PHPackages tapbuy/checkout-graphql - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. tapbuy/checkout-graphql ActiveMagento2-module[API Development](/categories/api) tapbuy/checkout-graphql ======================= Tapbuy checkout module for Magento 2 GraphQL 1.9.0(2mo ago)0478↓33.3%OSL-3.0PHPPHP ^7.4 || ^8.1CI passing Since Jul 16Pushed 1mo ago1 watchersCompare [ Source](https://github.com/tapbuy/tapbuy-checkout-graphql)[ Packagist](https://packagist.org/packages/tapbuy/checkout-graphql)[ RSS](/packages/tapbuy-checkout-graphql/feed)WikiDiscussions develop Synced 1mo ago READMEChangelogDependencies (16)Versions (18)Used By (0) Tapbuy CheckoutGraphql Module ============================= [](#tapbuy-checkoutgraphql-module) A Magento 2 GraphQL extension that provides enhanced checkout functionality with token-based authorization for secure access to customer, order, and payment data. Overview -------- [](#overview) The Tapbuy CheckoutGraphql module extends Magento 2's native GraphQL API with additional resolvers and functionality specifically designed for checkout processes. It includes robust token-based authorization to ensure secure access to sensitive data. Features -------- [](#features) ### GraphQL Queries [](#graphql-queries) - **Customer Search**: Search for customers by email address - **Order Retrieval**: Get order details by order number (including guest orders) - **Enhanced Customer Data**: Additional customer fields with custom resolvers ### GraphQL Mutations [](#graphql-mutations) - **Order Assignment**: Assign a previously guest order to an existing customer account - **Cart Unlock**: Reactivate a locked cart and reset its associated order status - **Cart Deactivation**: Disable an active cart to prevent further checkout actions ### GraphQL Types [](#graphql-types) - **Customer Extensions**: Additional customer fields like `tapbuy_customer_id` - **Order Extensions**: Enhanced order data including custom shipping assignments and state information - **Payment Method Extensions**: Detailed payment information including additional data - **Address Extensions**: Extended address information with entity IDs ### Security [](#security) - **Token-based Authorization**: Secure API access using OAuth tokens - **Integration Permissions**: Granular permission checking based on integration settings - **Resource-based Access Control**: Different permission levels for different operations Installation ------------ [](#installation) 1. Copy the module to your Magento installation: ``` cp -r Tapbuy/CheckoutGraphql app/code/Tapbuy/ ``` 2. Enable the module: ``` php bin/magento module:enable Tapbuy_CheckoutGraphql ``` 3. Run setup upgrade: ``` php bin/magento setup:upgrade ``` 4. Compile DI: ``` php bin/magento setup:di:compile ``` 5. Clear cache: ``` php bin/magento cache:flush ``` Configuration ------------- [](#configuration) ### Token Authorization Setup [](#token-authorization-setup) 1. **Create Integration**: Go to System → Extensions → Integrations in Magento Admin 2. **Configure Permissions**: Assign appropriate permissions: - `Magento_Customer::customer` - For customer operations - `Magento_Sales::actions_view` - For order operations 3. **Generate Tokens**: Activate the integration to generate access tokens ### Required Permissions [](#required-permissions) The module requires the following ACL resources: - `Magento_Customer::customer` - Customer data access - `Magento_Sales::actions_view` - Order data access - `Magento_Backend::admin` or `Magento_Backend::all` - Full admin access (alternative) Usage ----- [](#usage) ### Authentication [](#authentication) All GraphQL queries require a Bearer token in the Authorization header: ``` Authorization: Bearer YOUR_ACCESS_TOKEN ``` ### GraphQL Queries [](#graphql-queries-1) #### Search Customer by Email [](#search-customer-by-email) ``` query { tapbuyCustomerSearch(email: "customer@example.com") { id email firstname lastname tapbuy_customer_id } } ``` #### Get Order by Number [](#get-order-by-number) ``` query { tapbuyGetOrder(order_number: "000000123") { id number status tapbuy_state tapbuy_items { id product_name quantity_ordered } tapbuy_shipping_assignments { method items { item_id product_id } address { tapbuy_entity_id } } payment_methods { name type tapbuy_additional_information { guest_email cc_type method_title _3d_active result_code psp_reference additional_data { issuer_country card_bin card_holder_name card_summary payment_method } } tapbuy_amount_ordered } } } ``` > Takes `order_number` or `order_id` ### GraphQL Mutations [](#graphql-mutations-1) #### Assign Guest Order to Customer [](#assign-guest-order-to-customer) ``` mutation { tapbuyOrderAssignCustomer(order_id: "000000123", customer_id: 42, order_identifier_type: "increment_id") { success order { id number customer_email tapbuy_state } } } ``` > `order_id` accepts either the order entity ID or its increment ID. Use `order_identifier_type` (`auto`, `entity_id`, or `increment_id`) to disambiguate when necessary. The order email must match the customer's email address before assignment. #### Unlock Cart [](#unlock-cart) ``` mutation { tapbuyUnlockCart(cart_id: "ajed83Hs", unlock_reason: "cancel") { cart { id is_active } } } ``` > Supply either a masked or numeric cart ID; `unlock_reason` is optional and impacts the resulting order status. #### Deactivate Cart [](#deactivate-cart) ``` mutation { tapbuyDeactivateCart(cart_id: "ajed83Hs") { cart { id is_active } } } ``` ### Payment Method Integration [](#payment-method-integration) The module includes a plugin for `SetPaymentMethodOnCart` that handles additional Tapbuy payment information: ``` mutation { setPaymentMethodOnCart(input: { cart_id: "CART_ID" payment_method: { code: "tapbuy_payment" tapbuy_additional_information: { accept_url: "https://example.com/success" pending_url: "https://example.com/pending" cancel_url: "https://example.com/cancel" exception_url: "https://example.com/error" } } }) { cart { selected_payment_method { code } } } } ``` Architecture ------------ [](#architecture) ### Authorization Flow [](#authorization-flow) 1. **Token Extraction**: Extract Bearer token from Authorization header 2. **Token Validation**: Validate token against Magento's OAuth system 3. **Integration Check**: Verify integration status and permissions 4. **Resource Authorization**: Check specific ACL resource permissions 5. **Data Access**: Allow or deny access based on authorization results ### File Structure [](#file-structure) ``` Tapbuy/CheckoutGraphql/ ├── composer.json ├── registration.php ├── etc/ │ ├── di.xml # Dependency injection configuration │ ├── module.xml # Module declaration │ └── schema.graphqls # GraphQL schema definitions ├── Model/ │ ├── Authorization/ │ │ └── TokenAuthorization.php # Token-based authorization logic │ ├── Resolver/ │ │ ├── Customer.php # Customer field resolver │ │ ├── CustomerSearch.php # Customer search resolver │ │ ├── GetOrder.php # Order retrieval resolver │ │ ├── GetOrderItems.php # Order items resolver │ │ ├── OrderAssignCustomer.php # Guest order assignment resolver │ │ ├── OrderAddress.php # Order address resolver │ │ └── OrderPaymentMethod.php # Payment method resolver │ ├── OrderDataFormatter.php # Shared formatter for enhanced order payloads │ └── OrderLocator.php # Helper to locate orders by ID or increment ID └── Plugin/ └── SetPaymentMethodOnCartPlugin.php # Payment method plugin ``` Error Handling -------------- [](#error-handling) The module provides comprehensive error handling: - **Authorization Errors**: Clear messages for token and permission issues - **Validation Errors**: Input validation with descriptive error messages - **Not Found Errors**: Appropriate responses for missing entities - **Logging**: Error logging for debugging purposes Security Considerations ----------------------- [](#security-considerations) - **Token Validation**: All requests validate OAuth tokens - **Permission Checking**: Granular ACL resource checking - **Input Sanitization**: Proper validation of all input parameters - **Error Disclosure**: Minimal error information disclosure Development ----------- [](#development) ### Adding New Resolvers [](#adding-new-resolvers) 1. Create resolver class in `Model/Resolver/` 2. Implement `ResolverInterface` 3. Add authorization check using `TokenAuthorization` 4. Register in `etc/di.xml` 5. Define schema in `etc/schema.graphqls` ### Extending Authorization [](#extending-authorization) The `TokenAuthorization` class can be extended to support additional authorization mechanisms or custom permission logic. Troubleshooting --------------- [](#troubleshooting) ### Common Issues [](#common-issues) 1. **"Token is required" Error** - Ensure Authorization header is present - Verify Bearer token format 2. **"Invalid token" Error** - Check token validity in Magento Admin - Regenerate integration tokens if needed 3. **"You do not have permission" Error** - Verify integration permissions - Check ACL resource assignments 4. **"Order not found" Error** - Verify order number exists Development ----------- [](#development-1) ### Running Tests [](#running-tests) Tests run inside a Docker container that replicates the CI environment (PHP 8.3, Magento 2.4.7-p5). Docker must be running. **Prerequisites:** clone the following sibling repository next to this one: ``` # From the parent directory git clone git@github.com:tapbuy/magento-redirect-plugin.git redirect-tracking ``` **First-time setup:** ``` cp auth.json.dist auth.json # Fill in your repo.magento.com public/private keys in auth.json ``` **Run all unit tests:** ``` make test ``` On the first run, the Docker image is built and Magento is installed into a named volume (`tapbuy-magento-2.4.7-p5-php83`). Subsequent runs reuse the cached volume and are fast. > Do not use `composer test` — it runs PHPUnit without the Magento bootstrap and will fail or produce misleading results. ### Linting [](#linting) Linting runs PHPMD and PHPCS (Magento2 standard) inside the same Docker container as tests. Docker must be running. **Run both linters:** ``` make lint ``` **Run individually:** ``` make phpmd # PHP Mess Detector make phpcs # PHP CodeSniffer (Magento2 standard) ``` Both linters always run when using `make lint`; if either fails, the command exits with a non-zero code. - Check order visibility settings ### Health Score 45 — FairBetter than 93% of packages Maintenance88 Actively maintained with recent releases Popularity17 Limited adoption so far Community8 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~16 days Total 16 Last Release 68d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0740544e5d3c7a2192d15c1cca624832e271924f3b7135183a5815216c28560b?d=identicon)[jerome-tapbuy](/maintainers/jerome-tapbuy) ![](https://www.gravatar.com/avatar/f193163becacc7142aebf5cdcddf3c47d3c66c9476e2cbcc53e38ffb46b3561f?d=identicon)[valentin\_tapbuy](/maintainers/valentin_tapbuy) --- Top Contributors [![ValentinCreative](https://avatars.githubusercontent.com/u/1830588?v=4)](https://github.com/ValentinCreative "ValentinCreative (153 commits)") ### Embed Badge ![Health badge](/badges/tapbuy-checkout-graphql/health.svg) ``` [![Health](https://phpackages.com/badges/tapbuy-checkout-graphql/health.svg)](https://phpackages.com/packages/tapbuy-checkout-graphql) ``` ### Alternatives [mollie/magento2 Mollie Payment Module for Magento 2 1121.6M10](/packages/mollie-magento2)[dotdigital/dotdigital-magento2-extension Dotdigital for Magento 2 50374.2k18](/packages/dotdigital-dotdigital-magento2-extension)[subscribepro/subscribepro-magento2-ext Subscribe Pro Magento 2 Integration Extension 24157.3k](/packages/subscribepro-subscribepro-magento2-ext)[xcoreplatform/xcore-magento2 This module extends the rest api of Magento2 and is needed for the usage of the xCore. 1330.0k2](/packages/xcoreplatform-xcore-magento2)[o2ti/sigep-web-carrier O2TI - Sigep Web Carrier 141.5k](/packages/o2ti-sigep-web-carrier) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)