immediately charges the customer's payment method.
+### Capture Mode
+For wallet payments (PayPal, Google Pay, Apple Pay), you can specify:
-**Made with ❤️ for Strapi**
+- `capturemode: "full"`: Capture the entire preauthorized amount
+- `capturemode: "partial"`: Capture less than the preauthorized amount