npm - strapi-plugin-payone-provider - Versions diffs - 1.1.3 → 1.3.0 - Mend

strapi-plugin-payone-provider 1.1.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.md +1156 -380
package/admin/src/index.js +4 -1
package/admin/src/pages/App/components/AppHeader.js +37 -0
package/admin/src/pages/App/components/AppTabs.js +134 -0
package/admin/src/pages/App/components/ConfigurationPanel.js +34 -35
package/admin/src/pages/App/components/GooglePaybutton.js +300 -0
package/admin/src/pages/App/components/HistoryPanel.js +25 -38
package/admin/src/pages/App/components/PaymentActionsPanel.js +119 -280
package/admin/src/pages/App/components/StatusBadge.js +3 -1
package/admin/src/pages/App/components/TransactionHistoryItem.js +4 -1
package/admin/src/pages/App/components/paymentActions/AuthorizationForm.js +122 -0
package/admin/src/pages/App/components/paymentActions/CaptureForm.js +64 -0
package/admin/src/pages/App/components/paymentActions/CardDetailsInput.js +189 -0
package/admin/src/pages/App/components/paymentActions/PaymentMethodSelector.js +52 -0
package/admin/src/pages/App/components/paymentActions/PaymentResult.js +148 -0
package/admin/src/pages/App/components/paymentActions/PreauthorizationForm.js +122 -0
package/admin/src/pages/App/components/paymentActions/RefundForm.js +89 -0
package/admin/src/pages/App/index.js +41 -465
package/admin/src/pages/App/styles.css +294 -0
package/admin/src/pages/constants/paymentConstants.js +37 -0
package/admin/src/pages/hooks/usePaymentActions.js +456 -0
package/admin/src/pages/hooks/useSettings.js +111 -0
package/admin/src/pages/hooks/useTransactionHistory.js +87 -0
package/admin/src/pages/utils/api.js +10 -0
package/admin/src/pages/utils/injectGooglePayScript.js +31 -0
package/admin/src/pages/utils/paymentUtils.js +119 -15
package/package.json +1 -1
package/server/controllers/payone.js +71 -64
package/server/routes/index.js +17 -0
package/server/services/paymentService.js +271 -0
package/server/services/payone.js +25 -648
package/server/services/settingsService.js +59 -0
package/server/services/testConnectionService.js +190 -0
package/server/services/transactionService.js +114 -0
package/server/utils/normalize.js +51 -0
package/server/utils/paymentMethodParams.js +126 -0
package/server/utils/requestBuilder.js +121 -0
package/server/utils/responseParser.js +134 -0

package/README.md CHANGED Viewed

@@ -10,13 +10,9 @@ A comprehensive Strapi plugin that integrates the Payone payment gateway into yo
 - [Configuration](#configuration)
 - [Getting Started](#getting-started)
 - [Usage](#usage)
-  - [Admin Panel](#admin-panel)
-  - [API Endpoints](#api-endpoints)
+- [3D Secure (3DS) Authentication](#-3d-secure-3ds-authentication)
+- [Payment Methods & Operations](#-payment-methods--operations)
 - [Supported Payment Methods](#supported-payment-methods)
-- [Payment Operations](#payment-operations)
-- [Transaction History](#transaction-history)
-- [Troubleshooting](#troubleshooting)
-- [License](#license)
 ## ✨ Features
@@ -24,8 +20,8 @@ A comprehensive Strapi plugin that integrates the Payone payment gateway into yo
 - **Payment Operations**:
   - Preauthorization (reserve funds)
   - Authorization (immediate charge)
-  - Capture (complete preauthorized transactions) — currently Credit Card only
-  - Refund (return funds to customers) — currently Credit Card only
+  - Capture (complete preauthorized transactions)
+  - Refund (return funds to customers)
 - **Admin Panel**:
   - Easy configuration interface
   - Transaction history viewer with filtering
@@ -57,7 +53,7 @@ You will need the following credentials from your Payone account:
 ## 📦 Installation
-### Option 1: Install from npm
+### Install from npm
 ```bash
 # Using npm
@@ -70,80 +66,6 @@ yarn add strapi-plugin-payone-provider
 pnpm add strapi-plugin-payone-provider
 ```
-### Option 2: Install from Git
-```bash
-# Using npm
-npm install git+https://github.com/your-repo/strapi-plugin-payone-provider.git
-# Using yarn
-yarn add git+https://github.com/your-repo/strapi-plugin-payone-provider.git
-# Using pnpm
-pnpm add git+https://github.com/your-repo/strapi-plugin-payone-provider.git
-```
-### Option 3: Manual Installation (Local Development)
-1. Clone or copy the plugin folder to your Strapi project's `src/plugins/` directory:
-```bash
-# From your Strapi project root
-mkdir -p src/plugins
-cp -r /path/to/strapi-plugin-payone src/plugins/
-```
-2. Install the plugin dependencies:
-```bash
-# Using npm
-npm install
-# Using yarn
-yarn install
-# Using pnpm
-pnpm install
-```
-3. Enable the plugin by adding it to your `config/plugins.js` (or `config/plugins.ts`):
-```javascript
-module.exports = {
-  // ... other plugins
-  'strapi-plugin-payone-provider': {
-    enabled: true,
-    resolve: './src/plugins/strapi-plugin-payone',
-  },
-};
-```
-4. Rebuild your Strapi admin panel:
-```bash
-# Using npm
-npm run build
-# Using yarn
-yarn build
-# Using pnpm
-pnpm build
-```
-5. Restart your Strapi application:
-```bash
-# Using npm
-npm run develop
-# Using yarn
-yarn develop
-# Using pnpm
-pnpm develop
-```
 ## ⚙️ Configuration
 After installation, you need to configure your Payone credentials:
@@ -163,50 +85,6 @@ After installation, you need to configure your Payone credentials:
 5. Click **"Test Connection"** to verify your credentials
 6. Click **"Save Configuration"** to store your settings
-### Manual Configuration (Alternative)
-You can also configure the plugin programmatically by adding settings to your `config/plugins.js`:
-```javascript
-module.exports = {
-  'strapi-plugin-payone-provider': {
-    enabled: true,
-    resolve: './src/plugins/strapi-plugin-payone',
-    config: {
-      settings: {
-        aid: 'YOUR_ACCOUNT_ID',
-        portalid: 'YOUR_PORTAL_ID',
-        mid: 'YOUR_MERCHANT_ID',
-        key: 'YOUR_PORTAL_KEY',
-        mode: 'test', // or 'live'
-        api_version: '3.10',
-      },
-    },
-  },
-};
-```
-> ⚠️ **Security Warning**: Never commit your production credentials to version control. Use environment variables instead:
-```javascript
-module.exports = {
-  'strapi-plugin-payone-provider': {
-    enabled: true,
-    resolve: './src/plugins/strapi-plugin-payone',
-    config: {
-      settings: {
-        aid: process.env.PAYONE_AID,
-        portalid: process.env.PAYONE_PORTAL_ID,
-        mid: process.env.PAYONE_MID,
-        key: process.env.PAYONE_KEY,
-        mode: process.env.PAYONE_MODE || 'test',
-        api_version: '3.10',
-      },
-    },
-  },
-};
-```
 ## 🚀 Getting Started
 ### 1. Test Your Connection
@@ -221,65 +99,91 @@ After configuring your credentials:
 ### 2. Try a Test Payment
 1. Go to the **Payment Actions** tab
-2. Try a **Preauthorization** operation (currently test UI supports Credit Card only):
+2. Try a **Preauthorization** operation:
    - Amount: 1000 (equals 10.00 EUR in cents)
    - Reference: Leave empty for auto-generation
    - Click **"Execute Preauthorization"**
 3. Check the **Transaction History** tab to see the logged transaction
-### 3. Review Transaction History
+## 📖 Usage
-1. Navigate to the **Transaction History** tab
-2. View all payment operations
-3. Use filters to search for specific transactions
-4. Click on any transaction to view full details
+### Base URL
-## 📖 Usage
+All API endpoints are available at:
+**Content API (Frontend)**: `/api/strapi-plugin-payone-provider`
+**Admin API**: `/strapi-plugin-payone-provider`
-### Admin Panel
+> ⚠️ **Authentication Required**: All endpoints require authentication. Include your Bearer token in the Authorization header.
-The plugin adds a new menu item **"Payone Provider"** to your Strapi admin panel with three tabs:
+### Common Request Headers
-#### 1. Configuration Tab
+```javascript
+{
+  "Content-Type": "application/json",
+  "Authorization": "Bearer YOUR_AUTH_TOKEN"
+}
+```
+### Common Response Fields
+All responses include:
+- `status`: Transaction status (APPROVED, ERROR, REDIRECT, etc.)
+- `txid`: Transaction ID (for successful transactions)
+- `errorcode`: Error code (if status is ERROR)
+- `errormessage`: Error message (if status is ERROR)
+---
+## 🔐 3D Secure (3DS) Authentication
-- Configure Payone API credentials
-- Test connection to Payone servers
-- Switch between test and live modes
+3D Secure (3DS) is a security protocol that adds an extra layer of authentication for credit card payments, ensuring compliance with Strong Customer Authentication (SCA) requirements.
-#### 2. Transaction History Tab
+### Enabling 3D Secure
-- View all payment transactions
-- Filter by status, type, transaction ID, reference, or date range
-- View detailed request/response data for each transaction
-- Pagination support for large transaction lists
+1. Navigate to **Payone Provider** in the Strapi admin panel
+2. Go to the **Configuration** tab
+3. Find the **"Enable 3D Secure"** dropdown
+4. Select **"Enabled"** to activate 3DS for credit card payments
+5. Click **"Save Configuration"**
-#### 3. Payment Actions Tab
+> ⚠️ **Note**: When 3DS is enabled, it only applies to **credit card** payments (`clearingtype: "cc"`). Other payment methods are not affected.
-- Test payment operations without writing code
-- Execute preauthorizations, authorizations, captures, and refunds
-- View real-time results and error messages
+### Supported Operations
-### API Endpoints
+3D Secure works with the following operations:
-The plugin provides REST API endpoints for programmatic access:
+- ✅ **Preauthorization** (`POST /api/strapi-plugin-payone-provider/preauthorization`)
+- ✅ **Authorization** (`POST /api/strapi-plugin-payone-provider/authorization`)
+- ❌ **Capture** - Not applicable (uses preauthorized transaction)
+- ❌ **Refund** - Not applicable (uses existing transaction)
-#### Content API Endpoints (Public with Auth Policy)
+### Required Parameters for Preauthorization/Authorization with 3DS
-All content API endpoints require authentication via the `isAuth` policy. These are meant for your frontend application.
+When 3DS is enabled and you're making a credit card payment, the following parameters are required:
-Base URL: `/api/strapi-plugin-payone-provider`
+**Credit Card Details** (required when 3DS is enabled):
-##### POST `/api/strapi-plugin-payone-provider/preauthorization`
+- `cardtype`: Card type (`"V"` for VISA, `"M"` for Mastercard, `"A"` for AMEX, etc.)
+- `cardpan`: Card number (PAN)
+- `cardexpiredate`: Expiry date in format `YYMM` (e.g., `"2512"` for December 2025)
+- `cardcvc2`: CVC/CVV code (3 digits for most cards, 4 digits for AMEX)
-Reserve funds on a customer's card without immediate charge.
+**Redirect URLs** (required for 3DS authentication flow):
-**Request Body:**
+- `successurl`: URL to redirect after successful 3DS authentication
+- `errorurl`: URL to redirect after 3DS authentication error
+- `backurl`: URL to redirect if user cancels 3DS authentication
+**Example Request**:
 ```json
 {
   "amount": 1000,
   "currency": "EUR",
-  "reference": "ORDER-12345",
+  "reference": "PAY1234567890ABCDEF",
   "clearingtype": "cc",
   "cardtype": "V",
   "cardpan": "4111111111111111",
@@ -287,336 +191,1208 @@ Reserve funds on a customer's card without immediate charge.
   "cardcvc2": "123",
   "firstname": "John",
   "lastname": "Doe",
+  "email": "john.doe@example.com",
   "street": "Main Street 123",
   "zip": "12345",
   "city": "Berlin",
   "country": "DE",
-  "email": "john.doe@example.com"
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back"
 }
 ```
-**Response:**
+### 3DS Response Handling
+When 3DS is required, the API response will include:
 ```json
 {
   "data": {
-    "status": "APPROVED",
-    "txid": "123456789",
-    "userid": "987654321"
+    "status": "REDIRECT",
+    "redirecturl": "https://secure.pay1.de/3ds/...",
+    "requires3DSRedirect": true,
+    "txid": "123456789"
   }
 }
 ```
-##### POST `/api/strapi-plugin-payone-provider/authorization`
+**Response Fields**:
+- `status`: `"REDIRECT"` when 3DS authentication is required
+- `redirecturl`: URL to redirect the customer for 3DS authentication
+- `requires3DSRedirect`: Boolean indicating if redirect is needed
+- `txid`: Transaction ID (if available)
-Immediately charge a customer's card.
+### 3DS Callback Endpoint
-**Request Body:** (Same as preauthorization)
+After the customer completes 3DS authentication, Payone will send a callback to:
-> Note: For redirect-based methods (PayPal, Online Banking) you must provide `successurl`, `errorurl`, and `backurl`. The plugin will auto-fill safe defaults when missing, using `settings.return_base` or `PAYONE_RETURN_BASE`/`FRONTEND_URL`/`NEXT_PUBLIC_SITE_URL`.
+**URL**: `POST /api/strapi-plugin-payone-provider/3ds-callback`
-##### POST `/api/strapi-plugin-payone-provider/capture`
+This endpoint processes the 3DS authentication result and updates the transaction status.
-Complete a preauthorized transaction and capture the funds.
+> ℹ️ **Note**: The callback endpoint is automatically handled by the plugin. You don't need to manually process it unless you're implementing custom callback handling.
-**Request Body:**
+### How It Works
+1. **Request**: Send a preauthorization or authorization request with credit card details and redirect URLs
+2. **Response**: If 3DS is required, you'll receive a `REDIRECT` status with a `redirecturl`
+3. **Redirect**: Redirect the customer to the `redirecturl` for 3DS authentication
+4. **Callback**: After authentication, Payone redirects back to your `successurl`, `errorurl`, or `backurl` with transaction data
+5. **Completion**: The transaction is completed based on the authentication result
+### Testing 3DS
+For testing 3DS authentication, use test cards that trigger 3DS challenges. Refer to the [Payone 3D Secure Documentation](https://docs.payone.com/security-risk-management/3d-secure#/) for test card numbers and scenarios.
+---
+## 💳 Payment Methods & Operations
+### Credit Card
+<details>
+<summary><strong>Credit Card Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
 ```json
 {
-  "txid": "123456789",
   "amount": 1000,
-  "currency": "EUR"
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "cc",
+  "cardtype": "V",
+  "cardpan": "4111111111111111",
+  "cardexpiredate": "2512",
+  "cardcvc2": "123",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
 }
 ```
-##### POST `/api/strapi-plugin-payone-provider/refund`
-Refund a captured transaction.
-**Request Body:**
+**Response**:
 ```json
 {
-  "txid": "123456789",
-  "amount": -1000,
-  "currency": "EUR",
-  "reference": "REFUND-12345",
-  "sequencenumber": 2
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
+  }
 }
 ```
-#### Admin API Endpoints
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-These endpoints require admin authentication and are available at `/strapi-plugin-payone-provider/`.
+**Request Body**: (Same as Preauthorization)
-- `GET /strapi-plugin-payone-provider/settings` - Get current settings
-- `PUT /strapi-plugin-payone-provider/settings` - Update settings
-- `GET /strapi-plugin-payone-provider/transaction-history` - Get transaction history
-- `POST /strapi-plugin-payone-provider/test-connection` - Test Payone connection
-- All payment operation endpoints (same as content API)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "cc",
+  "cardtype": "V",
+  "cardpan": "4111111111111111",
+  "cardexpiredate": "2512",
+  "cardcvc2": "123",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-### JavaScript/TypeScript Usage Example
+**Response**:
-```javascript
-// In your frontend application
-import axios from 'axios';
-const processPayment = async (orderData) => {
-  try {
-    // Step 1: Preauthorize the payment
-    const preauth = await axios.post(
-      'http://localhost:1337/api/strapi-plugin-payone-provider/preauthorization',
-      {
-        amount: orderData.amount, // in cents, e.g., 1000 = 10.00 EUR
-        currency: 'EUR',
-        reference: orderData.orderId,
-        clearingtype: 'cc',
-        cardtype: 'V', // Visa
-        cardpan: orderData.cardNumber,
-        cardexpiredate: orderData.cardExpiry, // YYMM format
-        cardcvc2: orderData.cardCvc,
-        firstname: orderData.firstName,
-        lastname: orderData.lastName,
-        street: orderData.street,
-        zip: orderData.zip,
-        city: orderData.city,
-        country: orderData.country,
-        email: orderData.email,
-      },
-      {
-        headers: {
-          Authorization: `Bearer ${yourAuthToken}`,
-        },
-      }
-    );
-    if (preauth.data.data.status === 'APPROVED') {
-      const txid = preauth.data.data.txid;
-      // Step 2: Capture the preauthorized amount
-      const capture = await axios.post(
-        'http://localhost:1337/api/strapi-plugin-payone-provider/capture',
-        {
-          txid: txid,
-          amount: orderData.amount,
-          currency: 'EUR',
-        },
-        {
-          headers: {
-            Authorization: `Bearer ${yourAuthToken}`,
-          },
-        }
-      );
-      return {
-        success: true,
-        transactionId: txid,
-      };
-    }
-  } catch (error) {
-    console.error('Payment failed:', error);
-    return {
-      success: false,
-      error: error.message,
-    };
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
   }
-};
+}
 ```
-## 💳 Payment Operations
+#### Capture
-## ✅ Supported Payment Methods
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
-The plugin supports the following Payone clearing types. Required fields are listed per method. All methods also require the common customer and address fields shown below.
+**Request Body**:
-Common required fields (all methods):
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
-- `amount` (in cents), `currency`, `reference` (max 20 chars; auto-normalized)
-- `firstname`, `lastname`, `email`, `telephonenumber`
-- `street`, `zip`, `city`, `country`
+**Response**:
-Credit Card (`clearingtype = cc`):
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-- Required: `cardtype` (V/M/A...), `cardpan`, `cardexpiredate` (MMyy), `cardcvc2`
-- Operations: preauthorization, authorization, capture, refund
-- Test payment in Admin currently supported for Credit Card only
+#### Refund
-PayPal Wallet (`clearingtype = wlt`, `wallettype = PPE`):
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
-- Required: `successurl`, `errorurl`, `backurl` (redirect URLs)
-- Recommended shipping fields: `shipping_firstname`, `shipping_lastname`, `shipping_street`, `shipping_zip`, `shipping_city`, `shipping_country`
-- Operations: preauthorization, authorization (capture/refund roadmap)
+**Request Body**:
-SEPA Direct Debit (`clearingtype = elv`):
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
-- Required: `iban`, `bic`, `bankaccountholder`, `bankcountry`
-- Operations: preauthorization, authorization (capture/refund roadmap)
+**Response**:
-Online Banking/PNT (`clearingtype = sb`):
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-- Required: `onlinebanktransfertype` (e.g. `PNT`), `bankcountry`, redirect URLs (`successurl`, `errorurl`, `backurl`)
-- Operations: authorization (capture/refund roadmap)
+</details>
-Notes:
+---
-- The plugin normalizes `reference` server-side to comply with Payone (alphanumeric only, max 20 chars, auto-generated fallback).
-- For redirect flows, the plugin auto-fills redirect URLs when missing using a base URL from settings or environment.
+### PayPal
-### Preauthorization vs Authorization
+<details>
+<summary><strong>PayPal Payment Method</strong></summary>
-- **Preauthorization**: Reserves funds on the customer's card but doesn't charge it immediately. Use this when you need to verify funds availability before fulfilling an order (e.g., hotel bookings, rentals). You must later call "Capture" to actually charge the card.
+#### Preauthorization
-- **Authorization**: Immediately charges the customer's card. Use this for instant payments (e.g., e-commerce purchases).
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
-### Capture
+**Request Body**:
-After a successful preauthorization, you must capture the transaction to receive the funds. Captures can be:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "PPE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-- **Full capture**: Capture the entire preauthorized amount
-- **Partial capture**: Capture less than the preauthorized amount
+**Response**:
-### Refund
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
-Refunds return money to the customer. Important notes:
+#### Authorization
-- Amount must be negative (e.g., -1000 for 10.00 EUR)
-- Requires a valid transaction ID (txid)
-- Requires a sequence number (start with 2, increment for each additional refund on same transaction)
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-> Current limitation: Capture and Refund are implemented for Credit Card only. Support for PayPal/SEPA/Online Banking will be added in future updates.
+**Request Body**: (Same as Preauthorization)
-## 📊 Transaction History
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "PPE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
-All payment operations are automatically logged to the transaction history. Each entry includes:
+**Response**:
-- **Transaction ID (txid)**: Payone's unique transaction identifier
-- **Reference**: Your custom order/payment reference
-- **Type**: Operation type (authorization, preauthorization, capture, refund)
-- **Amount**: Transaction amount in cents
-- **Currency**: Currency code (EUR, USD, etc.)
-- **Status**: APPROVED, ERROR, REDIRECT, etc.
-- **Timestamp**: When the transaction occurred
-- **Raw Request/Response**: Complete API request and response data for debugging
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
-### Filtering Transactions
+#### Capture
-Use the filters in the Transaction History tab to find specific transactions:
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
-- **Status**: Filter by APPROVED, ERROR, etc.
-- **Type**: Filter by operation type
-- **Transaction ID**: Search by specific txid
-- **Reference**: Search by your order reference
-- **Date Range**: Filter by date
+**Request Body**:
-## 🔍 Troubleshooting
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1,
+  "capturemode": "full"
+}
+```
-### Connection Test Fails
+**Response**:
-**Problem**: "Authentication failed" or "Invalid credentials"
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-**Solutions**:
+#### Refund
-1. Verify your AID, Portal ID, Merchant ID, and Portal Key are correct
-2. Ensure you're using the correct mode (test/live)
-3. Check that your Payone account is active and not suspended
-4. Verify the Portal Key is the MD5 hash key from your Payone PMI
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
-### Payment Gets Rejected
+**Request Body**:
-**Problem**: Transactions return ERROR status
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
-**Common Causes**:
+**Response**:
-1. **Invalid card data**: Check card number, expiry date, and CVC
-2. **Insufficient funds**: Test cards may have limits
-3. **Duplicate reference**: Each transaction needs a unique reference
-4. **Missing required fields**: Ensure all required customer data is provided
-5. **Test mode restrictions**: Some features may be limited in test mode
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
-**Debug Steps**:
+</details>
-1. Check the Transaction History for error codes and messages
-2. Review the raw response data for detailed error information
-3. Consult the Payone API documentation for error code meanings
-4. Check your Strapi server logs for detailed error traces
+---
-### Plugin Not Appearing in Admin
+### Google Pay
-**Problem**: Payone Provider menu item doesn't appear
+<details>
+<summary><strong>Google Pay Payment Method</strong></summary>
-**Solutions**:
+#### Overview
-1. Ensure the plugin is enabled in `config/plugins.js`
-2. Run `npm run build` to rebuild the admin panel
-3. Clear your browser cache and refresh
-4. Restart your Strapi server
-5. Check browser console for JavaScript errors
+Google Pay integration requires obtaining an encrypted payment token from Google Pay API and sending it to Payone. The token must be Base64 encoded before sending to Payone.
-### API Requests Return 403 Forbidden
+#### Getting Google Pay Token
-**Problem**: Content API endpoints return authorization errors
+**1. Include Google Pay Script**
-**Solutions**:
+```html
+<script async src="https://pay.google.com/gp/p/js/pay.js"></script>
+```
-1. Ensure you're sending a valid authentication token
-2. Check that the `isAuth` policy is properly configured
-3. Verify your user has the necessary permissions
-4. Review Strapi's role and permissions settings
+**2. Initialize Google Pay**
-### Transactions Not Logging
+```javascript
+const paymentsClient = new google.payments.api.PaymentsClient({
+  environment: 'TEST', // or "PRODUCTION" for live
+});
-**Problem**: Transaction history is empty
+const baseRequest = {
+  apiVersion: 2,
+  apiVersionMinor: 0,
+};
-**Solutions**:
+const allowedCardNetworks = ['MASTERCARD', 'VISA'];
+const allowedAuthMethods = ['PAN_ONLY', 'CRYPTOGRAM_3DS'];
-1. Check that requests are actually reaching Payone (check server logs)
-2. Verify database write permissions
-3. Check for JavaScript errors in the browser console
-4. Ensure the plugin store is accessible
+const tokenizationSpecification = {
+  type: 'PAYMENT_GATEWAY',
+  parameters: {
+    gateway: 'payonegmbh',
+    gatewayMerchantId: 'YOUR_PAYONE_MERCHANT_ID', // Use your Payone MID or Portal ID
+  },
+};
-## 🔐 Security Best Practices
+const cardPaymentMethod = {
+  type: 'CARD',
+  parameters: {
+    allowedCardNetworks,
+    allowedAuthMethods,
+  },
+  tokenizationSpecification,
+};
-1. **Never expose your Portal Key**: Keep it secure and never commit it to version control
-2. **Use environment variables**: Store credentials in `.env` files (excluded from git)
-3. **Enable HTTPS**: Always use HTTPS in production for API requests
-4. **Validate user input**: Always validate and sanitize payment data on the server side
-5. **Use test mode**: Test thoroughly in test mode before going live
-6. **Monitor transactions**: Regularly review transaction history for suspicious activity
-7. **PCI Compliance**: If handling card data directly, ensure PCI DSS compliance
+const isReadyToPayRequest = Object.assign({}, baseRequest);
+isReadyToPayRequest.allowedPaymentMethods = [cardPaymentMethod];
-## 📝 License
+paymentsClient.isReadyToPay(isReadyToPayRequest).then(function (response) {
+  if (response.result) {
+    // Google Pay is available, show button
+  }
+});
+```
-MIT
+**3. Create Payment Button and Get Token**
-## 🤝 Support
+```javascript
+const paymentDataRequest = Object.assign({}, baseRequest);
+paymentDataRequest.allowedPaymentMethods = [cardPaymentMethod];
+paymentDataRequest.transactionInfo = {
+  totalPriceStatus: 'FINAL',
+  totalPrice: '10.00',
+  currencyCode: 'EUR',
+};
+paymentDataRequest.merchantInfo = {
+  merchantId: 'YOUR_GOOGLE_MERCHANT_ID', // Optional: from Google Console
+  merchantName: 'Your Merchant Name',
+};
-If you encounter issues or need help:
+const button = paymentsClient.createButton({
+  onClick: async () => {
+    try {
+      const paymentData = await paymentsClient.loadPaymentData(paymentDataRequest);
+      const token = paymentData.paymentMethodData.tokenizationData.token;
-1. Check this README thoroughly
-2. Review your Strapi server logs
-3. Consult the [Payone API Documentation](https://docs.payone.com/)
-4. Check the Transaction History for detailed error messages
+      // Token is a JSON string, encode it to Base64 for Payone
+      const base64Token = btoa(unescape(encodeURIComponent(token)));
-## 🔄 Updates
+      // Send to your backend
+      await fetch('/api/strapi-plugin-payone-provider/preauthorization', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Authorization: 'Bearer YOUR_TOKEN',
+        },
+        body: JSON.stringify({
+          amount: 1000,
+          currency: 'EUR',
+          reference: 'PAY1234567890ABCDEF',
+          googlePayToken: base64Token,
+        }),
+      });
+    } catch (error) {
+      console.error('Google Pay error:', error);
+    }
+  },
+});
-To update the plugin:
+document.getElementById('google-pay-button').appendChild(button);
+```
-```bash
-# Using npm
-npm update strapi-plugin-payone-provider
-npm run build
+**Token Format**
-# Using yarn
-yarn upgrade strapi-plugin-payone-provider
-yarn build
+The token from Google Pay is a JSON string with the following structure:
-# Using pnpm
-pnpm update strapi-plugin-payone-provider
-pnpm build
+```json
+{
+  "signature": "MEUCIFr4ETGzv0uLZX3sR+i1ScARXnRBrncyYFDX/TI/VSLCAiEAvC/Q4dqXMQhwcSdg/ZvXj8+up0wXsfHja3V/6z48/vk=",
+  "intermediateSigningKey": {
+    "signedKey": "{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7PWUi+e6WPUhNmTSQ2WN006oWlcWy0FtBWizw9sph1wvX9XcXUNRLcfcsmCBfI5IsKQkjAmYxpCSB+L5sIudLw\\u003d\\u003d\",\"keyExpiration\":\"1722393105282\"}",
+    "signatures": ["MEUCIQCpU30A3g2pP93IBE5NxgO9ZcJlGF9YPzCZS7H4/IR1CQIgF6+I5t8olT8YsRDUcj7w3R1bvX4ZCcyFXE2+YXa+3H0="]
+  },
+  "protocolVersion": "ECv2",
+  "signedMessage": "{\"encryptedMessage\":\"...\",\"ephemeralPublicKey\":\"...\",\"tag\":\"...\"}"
+}
+```
+**Important**: The token must be Base64 encoded before sending to Payone.
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "GGP",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "googlePayToken": "BASE64_ENCODED_TOKEN",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Payone Request Parameters** (automatically added by plugin):
+```json
+{
+  "request": "preauthorization",
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "GGP",
+  "add_paydata[paymentmethod_token_data]": "BASE64_ENCODED_TOKEN",
+  "add_paydata[paymentmethod]": "GGP",
+  "add_paydata[paymentmethod_type]": "GOOGLEPAY",
+  "add_paydata[gatewayid]": "payonegmbh",
+  "add_paydata[gateway_merchantid]": "YOUR_PAYONE_MERCHANT_ID",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization, include `googlePayToken`)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "GGP",
+  "googlePayToken": "BASE64_ENCODED_TOKEN",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Required Parameters for Google Pay
+- `clearingtype`: Must be `"wlt"` (wallet)
+- `wallettype`: Must be `"GGP"` (Google Pay)
+- `add_paydata[paymentmethod_token_data]`: Base64 encoded Google Pay token (automatically added by plugin)
+- `add_paydata[paymentmethod]`: `"GGP"` (automatically added by plugin)
+- `add_paydata[paymentmethod_type]`: `"GOOGLEPAY"` (automatically added by plugin)
+- `add_paydata[gatewayid]`: `"payonegmbh"` (automatically added by plugin)
+- `add_paydata[gateway_merchantid]`: Your Payone Merchant ID (automatically added by plugin)
+- Shipping address parameters (required for wallet payments)
+</details>
+---
+### Apple Pay
+<details>
+<summary><strong>Apple Pay Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "APL",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "wlt",
+  "wallettype": "APL",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "shipping_firstname": "John",
+  "shipping_lastname": "Doe",
+  "shipping_street": "Main Street 123",
+  "shipping_zip": "12345",
+  "shipping_city": "Berlin",
+  "shipping_country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1,
+  "capturemode": "full"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
 ```
-Then restart your Strapi application.
+</details>
 ---
-**Made with ❤️ for Strapi**
+### SEPA Direct Debit
+<details>
+<summary><strong>SEPA Direct Debit Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "elv",
+  "iban": "DE89370400440532013000",
+  "bic": "COBADEFFXXX",
+  "bankaccountholder": "John Doe",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "elv",
+  "iban": "DE89370400440532013000",
+  "bic": "COBADEFFXXX",
+  "bankaccountholder": "John Doe",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789",
+    "userid": "987654321"
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+</details>
+---
+### Sofort Banking
+<details>
+<summary><strong>Sofort Banking Payment Method</strong></summary>
+#### Preauthorization
+**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Request Body**:
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "sb",
+  "onlinebanktransfertype": "PNT",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Authorization
+**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
+**Request Body**: (Same as Preauthorization)
+```json
+{
+  "amount": 1000,
+  "currency": "EUR",
+  "reference": "PAY1234567890ABCDEF",
+  "clearingtype": "sb",
+  "onlinebanktransfertype": "PNT",
+  "bankcountry": "DE",
+  "firstname": "John",
+  "lastname": "Doe",
+  "email": "john.doe@example.com",
+  "telephonenumber": "+4917512345678",
+  "street": "Main Street 123",
+  "zip": "12345",
+  "city": "Berlin",
+  "country": "DE",
+  "successurl": "https://www.example.com/success",
+  "errorurl": "https://www.example.com/error",
+  "backurl": "https://www.example.com/back",
+  "salutation": "Herr",
+  "gender": "m",
+  "ip": "127.0.0.1",
+  "language": "de",
+  "customer_is_present": "yes"
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "REDIRECT",
+    "txid": "123456789",
+    "redirecturl": "https://secure.pay1.de/redirect/..."
+  }
+}
+```
+#### Capture
+**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": 1000,
+  "currency": "EUR",
+  "sequencenumber": 1
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+#### Refund
+**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Request Body**:
+```json
+{
+  "txid": "123456789",
+  "amount": -1000,
+  "currency": "EUR",
+  "reference": "REF1234567890ABCDEF",
+  "sequencenumber": 2
+}
+```
+**Response**:
+```json
+{
+  "data": {
+    "status": "APPROVED",
+    "txid": "123456789"
+  }
+}
+```
+</details>
+---
+## ✅ Supported Payment Methods
+Click on any payment method to see detailed API documentation:
+- [Credit Card](#credit-card)
+- [PayPal](#paypal)
+- [Google Pay](#google-pay)
+- [Apple Pay](#apple-pay)
+- [SEPA Direct Debit](#sepa-direct-debit)
+- [Sofort Banking](#sofort-banking)
+---
+## 📝 Notes
+### Important Parameters
+- **amount**: Always in cents (e.g., 1000 = 10.00 EUR)
+- **reference**: Max 20 characters, alphanumeric only. Auto-normalized by the plugin.
+- **cardexpiredate**: Format is YYMM (e.g., "2512" = December 2025)
+- **sequencenumber**: Start with 1 for capture, 2 for first refund, increment for subsequent refunds
+- **Refund amount**: Must be negative (e.g., -1000 for 10.00 EUR refund)
+### Redirect URLs
+For redirect-based payment methods (PayPal, Google Pay, Apple Pay, Sofort), you must provide:
+- `successurl`: URL to redirect after successful payment
+- `errorurl`: URL to redirect after payment error
+- `backurl`: URL to redirect if user cancels payment
+### Preauthorization vs Authorization
+- **Preauthorization**: Reserves funds but doesn't charge immediately. Requires a Capture call later.
+- **Authorization**: Immediately charges the customer's payment method.
+### Capture Mode
+For wallet payments (PayPal, Google Pay, Apple Pay), you can specify:
+- `capturemode: "full"`: Capture the entire preauthorized amount
+- `capturemode: "partial"`: Capture less than the preauthorized amount