npm - strapi-plugin-payone-provider - Versions diffs - 4.6.13 → 4.6.15 - Mend

strapi-plugin-payone-provider 4.6.13 → 4.6.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +105 -533
package/admin/src/components/PluginIcon/index.jsx +15 -3
package/admin/src/pages/App/components/DocsPanel.jsx +11 -10
package/admin/src/pages/App/components/StatusBadge.jsx +1 -1
package/admin/src/pages/App/components/transaction-history/TransactionTable.jsx +5 -5
package/admin/src/pages/App/components/transaction-history/details/TransactionDetails.jsx +10 -10
package/package.json +4 -4
package/server/controllers/payone.js +6 -4
package/server/policies/is-payone-notification.js +34 -8

package/README.md CHANGED Viewed

@@ -8,13 +8,24 @@ A comprehensive Strapi plugin that integrates the Payone payment gateway into yo
 - [Requirements](#requirements)
 - [Installation](#installation)
 - [Configuration](#configuration)
-- [Getting Started](#getting-started)
+  - [Using the Admin Panel](#using-the-admin-panel-recommended)
+  - [Apple Pay Setup](#apple-pay-setup)
+  - [Google Pay Configuration](#google-pay-configuration)
 - [Usage](#usage)
-- [3D Secure (3DS) Authentication](#-3d-secure-3ds-authentication)
-- [Payment Methods & Operations](#-payment-methods--operations)
-- [Supported Payment Methods](#supported-payment-methods)
-## ✨ Features
+  - [Base URL](#base-url)
+  - [Common Request Headers](#common-request-headers)
+  - [Common Response Fields](#common-response-fields)
+- [Payment Methods & Operations](#payment-methods--operations)
+  - [Credit Card](#credit-card)
+  - [PayPal](#paypal)
+  - [Google Pay](#google-pay)
+  - [Apple Pay](#apple-pay)
+  - [SEPA Direct Debit](#sepa-direct-debit)
+  - [Sofort Banking](#sofort-banking)
+- [TransactionStatus Notifications](#transactionstatus-notifications)
+- [Notes](#notes)
+## Features
 - **Payone API Integration**: Full integration with Payone's Server API (v3.10)
 - **Payment Operations**:
@@ -29,13 +40,14 @@ A comprehensive Strapi plugin that integrates the Payone payment gateway into yo
   - Connection testing
 - **Transaction Logging**: Automatic logging of all payment operations
 - **Security**: Secure credential storage with masked API keys
-- **Test & Live Modes**: Support for both test and production environments
-## 🔧 Requirements
+## Requirements
 Before installing this plugin, ensure you have:
-- **Strapi**: Version 4.6.0 or higher
+- **Strapi**:
+  - Version 5.x.x for plugin version 5.x.x
+  - Version 4.6.0 or higher for plugin version 4.x.x
 - **Node.js**: Version 18.0.0 to 20.x.x
 - **npm**: Version 6.0.0 or higher
 - **Payone Account**: Active Payone merchant account with API credentials
@@ -51,55 +63,46 @@ You will need the following credentials from your Payone account:
 > ℹ️ **How to get Payone credentials**: Log into your Payone Merchant Interface (PMI) and navigate to Configuration → Payment Portals → [Your Portal] → Advanced Tab to find these credentials.
-## 📦 Installation
+## Installation
+**Important**: Choose the correct version based on your Strapi version:
-### Install from npm
+- **For Strapi 5.x.x**: Use plugin version `^5.x.x`
+- **For Strapi 4.x.x**: Use plugin version `^4.x.x`
 ```bash
-# Using npm
+# npm
 npm install strapi-plugin-payone-provider
-# Using yarn
+# yarn
 yarn add strapi-plugin-payone-provider
-# Using pnpm
+# pnpm
 pnpm add strapi-plugin-payone-provider
 ```
-## ⚙️ Configuration
+> **Version Compatibility**: Make sure to install the correct plugin version that matches your Strapi version. Using an incompatible version may cause errors or unexpected behavior.
+## Configuration
 After installation, you need to configure your Payone credentials:
 ### Using the Admin Panel (Recommended)
-1. Log into your Strapi admin panel
-2. Navigate to **Payone Provider** in the sidebar menu
-3. Go to the **Configuration** tab
-4. Fill in your Payone credentials:
+1. Open **Payone Provider** in the sidebar menu
+2. Go to the **Configuration** tab
+3. Fill in your Payone credentials and save:
    - **Account ID (AID)**: Your Payone account ID
    - **Portal ID**: Your Payone portal ID
    - **Merchant ID (MID)**: Your merchant ID
    - **Portal Key**: Your API security key
    - **Mode**: Select `test` for testing or `live` for production
    - **API Version**: Leave as `3.10` (default)
-5. Click **"Test Connection"** to verify your credentials
-6. Click **"Save Configuration"** to store your settings
-### Apple Pay Configuration
-To configure Apple Pay settings:
+4. Click **"Test Connection"** to verify your credentials
-1. Navigate to **Payone Provider** in the sidebar menu
-2. Go to **Payment Actions** tab
-3. Select **Apple Pay** as the payment method
-4. Click on the Apple Pay configuration link: `/plugins/strapi-plugin-payone-provider/apple-pay-config`
-5. Configure the following settings:
-   - **Country Code**: Select the country where your business operates
-   - **Currency Code**: Select the currency for transactions
-   - **Supported Networks**: Select payment card networks (Visa, Mastercard, Amex, etc.)
-   - **Merchant Capabilities**: Select payment capabilities (3D Secure is recommended)
-   - **Button Style & Type**: Customize the Apple Pay button appearance
-6. Click **"Save Apple Pay Configuration"** to store your settings
+### Apple Pay setup
 > ⚠️ **Important**: Apple Pay requires a registered domain with HTTPS. It does NOT work on localhost. For testing, use a production domain with HTTPS or test on a device with Safari (iOS/macOS).
@@ -118,7 +121,6 @@ https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association
    - Download the domain verification file from Payone documentation: [https://docs.payone.com/payment-methods/apple-pay/apple-pay-without-dev](https://docs.payone.com/payment-methods/apple-pay/apple-pay-without-dev)
    - Alternatively, log into your Payone Merchant Interface (PMI)
    - Navigate to **Configuration** → **Payment Portals** → **Apple Pay**
-   - Download the `apple-developer-merchantid-domain-association` file
 2. **Place the file in Strapi:**
@@ -138,7 +140,7 @@ https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association
 #### Middleware Configuration for Apple Pay
-Apple Pay requires Content Security Policy (CSP) configuration in `config/middlewares.js` to allow Apple Pay scripts. Without this configuration, Apple Pay will NOT work.
+Apple Pay requires Content Security Policy (CSP) configuration in `config/middlewares.js` to allow Apple Pay scripts. Without this configuration, Apple Pay will NOT work on your strapi admin for make test transaction.
 **Required CSP directives:**
@@ -181,25 +183,10 @@ module.exports = [
 ### Google Pay Configuration
-To configure Google Pay settings:
-1. Navigate to **Payone Provider** in the sidebar menu
-2. Go to **Payment Actions** tab
-3. Select **Google Pay** as the payment method
-4. Click on the Google Pay configuration link: `/plugins/strapi-plugin-payone-provider/google-pay-config`
-5. Configure the following settings:
-   - **Country Code**: Select the country where your business operates
-   - **Currency Code**: Select the currency for transactions
-   - **Merchant Name**: Enter your business name as it will appear in Google Pay
-   - **Allowed Card Networks**: Select payment card networks (Mastercard, Visa, Amex, etc.)
-   - **Allowed Authentication Methods**: Select authentication methods (PAN Only, 3D Secure)
-6. Click **"Save Google Pay Configuration"** to store your settings
-> ℹ️ **Note**: The Gateway Merchant ID will be automatically obtained from your Payone Merchant ID (MID) or Portal ID configured in the main Configuration tab.
 #### Middleware Configuration for Google Pay
-Google Pay requires Content Security Policy (CSP) configuration in `config/middlewares.js` to allow Google Pay scripts. Without this configuration, Google Pay will NOT work.
+Google Pay requires Content Security Policy (CSP) configuration in `config/middlewares.js` to allow Google Pay scripts. Without this configuration, Google Pay will NOT work on your strapi admin for make test transactions.
 **Required CSP directives:**
@@ -238,27 +225,8 @@ module.exports = [
 > ⚠️ **Important**: Without this middleware configuration, Google Pay scripts will be blocked and Google Pay will NOT work!
-## 🚀 Getting Started
-### 1. Test Your Connection
-After configuring your credentials:
-1. Open the **Configuration** tab in the Payone Provider admin panel
-2. Click the **"Test Connection"** button
-3. If successful, you'll see a green success message
-4. If it fails, check your credentials and try again
-### 2. Try a Test Payment
-1. Go to the **Payment Actions** tab
-2. Try a **Preauthorization** operation:
-   - Amount: 1000 (equals 10.00 EUR in cents)
-   - Reference: Leave empty for auto-generation
-   - Click **"Execute Preauthorization"**
-3. Check the **Transaction History** tab to see the logged transaction
-## 📖 Usage
+## Usage
 ### Base URL
@@ -290,127 +258,20 @@ All responses include:
 ---
-## 🔐 3D Secure (3DS) Authentication
-3D Secure (3DS) is a security protocol that adds an extra layer of authentication for credit card payments, ensuring compliance with Strong Customer Authentication (SCA) requirements.
-### Enabling 3D Secure
-1. Navigate to **Payone Provider** in the Strapi admin panel
-2. Go to the **Configuration** tab
-3. Find the **"Enable 3D Secure"** dropdown
-4. Select **"Enabled"** to activate 3DS for credit card payments
-5. Click **"Save Configuration"**
-> ⚠️ **Note**: When 3DS is enabled, it only applies to **credit card** payments (`clearingtype: "cc"`). Other payment methods are not affected.
-### Supported Operations
-3D Secure works with the following operations:
-- ✅ **Preauthorization** (`POST /api/strapi-plugin-payone-provider/preauthorization`)
-- ✅ **Authorization** (`POST /api/strapi-plugin-payone-provider/authorization`)
-- ❌ **Capture** - Not applicable (uses preauthorized transaction)
-- ❌ **Refund** - Not applicable (uses existing transaction)
-### Required Parameters for Preauthorization/Authorization with 3DS
-When 3DS is enabled and you're making a credit card payment, the following parameters are required:
+## Payment Methods & Operations
-**Credit Card Details** (required when 3DS is enabled):
-- `cardtype`: Card type (`"V"` for VISA, `"M"` for Mastercard, `"A"` for AMEX, etc.)
-- `cardpan`: Card number (PAN)
-- `cardexpiredate`: Expiry date in format `YYMM` (e.g., `"2512"` for December 2025)
-- `cardcvc2`: CVC/CVV code (3 digits for most cards, 4 digits for AMEX)
-**Redirect URLs** (required for 3DS authentication flow):
-- `successurl`: URL to redirect after successful 3DS authentication
-- `errorurl`: URL to redirect after 3DS authentication error
-- `backurl`: URL to redirect if user cancels 3DS authentication
-**Example Request**:
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "cc",
-  "cardtype": "V",
-  "cardpan": "4111111111111111",
-  "cardexpiredate": "2512",
-  "cardcvc2": "123",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "successurl": "https://www.example.com/success",
-  "errorurl": "https://www.example.com/error",
-  "backurl": "https://www.example.com/back"
-}
-```
-### 3DS Response Handling
-When 3DS is required, the API response will include:
-```json
-{
-  "data": {
-    "status": "REDIRECT",
-    "redirecturl": "https://secure.pay1.de/3ds/...",
-    "requires3DSRedirect": true,
-    "txid": "123456789"
-  }
-}
-```
-**Response Fields**:
-- `status`: `"REDIRECT"` when 3DS authentication is required
-- `redirecturl`: URL to redirect the customer for 3DS authentication
-- `requires3DSRedirect`: Boolean indicating if redirect is needed
-- `txid`: Transaction ID (if available)
-### 3DS Callback Endpoint
-After the customer completes 3DS authentication, Payone will send a callback to:
-**URL**: `POST /api/strapi-plugin-payone-provider/3ds-callback`
-This endpoint processes the 3DS authentication result and updates the transaction status.
-> ℹ️ **Note**: The callback endpoint is automatically handled by the plugin. You don't need to manually process it unless you're implementing custom callback handling.
-### How It Works
-1. **Request**: Send a preauthorization or authorization request with credit card details and redirect URLs
-2. **Response**: If 3DS is required, you'll receive a `REDIRECT` status with a `redirecturl`
-3. **Redirect**: Redirect the customer to the `redirecturl` for 3DS authentication
-4. **Callback**: After authentication, Payone redirects back to your `successurl`, `errorurl`, or `backurl` with transaction data
-5. **Completion**: The transaction is completed based on the authentication result
-### Testing 3DS
-For testing 3DS authentication, use test cards that trigger 3DS challenges. Refer to the [Payone 3D Secure Documentation](https://docs.payone.com/security-risk-management/3d-secure#/) for test card numbers and scenarios.
----
-## 💳 Payment Methods & Operations
+This section provides detailed API documentation for each supported payment method. Click on any payment method below to see the full implementation details:
 ### Credit Card
 <details>
 <summary><strong>Credit Card Payment Method</strong></summary>
-#### Preauthorization
+#### Preauthorization/Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Endpoints:**
+- `POST /api/strapi-plugin-payone-provider/preauthorization`
+- `POST /api/strapi-plugin-payone-provider/authorization`
 **Request Body**:
@@ -455,56 +316,10 @@ For testing 3DS authentication, use test cards that trigger 3DS challenges. Refe
 }
 ```
-#### Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-**Request Body**: (Same as Preauthorization)
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "cc",
-  "cardtype": "V",
-  "cardpan": "4111111111111111",
-  "cardexpiredate": "2512",
-  "cardcvc2": "123",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "telephonenumber": "+4917512345678",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "successurl": "https://www.example.com/success",
-  "errorurl": "https://www.example.com/error",
-  "backurl": "https://www.example.com/back",
-  "salutation": "Herr",
-  "gender": "m",
-  "ip": "127.0.0.1",
-  "language": "de",
-  "customer_is_present": "yes"
-}
-```
-**Response**:
-```json
-{
-  "data": {
-    "status": "APPROVED",
-    "txid": "123456789",
-    "userid": "987654321"
-  }
-}
-```
 #### Capture
-**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/capture`
 **Request Body**:
@@ -530,7 +345,8 @@ For testing 3DS authentication, use test cards that trigger 3DS challenges. Refe
 #### Refund
-**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/refund`
 **Request Body**:
@@ -564,9 +380,11 @@ For testing 3DS authentication, use test cards that trigger 3DS challenges. Refe
 <details>
 <summary><strong>PayPal Payment Method</strong></summary>
-#### Preauthorization
+#### Preauthorization/Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Endpoints:**
+- `POST /api/strapi-plugin-payone-provider/preauthorization`
+- `POST /api/strapi-plugin-payone-provider/authorization`
 **Request Body**:
@@ -614,59 +432,11 @@ For testing 3DS authentication, use test cards that trigger 3DS challenges. Refe
 }
 ```
-#### Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-**Request Body**: (Same as Preauthorization)
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "wlt",
-  "wallettype": "PPE",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "telephonenumber": "+4917512345678",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "shipping_firstname": "John",
-  "shipping_lastname": "Doe",
-  "shipping_street": "Main Street 123",
-  "shipping_zip": "12345",
-  "shipping_city": "Berlin",
-  "shipping_country": "DE",
-  "successurl": "https://www.example.com/success",
-  "errorurl": "https://www.example.com/error",
-  "backurl": "https://www.example.com/back",
-  "salutation": "Herr",
-  "gender": "m",
-  "ip": "127.0.0.1",
-  "language": "de",
-  "customer_is_present": "yes"
-}
-```
-**Response**:
-```json
-{
-  "data": {
-    "status": "REDIRECT",
-    "txid": "123456789",
-    "redirecturl": "https://secure.pay1.de/redirect/..."
-  }
-}
-```
 #### Capture
-**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/capture`
 **Request Body**:
@@ -693,7 +463,8 @@ For testing 3DS authentication, use test cards that trigger 3DS challenges. Refe
 #### Refund
-**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/refund`
 **Request Body**:
@@ -743,7 +514,7 @@ Google Pay integration requires obtaining an encrypted payment token from Google
 ```javascript
 const paymentsClient = new google.payments.api.PaymentsClient({
-  environment: "TEST", // or "PRODUCTION" for live
+  environment: "TEST", // or "PRODUCTION" for live mode
 });
 const baseRequest = {
@@ -850,9 +621,11 @@ The token from Google Pay is a JSON string with the following structure:
 **Important**: The token must be Base64 encoded before sending to Payone.
-#### Preauthorization
+#### Preauthorization/Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Endpoints:**
+- `POST /api/strapi-plugin-payone-provider/preauthorization`
+- `POST /api/strapi-plugin-payone-provider/authorization`
 **Request Body**:
@@ -934,53 +707,11 @@ The token from Google Pay is a JSON string with the following structure:
 }
 ```
-#### Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-**Request Body**: (Same as Preauthorization, include `googlePayToken`)
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "wlt",
-  "wallettype": "GGP",
-  "googlePayToken": "BASE64_ENCODED_TOKEN",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "shipping_firstname": "John",
-  "shipping_lastname": "Doe",
-  "shipping_street": "Main Street 123",
-  "shipping_zip": "12345",
-  "shipping_city": "Berlin",
-  "shipping_country": "DE",
-  "successurl": "https://www.example.com/success",
-  "errorurl": "https://www.example.com/error",
-  "backurl": "https://www.example.com/back"
-}
-```
-**Response**:
-```json
-{
-  "data": {
-    "status": "APPROVED",
-    "txid": "123456789"
-  }
-}
-```
 #### Capture
-**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/capture`
 **Request Body**:
@@ -1006,7 +737,8 @@ The token from Google Pay is a JSON string with the following structure:
 #### Refund
-**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/refund`
 **Request Body**:
@@ -1051,9 +783,11 @@ The token from Google Pay is a JSON string with the following structure:
 <details>
 <summary><strong>Apple Pay Payment Method</strong></summary>
-#### Preauthorization
+#### Preauthorization/Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Endpoints:**
+- `POST /api/strapi-plugin-payone-provider/preauthorization`
+- `POST /api/strapi-plugin-payone-provider/authorization`
 **Request Body**:
@@ -1101,59 +835,10 @@ The token from Google Pay is a JSON string with the following structure:
 }
 ```
-#### Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-**Request Body**: (Same as Preauthorization)
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "wlt",
-  "wallettype": "APL",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "telephonenumber": "+4917512345678",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "shipping_firstname": "John",
-  "shipping_lastname": "Doe",
-  "shipping_street": "Main Street 123",
-  "shipping_zip": "12345",
-  "shipping_city": "Berlin",
-  "shipping_country": "DE",
-  "successurl": "https://www.example.com/success",
-  "errorurl": "https://www.example.com/error",
-  "backurl": "https://www.example.com/back",
-  "salutation": "Herr",
-  "gender": "m",
-  "ip": "127.0.0.1",
-  "language": "de",
-  "customer_is_present": "yes"
-}
-```
-**Response**:
-```json
-{
-  "data": {
-    "status": "REDIRECT",
-    "txid": "123456789",
-    "redirecturl": "https://secure.pay1.de/redirect/..."
-  }
-}
-```
 #### Capture
-**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/capture`
 **Request Body**:
@@ -1180,7 +865,8 @@ The token from Google Pay is a JSON string with the following structure:
 #### Refund
-**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/refund`
 **Request Body**:
@@ -1214,9 +900,11 @@ The token from Google Pay is a JSON string with the following structure:
 <details>
 <summary><strong>SEPA Direct Debit Payment Method</strong></summary>
-#### Preauthorization
+#### Preauthorization/Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
+**Endpoints:**
+- `POST /api/strapi-plugin-payone-provider/preauthorization`
+- `POST /api/strapi-plugin-payone-provider/authorization`
 **Request Body**:
@@ -1258,53 +946,10 @@ The token from Google Pay is a JSON string with the following structure:
 }
 ```
-#### Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-**Request Body**: (Same as Preauthorization)
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "elv",
-  "iban": "DE89370400440532013000",
-  "bic": "COBADEFFXXX",
-  "bankaccountholder": "John Doe",
-  "bankcountry": "DE",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "telephonenumber": "+4917512345678",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "salutation": "Herr",
-  "gender": "m",
-  "ip": "127.0.0.1",
-  "language": "de",
-  "customer_is_present": "yes"
-}
-```
-**Response**:
-```json
-{
-  "data": {
-    "status": "APPROVED",
-    "txid": "123456789",
-    "userid": "987654321"
-  }
-}
-```
 #### Capture
-**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/capture`
 **Request Body**:
@@ -1330,7 +975,8 @@ The token from Google Pay is a JSON string with the following structure:
 #### Refund
-**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/refund`
 **Request Body**:
@@ -1364,9 +1010,12 @@ The token from Google Pay is a JSON string with the following structure:
 <details>
 <summary><strong>Sofort Banking Payment Method</strong></summary>
-#### Preauthorization
+#### Preauthorization/Authorization
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/preauthorization`
+- `POST /api/strapi-plugin-payone-provider/authorization`
-**URL**: `POST /api/strapi-plugin-payone-provider/preauthorization`
 **Request Body**:
@@ -1409,54 +1058,11 @@ The token from Google Pay is a JSON string with the following structure:
 }
 ```
-#### Authorization
-**URL**: `POST /api/strapi-plugin-payone-provider/authorization`
-**Request Body**: (Same as Preauthorization)
-```json
-{
-  "amount": 1000,
-  "currency": "EUR",
-  "reference": "PAY1234567890ABCDEF",
-  "clearingtype": "sb",
-  "onlinebanktransfertype": "PNT",
-  "bankcountry": "DE",
-  "firstname": "John",
-  "lastname": "Doe",
-  "email": "john.doe@example.com",
-  "telephonenumber": "+4917512345678",
-  "street": "Main Street 123",
-  "zip": "12345",
-  "city": "Berlin",
-  "country": "DE",
-  "successurl": "https://www.example.com/success",
-  "errorurl": "https://www.example.com/error",
-  "backurl": "https://www.example.com/back",
-  "salutation": "Herr",
-  "gender": "m",
-  "ip": "127.0.0.1",
-  "language": "de",
-  "customer_is_present": "yes"
-}
-```
-**Response**:
-```json
-{
-  "data": {
-    "status": "REDIRECT",
-    "txid": "123456789",
-    "redirecturl": "https://secure.pay1.de/redirect/..."
-  }
-}
-```
 #### Capture
-**URL**: `POST /api/strapi-plugin-payone-provider/capture`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/capture`
 **Request Body**:
@@ -1482,7 +1088,8 @@ The token from Google Pay is a JSON string with the following structure:
 #### Refund
-**URL**: `POST /api/strapi-plugin-payone-provider/refund`
+**Endpoint:**
+- `POST /api/strapi-plugin-payone-provider/refund`
 **Request Body**:
@@ -1511,50 +1118,7 @@ The token from Google Pay is a JSON string with the following structure:
 ---
-## ✅ Supported Payment Methods
-Click on any payment method to see detailed API documentation:
-- [Credit Card](#credit-card)
-- [PayPal](#paypal)
-- [Google Pay](#google-pay)
-- [Apple Pay](#apple-pay)
-- [SEPA Direct Debit](#sepa-direct-debit)
-- [Sofort Banking](#sofort-banking)
----
-## 📝 Notes
-### Important Parameters
-- **amount**: Always in cents (e.g., 1000 = 10.00 EUR)
-- **reference**: Max 20 characters, alphanumeric only. Auto-normalized by the plugin.
-- **cardexpiredate**: Format is YYMM (e.g., "2512" = December 2025)
-- **sequencenumber**: Start with 1 for capture, 2 for first refund, increment for subsequent refunds
-- **Refund amount**: Must be negative (e.g., -1000 for 10.00 EUR refund)
-### Redirect URLs
-For redirect-based payment methods (PayPal, Google Pay, Apple Pay, Sofort), you must provide:
-- `successurl`: URL to redirect after successful payment
-- `errorurl`: URL to redirect after payment error
-- `backurl`: URL to redirect if user cancels payment
-### Preauthorization vs Authorization
-- **Preauthorization**: Reserves funds but doesn't charge immediately. Requires a Capture call later.
-- **Authorization**: Immediately charges the customer's payment method.
-### Capture Mode
-For wallet payments (PayPal, Google Pay, Apple Pay), you can specify:
-- `capturemode: "full"`: Capture the entire preauthorized amount
-- `capturemode: "partial"`: Capture less than the preauthorized amount
-## 📢 TransactionStatus Notifications
+## TransactionStatus Notifications
 The Payone platform provides an asynchronous way of notifying your system of changes to a transaction. These notifications are called "TransactionStatus" and are automatically handled by this plugin.
@@ -1617,3 +1181,11 @@ The plugin automatically verifies:
 4. **Credentials**: Verifies that `portalid` and `aid` match your configured settings
 > 📖 **Reference**: For more details, see [Payone TransactionStatus Notification Documentation](https://docs.payone.com/integration/response-handling/transactionstatus-notification)
+---
+## Notes
+For additional information and updates, please refer to the official Payone documentation:
+**Payone Documentation**: [https://docs.payone.com/payment-methods](https://docs.payone.com/payment-methods)

package/admin/src/components/PluginIcon/index.jsx CHANGED Viewed

@@ -1,6 +1,18 @@
-import React from "react";
-import { Puzzle } from "@strapi/icons";
-const PluginIcon = () => <Puzzle />;
+const PluginIcon = () => (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    xmlSpace="preserve"
+    id="Capa_1"
+    width={16}
+    height={16}
+    fill="currentColor"
+    version="1.1"
+    viewBox="0 0 438.254 438.254"
+  >
+    <path d="M402.612 177.546H368.25V63.187c0-19.652-15.988-35.64-35.64-35.64H35.641C15.988 27.547 0 43.535 0 63.187v161.88c0 19.652 15.988 35.64 35.641 35.64h34.357v114.358c0 19.653 15.989 35.642 35.642 35.642h296.973c19.652 0 35.642-15.989 35.642-35.642V213.188c-.001-19.653-15.99-35.642-35.643-35.642m-64.362-45.839H30v-20h308.25zM35.641 57.547h296.97c3.109 0 5.64 2.53 5.64 5.64v28.52H30v-28.52c0-3.11 2.53-5.64 5.641-5.64m0 173.16a5.647 5.647 0 0 1-5.641-5.64v-73.36h308.25v25.839H105.64c-19.652 0-35.642 15.989-35.642 35.642v17.519zm372.613 144.358a5.65 5.65 0 0 1-5.642 5.642H105.64a5.65 5.65 0 0 1-5.642-5.642V213.188a5.65 5.65 0 0 1 5.642-5.642h296.973a5.65 5.65 0 0 1 5.642 5.642z"></path>
+    <path d="M358.585 287.966c-6.941 0-13.48 1.74-19.216 4.797-5.885-3.15-12.429-4.797-19.265-4.797-22.607 0-41 18.393-41 41s18.393 41 41 41c6.835 0 13.379-1.647 19.265-4.796a40.74 40.74 0 0 0 19.216 4.796c22.607 0 41-18.393 41-41s-18.393-41-41-41m-59.481 41c0-11.579 9.421-21 21-21 1.065 0 2.113.09 3.145.243-3.593 6.093-5.664 13.186-5.664 20.757s2.071 14.664 5.664 20.757c-1.032.153-2.08.243-3.145.243-11.58 0-21-9.42-21-21m59.481 21c-11.579 0-21-9.421-21-21s9.421-21 21-21 21 9.421 21 21-9.421 21-21 21M177.126 241.707h-28c-5.522 0-10 4.477-10 10s4.478 10 10 10h28c5.522 0 10-4.477 10-10s-4.478-10-10-10M237.793 241.707h-28c-5.522 0-10 4.477-10 10s4.478 10 10 10h28c5.522 0 10-4.477 10-10s-4.478-10-10-10M308.459 251.707c0-5.523-4.478-10-10-10h-28c-5.522 0-10 4.477-10 10s4.478 10 10 10h28c5.522 0 10-4.477 10-10M331.126 261.707h28c5.522 0 10-4.477 10-10s-4.478-10-10-10h-28c-5.522 0-10 4.477-10 10s4.478 10 10 10"></path>
+  </svg>
+);
 export default PluginIcon;

package/admin/src/pages/App/components/DocsPanel.jsx CHANGED Viewed

@@ -1,4 +1,4 @@
-import React, { useEffect, useState } from "react";
+import { useEffect, useState } from "react";
 import {
   Box,
   Card,
@@ -9,6 +9,7 @@ import {
   Accordion,
   AccordionToggle,
   AccordionContent,
+  Link,
 } from "@strapi/design-system";
 const CodeBlock = ({ children }) => {
@@ -123,31 +124,31 @@ const DocsPanel = () => {
           <AccordionContent>
             <Stack spacing={2} padding={4}>
               <Typography variant="pi">
-                1. <a href="#base-url">Base URL & Authentication</a>
+                1. <a style={{ color: "inherit", textDecoration:"none" }} href="#base-url">Base URL & Authentication</a>
               </Typography>
               <Typography variant="pi">
-                2. <a href="#payment-methods">Supported Payment Methods</a>
+                2. <a style={{ color: "inherit", textDecoration:"none" }} href="#payment-methods">Supported Payment Methods</a>
               </Typography>
               <Typography variant="pi">
-                3. <a href="#credit-card">Credit Card Integration</a>
+                3. <a style={{ color: "inherit", textDecoration:"none" }} href="#credit-card">Credit Card Integration</a>
               </Typography>
               <Typography variant="pi">
-                4. <a href="#paypal">PayPal Integration</a>
+                4. <a style={{ color: "inherit", textDecoration:"none" }} href="#paypal">PayPal Integration</a>
               </Typography>
               <Typography variant="pi">
-                5. <a href="#google-pay">Google Pay Integration</a>
+                5. <a style={{ color: "inherit", textDecoration:"none" }} href="#google-pay">Google Pay Integration</a>
               </Typography>
               <Typography variant="pi">
-                6. <a href="#apple-pay">Apple Pay Integration</a>
+                6. <a style={{ color: "inherit", textDecoration:"none" }} href="#apple-pay">Apple Pay Integration</a>
               </Typography>
               <Typography variant="pi">
-                7. <a href="#3d-secure">3D Secure Authentication</a>
+                7. <a style={{ color: "inherit", textDecoration:"none" }} href="#3d-secure">3D Secure Authentication</a>
               </Typography>
               <Typography variant="pi">
-                8. <a href="#capture-refund">Capture & Refund Operations</a>
+                8. <a style={{ color: "inherit", textDecoration:"none" }} href="#capture-refund">Capture & Refund Operations</a>
               </Typography>
               <Typography variant="pi">
-                9. <a href="#test-credentials">Test Credentials</a>
+                9. <a style={{ color: "inherit", textDecoration:"none" }} href="#test-credentials">Test Credentials</a>
               </Typography>
             </Stack>
           </AccordionContent>

package/admin/src/pages/App/components/StatusBadge.jsx CHANGED Viewed

@@ -1,4 +1,4 @@
-import React, { useState } from "react";
+import { useState } from "react";
 import { Badge, Box, Typography, Flex } from "@strapi/design-system";
 import { ExclamationMarkCircle } from "@strapi/icons";

package/admin/src/pages/App/components/transaction-history/TransactionTable.jsx CHANGED Viewed

@@ -133,20 +133,20 @@ const TransactionTable = () => {
                         <Td>
                           <Typography variant="pi">
                             {getPaymentMethodName(
-                              transaction.raw_request?.clearingtype,
-                              transaction.raw_request?.wallettype,
-                              transaction.raw_request?.cardtype
+                              (transaction.raw_request?.clearingtype || transaction?.body?.raw_request?.clearingtype),
+                              (transaction.raw_request?.wallettype || transaction?.body?.raw_request?.wallettype),
+                              (transaction.raw_request?.cardtype || transaction?.body?.raw_request?.cardtype)
                             )}
                           </Typography>
                         </Td>
                         <Td>
                           <Typography variant="pi" fontWeight="semiBold">
-                            {transaction.request_type || "N/A"}
+                            {(transaction.request_type || transaction?.body?.request_type) || "N/A"}
                           </Typography>
                         </Td>
                         <Td>
                           <StatusBadge
-                            status={transaction?.status}
+                            status={(transaction.status || transaction?.body?.status)}
                             transaction={transaction}
                           />
                         </Td>

package/admin/src/pages/App/components/transaction-history/details/TransactionDetails.jsx CHANGED Viewed

@@ -46,8 +46,8 @@ const TransactionDetails = ({ transaction }) => {
               Name:
             </Typography>
             <Typography variant="pi" textColor="neutral800">
-              {transaction.raw_request?.firstname}{" "}
-              {transaction.raw_request?.lastname}
+              {(transaction.raw_request?.firstname || transaction?.body?.raw_request?.firstname)}{" "}
+              {(transaction.raw_request?.lastname || transaction?.body?.raw_request?.lastname)}
             </Typography>
           </Flex>
           <Flex gap={3}>
@@ -55,7 +55,7 @@ const TransactionDetails = ({ transaction }) => {
               Email:
             </Typography>
             <Typography variant="pi" textColor="neutral800">
-              {transaction.raw_request?.email || "N/A"}
+              {(transaction.raw_request?.email || transaction?.body?.raw_request?.email) || "N/A"}
             </Typography>
           </Flex>
           <Flex gap={3}>
@@ -63,7 +63,7 @@ const TransactionDetails = ({ transaction }) => {
               Phone:
             </Typography>
             <Typography variant="pi" textColor="neutral800">
-              {transaction.raw_request?.telephonenumber || "N/A"}
+              {(transaction.raw_request?.telephonenumber || transaction?.body?.raw_request?.telephonenumber) || "N/A"}
             </Typography>
           </Flex>
           <Flex gap={3}>
@@ -71,8 +71,8 @@ const TransactionDetails = ({ transaction }) => {
               Address:
             </Typography>
             <Typography variant="pi" textColor="neutral800">
-              {transaction.raw_request?.street}, {transaction.raw_request?.zip}{" "}
-              {transaction.raw_request?.city}
+              {(transaction.raw_request?.street || transaction?.body?.raw_request?.street)}, {(transaction.raw_request?.zip || transaction?.body?.raw_request?.zip)}{" "}
+              {(transaction.raw_request?.city || transaction?.body?.raw_request?.city)}
             </Typography>
           </Flex>
         </Flex>
@@ -90,7 +90,7 @@ const TransactionDetails = ({ transaction }) => {
               TX ID:
             </Typography>
             <Typography variant="pi" textColor="neutral800">
-              {transaction.txid || "N/A"}
+              {(transaction.txid || transaction?.body?.txid) || "N/A"}
             </Typography>
           </Flex>
           {transaction.raw_request?.clearingtype === "cc" && (
@@ -104,7 +104,7 @@ const TransactionDetails = ({ transaction }) => {
                   Card Type:
                 </Typography>
                 <Typography variant="pi" textColor="neutral800">
-                  {getCardTypeName(transaction.raw_request?.cardtype)}
+                  {getCardTypeName(transaction.raw_request?.cardtype || transaction?.body?.raw_request?.cardtype)}
                 </Typography>
               </Flex>
               <Flex gap={3}>
@@ -117,7 +117,7 @@ const TransactionDetails = ({ transaction }) => {
                 </Typography>
                 <Typography variant="pi" textColor="neutral800">
                   **** **** ****{" "}
-                  {transaction.raw_request?.cardpan?.slice(-4) || "****"}
+                  {(transaction.raw_request?.cardpan || transaction?.body?.raw_request?.cardpan)?.slice(-4) || "****"}
                 </Typography>
               </Flex>
             </>
@@ -127,7 +127,7 @@ const TransactionDetails = ({ transaction }) => {
               Mode:
             </Typography>
             <Typography variant="pi" textColor="neutral800">
-              {transaction.raw_request?.mode || "N/A"}
+              {(transaction.raw_request?.mode || transaction?.body?.raw_request?.mode) || "N/A"}
             </Typography>
           </Flex>
         </Flex>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-payone-provider",
-  "version": "4.6.13",
+  "version": "4.6.15",
   "description": "Strapi plugin for Payone payment gateway integration",
   "license": "MIT",
   "maintainers": [
@@ -10,10 +10,10 @@
     }
   ],
   "dependencies": {
+    "@uiw/react-json-view": "^2.0.0-alpha.40",
     "apple-pay-button": "^1.2.1",
     "axios": "^1.6.3",
-    "prop-types": "^15.7.2",
-    "@uiw/react-json-view": "^2.0.0-alpha.40"
+    "prop-types": "^15.7.2"
   },
   "devDependencies": {
     "react": "^18.2.0",
@@ -48,4 +48,4 @@
     "kind": "plugin",
     "displayName": "Strapi Payone Provider"
   }
-}
+}

package/server/controllers/payone.js CHANGED Viewed

@@ -258,14 +258,16 @@ module.exports = ({ strapi }) => ({
   async handleTransactionStatus(ctx) {
     try {
-      if (!ctx.state.payoneAllowed) {
-        console.log("[Payone] Notification ignored (policy failed)");
-      } else {
+      if (ctx.state.payoneAllowed) {
         const notificationData = ctx.request.body || {};
         await getPayoneService(strapi).processTransactionStatus(notificationData);
+      } else {
+        console.warn("[Payone] Notification blocked by policy", {
+          ip: ctx.request.ip,
+        });
       }
     } catch (error) {
-      console.log("[Payone TransactionStatus] Error:", error);
+      strapi.log.error("[Payone TransactionStatus] Error:", error);
     }
     ctx.status = 200;

package/server/policies/is-payone-notification.js CHANGED Viewed

@@ -1,20 +1,46 @@
 module.exports = async (ctx) => {
-  const { request } = ctx;
+  const userAgent = ctx.request.headers["user-agent"] || "";
-  const userAgent = request.headers["user-agent"] || "";
+  // Forwarded header parsing
+  const rawForwarded = ctx.request.headers["x-forwarded-for"];
+  const forwardedIp = rawForwarded?.split(",")[0]?.trim();
+  const xRealIp = ctx.request.headers["x-real-ip"]?.trim();
+  // Custom nginx header
+  const payoneHeaderIp = ctx.request.headers["x-payone-client-ip"]?.trim();
+  // Final client IP resolution priority
   const clientIp =
-    request.headers["x-payone-client-ip"]?.trim() ||
-    request.headers["x-forwarded-for"]?.split(",")[0]?.trim() ||
-    request.ip ||
+    payoneHeaderIp ||
+    forwardedIp ||
+    xRealIp ||
+    ctx.request.ip ||
     "";
-  const isValid = userAgent === "PAYONE FinanceGate" && (clientIp.startsWith("185.60.20.") || clientIp === "54.246.203.105");
+  // ===== Allowed IPs =====
+  const allowedExactIps = [
+    "54.246.203.105",
+  ];
+  const allowedIpRanges = [
+    /^185\.60\.20\.\d+$/,   // 185.60.20.0 - 185.60.20.255
+  ];
+  const isIpAllowed =
+    allowedExactIps.includes(clientIp) ||
+    allowedIpRanges.some((regex) => regex.test(clientIp));
+  const isUserAgentValid = userAgent === "PAYONE FinanceGate";
+  const isValid = isIpAllowed && isUserAgentValid;
   ctx.state.payoneAllowed = isValid;
   if (!isValid) {
-    console.log("[Payone] Policy failed", { userAgent, clientIp });
+    console.warn("[Payone] Policy failed", {
+      userAgent,
+      clientIp,
+    });
   }
   return true;
-};
+};