Packagist
Install via Composer from Packagist.
GitHub
View source code, report bugs, or contribute.
Prerequisites
- PHP 8.3 or higher
- Laravel 11.x, 12.x, or 13.x
- An OwnPay API key from Admin > Developer Hub
Installation
1
Install the packageThe package automatically registers its service provider and facade.
2
Publish the configurationThis creates
config/ownpay.php in your application.3
Publish migrations (optional)If you want to log webhooks to a database table:
4
Add environment variablesAdd these to your
.env file:Configuration
All options inconfig/ownpay.php:
Creating payments
Use theOwnPay facade or inject OwnPayClient directly.
- Facade
- Dependency Injection
Payment flow
A typical checkout flow looks like this:Full example
Retrieving payment status
Webhook handling
Route setup
The package registers a webhook route at/webhooks/ownpay automatically. You can customize it:
The
VerifyWebhookSignature middleware validates the HMAC-SHA256 signature on every incoming webhook. No manual verification is needed.Listening for events
Register an event listener in yourEventServiceProvider:
Example listener
Transaction management
Refunds
Customer management
API key management
Value objects
The SDK uses type-safe value objects instead of raw arrays.Money
Status enums
Error handling
The SDK provides a structured exception hierarchy:Exception reference
Exception reference
Artisan commands
The SDK ships with CLI commands for testing and debugging:Testing
Mocking HTTP calls
Verifying webhooks in tests
Security best practices
- Store API keys in
.env, not inconfig/ownpay.phpdirectly - Use HTTPS for all API communication
- The SDK verifies webhook signatures automatically via the
VerifyWebhookSignaturemiddleware - API keys are stored with the
#[\SensitiveParameter]attribute - they are never logged or exposed in error messages - Implement idempotency for critical payment operations
- Log all payment events for audit trail