modules/ and register callbacks via the EventManager hook loop.
Plugin types
Gateway plugins
Add new payment methods (Stripe, bKash, bank transfer, crypto). Provides payment processing, settlement management, webhook handling, and refund logic.Addon plugins
Add features like advanced reporting, subscription management, inventory sync, CRM integration, or email customization. Provides admin pages, API endpoints, scheduled jobs, and UI components.Theme plugins
Customize the checkout experience with custom templates, CSS, JavaScript, and branding. Provides Twig templates, stylesheets, and asset management.Plugin lifecycle
- Discovery - Plugin loader scans
modules/directory - Registration - Plugin class loaded and registered
- Configuration - Config files read and validated
- Activation - Plugin hooks registered
- Runtime - Plugin responds to events
- Deactivation - Plugin hooks unregistered
Plugin structure
manifest.json
Hooks system
Pre-execution hooks (modify behavior):Events system
payment.*, customer.*, gateway.*, webhook.*, user.*, system.*.
Trust model
Plugin upload is restricted to the platform owner. Installed plugins run with full application trust through the PSR-11 container - the same model as WordPress. The real security boundary is owner-only upload, not in-process isolation. The footgun scanner blocks onlyeval and direct OS command execution. Ordinary PHP (reflection, callbacks, file I/O) is permitted.
Best practices
- Follow OwnPay coding standards
- Include tests and documentation
- Validate all input and escape output
- Use parameterized queries
- Respect permissions
- Store secrets in config
- Use caching and optimize queries
- Queue heavy tasks
Further reading
- Plugin overview - Build and register your first plugin
- Gateway development - Create a custom payment gateway adapter
- Theme development - Build custom checkout themes