Skip to main content
The official OwnPay Laravel SDK provides a clean, fluent interface for integrating payments into your Laravel application. It handles authentication, retries, webhook verification, and error handling out of the box.

Packagist

Install via Composer from Packagist.

GitHub

View source code, report bugs, or contribute.

Prerequisites

  • PHP 8.3 or higher
  • Laravel 11.x, 12.x, or 13.x
  • An OwnPay API key from Admin > Developer Hub

Installation

1
Install the package
The package automatically registers its service provider and facade.
2
Publish the configuration
This creates config/ownpay.php in your application.
3
Publish migrations (optional)If you want to log webhooks to a database table:
4
Add environment variablesAdd these to your .env file:

Configuration

All options in config/ownpay.php:

Creating payments

Use the OwnPay facade or inject OwnPayClient directly.

Payment flow

A typical checkout flow looks like this:

Full example

Retrieving payment status

Webhook handling

Route setup

The package registers a webhook route at /webhooks/ownpay automatically. You can customize it:
The VerifyWebhookSignature middleware validates the HMAC-SHA256 signature on every incoming webhook. No manual verification is needed.

Listening for events

Register an event listener in your EventServiceProvider:

Example listener

Transaction management

Refunds

Customer management

API key management

Value objects

The SDK uses type-safe value objects instead of raw arrays.

Money

Status enums

Error handling

The SDK provides a structured exception hierarchy:

Artisan commands

The SDK ships with CLI commands for testing and debugging:

Testing

Mocking HTTP calls

Verifying webhooks in tests

Security best practices

Never commit API keys to version control. Always use environment variables.
  1. Store API keys in .env, not in config/ownpay.php directly
  2. Use HTTPS for all API communication
  3. The SDK verifies webhook signatures automatically via the VerifyWebhookSignature middleware
  4. API keys are stored with the #[\SensitiveParameter] attribute - they are never logged or exposed in error messages
  5. Implement idempotency for critical payment operations
  6. Log all payment events for audit trail

API reference

Last modified on July 16, 2026