PHPackages cpr/laravel-cecabank - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Payment Processing](/categories/payments) 4. / 5. cpr/laravel-cecabank ActiveLibrary[Payment Processing](/categories/payments) cpr/laravel-cecabank ==================== Cecabank TPV integration for Laravel — models, signature engine, polymorphic payment transactions, events and webhook routes. Frontend-agnostic: ship your own Blade/Vue/React UI. v0.2.0(3w ago)10MITPHPPHP ^8.2CI passing Since May 14Pushed 3w agoCompare [ Source](https://github.com/christianpasinrey/laravel-cecabank)[ Packagist](https://packagist.org/packages/cpr/laravel-cecabank)[ RSS](/packages/cpr-laravel-cecabank/feed)WikiDiscussions main Synced 1w ago READMEChangelog (1)Dependencies (6)Versions (5)Used By (0) cpr/laravel-cecabank ==================== [](#cprlaravel-cecabank) [![Tests](https://github.com/christianpasinrey/laravel-cecabank/actions/workflows/tests.yml/badge.svg)](https://github.com/christianpasinrey/laravel-cecabank/actions/workflows/tests.yml) Cecabank TPV (Virtual POS) integration for Laravel — **frontend-agnostic**. The package ships the data model, signature engine, polymorphic transaction log, lifecycle events and public callback routes. Everything user-facing (admin CRUD, redirect page, sandbox UI) is the host's job: render it with Blade, Inertia + Vue, Livewire, React… the package only hands you DTOs. Security at a glance -------------------- [](#security-at-a-glance) - Server-to-server callback authenticated by Cecabank's SHA-256 signature, verified with `hash_equals`. - Browser return URLs authenticated by a TTL'd HMAC token bound to the operation number (`config('cecabank.return_token.ttl')`, default 30 min). - All state transitions run inside `DB::transaction { lockForUpdate; … }` — concurrent callbacks cannot double-fulfil. - `payable_type` / `payable_id` are intentionally NOT mass-assignable; use `PaymentTransaction::attachPayable($payable)`. - The provider refuses to boot if `cecabank.urls.{test,production}` aren't `https://` to a `.ceca.es` host. - The callback route lives OUTSIDE the `web` middleware group so CSRF can never reject a legitimate Cecabank confirmation. See `SECURITY-AUDIT.md` for the full third-party review and the patches that addressed it. Install ------- [](#install) ``` composer require cpr/laravel-cecabank php artisan vendor:publish --tag=cecabank-config php artisan migrate ``` Optionally: ``` php artisan vendor:publish --tag=cecabank-views # Blade auto-submit fallback php artisan vendor:publish --tag=cecabank-lang # Flash-message translations ``` Make your host model payable ---------------------------- [](#make-your-host-model-payable) ``` use Cpr\Cecabank\Contracts\Payable; use Cpr\Cecabank\Models\PaymentTransaction; class Order extends Model implements Payable { public function paymentAmount(): float { return (float) $this->total; } public function paymentReference(): string { return $this->order_number; } public function paymentDescription(): ?string { return "Order {$this->order_number}"; } public function isPayable(): bool { return $this->status === 'pending_payment'; } public function paymentSuccessRoute(): string { return 'orders.index'; } public function paymentFailureRoute(): string { return 'orders.index'; } public function paymentTransactions() { return $this->morphMany(PaymentTransaction::class, 'payable'); } } ``` Start a checkout ---------------- [](#start-a-checkout) `Cecabank::checkout()` persists a pending `PaymentTransaction` and returns a `CheckoutPayload` DTO with the fields and gateway URL. **You** decide how to render the redirect. ### With Inertia + Vue [](#with-inertia--vue) ``` use Cpr\Cecabank\Facades\Cecabank; public function pay(Order $order) { abort_unless($order->isPayable() && $this->ownsOrder($order), 403); $payload = Cecabank::checkout($order); return Inertia::render('Payment/Redirect', [ 'fields' => $payload->fields, 'gatewayUrl' => $payload->gatewayUrl, 'reference' => $order->paymentReference(), ]); } ``` ### With Blade (using the bundled view) [](#with-blade-using-the-bundled-view) ``` return view('cecabank::redirect', [ 'fields' => $payload->fields, 'action' => $payload->gatewayUrl, 'title' => 'Redirigiendo a la pasarela…', ]); ``` ### As JSON (SPA / API) [](#as-json-spa--api) ``` return response()->json($payload->toArray()); ``` React to payment lifecycle events --------------------------------- [](#react-to-payment-lifecycle-events) ``` use Cpr\Cecabank\Events\{PaymentCompleted, PaymentFailed, PaymentCanceled}; Event::listen(PaymentCompleted::class, function ($e) { $e->payable?->update(['status' => 'confirmed']); }); ``` Routes the package owns ----------------------- [](#routes-the-package-owns) NameVerbURIPurpose`cecabank.success`GET/POST`/payment/success`URL\_OK browser return — redirects to `Payable::paymentSuccessRoute()``cecabank.failure`GET/POST`/payment/failure`URL\_NOK browser return — redirects to `Payable::paymentFailureRoute()``cecabank.callback`POST`/payment/callback`Server-to-server confirmation — returns `$*$OKY$*$` / `$*$NOK$*$`URI prefix and middleware are configurable in `config/cecabank.php`. Admin CRUD & sandbox ------------------------ [](#admin-crud--sandbox) Out of scope for this package. You own the gateway CRUD UI; use `Cpr\Cecabank\Models\PaymentGateway` directly. For sandbox flows the package exposes: ``` $payload = Cecabank::sandboxCheckout($gateway, 1.00, 'demo', 'test'); $preview = Cecabank::previewSandboxSignature($gateway, 1.00, 'test'); $tx = Cecabank::reconcileSandboxReturn($operationNumber, $request->all(), success: true); ``` Wire your own admin sandbox return routes and point the package at them: ``` // config/cecabank.php 'sandbox_return_routes' => [ 'ok' => 'admin.cecabank.sandbox.return-ok', 'nok' => 'admin.cecabank.sandbox.return-nok', ], ``` Service API quick reference --------------------------- [](#service-api-quick-reference) All methods are exposed through the `Cecabank` facade (`Cpr\Cecabank\CecabankService`): ``` Cecabank::checkout($payable, ?$gateway = null): CheckoutPayload Cecabank::sandboxCheckout($gateway, $amount, ?$description = null, ?$environment = null): SandboxPayload Cecabank::previewSandboxSignature($gateway, $amount, ?$environment = null): array Cecabank::reconcileSandboxReturn($operationNumber, $params, $success): ?PaymentTransaction Cecabank::verifyCallbackSignature($params, $gateway, ?$environment = null): bool Cecabank::sanitizeResponse($params): array Cecabank::calculateSignature($data): string Cecabank::returnToken($operationNumber): string Cecabank::verifyReturnToken($operationNumber, $token): bool Cecabank::amountToCents($amount): string ``` Testing ------- [](#testing) ``` composer install vendor/bin/phpunit ``` ### Health Score 37 — LowBetter than 81% of packages Maintenance94 Actively maintained with recent releases Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 26d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/7e3fdf42ac2e1111ed8a0ae93b9c92131d42f571f5a8910fcb40a9bc879294f0?d=identicon)[christianpasinrey](/maintainers/christianpasinrey) --- Top Contributors [![christianpasinrey](https://avatars.githubusercontent.com/u/70205361?v=4)](https://github.com/christianpasinrey "christianpasinrey (4 commits)") --- Tags cecabankpaymentslaravelpaymentstpvcecacecabank ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/cpr-laravel-cecabank/health.svg) ``` [![Health](https://phpackages.com/badges/cpr-laravel-cecabank/health.svg)](https://phpackages.com/packages/cpr-laravel-cecabank) ``` ### Alternatives [psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[larastan/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 6.4k51.0M7.4k](/packages/larastan-larastan)[api-platform/laravel API Platform support for Laravel 59156.3k10](/packages/api-platform-laravel)[pressbooks/pressbooks Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS. 45344.0k1](/packages/pressbooks-pressbooks)[simplestats-io/laravel-client Analytics for Laravel. Track visitors, registrations, and payments. Discover which channels actually drive revenue, not just traffic. Server-side, GDPR compliant, ad-blocker proof. 5019.3k](/packages/simplestats-io-laravel-client)[calebdw/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 15104.9k4](/packages/calebdw-larastan) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)