Laravel est le framework PHP le plus populaire en 2026. Sa structure MVC claire, ses facades et son système de queues en font un excellent choix pour intégrer MonCash de manière robuste. Voici l'architecture recommandée.
Configuration .env et config
bash
# .env
MONCASH_SECRET_KEY=sk_proj_xxxxxxxxxxxxxxxxxxxxx
MONCASH_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxx
MONCASH_BASE_URL=https://hvlmeoqyxaguzcujpmit.supabase.co/functions/v1Créer le service MonCashConnect
php
<?php
// app/Services/MonCashService.php
namespace App\Services;
use Illuminate\Support\Facades\Http;
class MonCashService
{
private string $secretKey;
private string $baseUrl;
public function __construct()
{
$this->secretKey = config('services.moncash.secret_key');
$this->baseUrl = config('services.moncash.base_url');
}
public function createPayment(int $amount, string $orderId, string $description = ''): string
{
$response = Http::withToken($this->secretKey)
->post("{$this->baseUrl}/pay-create", [
'amount' => $amount,
'orderId' => $orderId,
'description' => $description ?: "Commande #{$orderId}",
'returnUrl' => route('payment.success'),
'cancelUrl' => route('payment.cancel'),
]);
$response->throw(); // Lance une exception si HTTP 4xx/5xx
return $response->json('paymentUrl');
}
public function verifySignature(string $rawBody, string $signature): bool
{
$secret = config('services.moncash.webhook_secret');
$expected = hash_hmac('sha256', $rawBody, $secret);
return hash_equals($expected, $signature);
}
}Controller de paiement
php
<?php
// app/Http/Controllers/PaymentController.php
namespace App\Http\Controllers;
use App\Services\MonCashService;
use Illuminate\Http\Request;
class PaymentController extends Controller
{
public function __construct(private MonCashService $moncash) {}
public function create(Request $request)
{
$request->validate([
'amount' => 'required|integer|min:100',
'order_id' => 'required|string|unique:orders,reference',
]);
$paymentUrl = $this->moncash->createPayment(
$request->amount,
$request->order_id
);
return redirect()->away($paymentUrl);
}
public function webhook(Request $request)
{
$rawBody = $request->getContent();
$sig = $request->header('X-MonCashConnect-Signature', '');
if (!$this->moncash->verifySignature($rawBody, $sig)) {
return response()->json(['error' => 'Signature invalide'], 401);
}
$event = $request->json()->all();
if ($event['type'] === 'payment.completed') {
$orderId = $event['data']['orderId'];
Order::where('reference', $orderId)->update(['status' => 'paid']);
}
return response()->json(['received' => true]);
}
}Routes et middleware
php
<?php
// routes/api.php
use App\Http\Controllers\PaymentController;
// Le webhook doit être exclu du CSRF — c'est une requête externe
Route::post('/webhook/moncash', [PaymentController::class, 'webhook'])
->name('webhook.moncash');
// routes/web.php
Route::post('/pay', [PaymentController::class, 'create'])->name('payment.create');
Route::get('/payment/success', fn() => view('payment.success'))->name('payment.success');
Route::get('/payment/cancel', fn() => view('payment.cancel'))->name('payment.cancel');Exclure le webhook du CSRF
php
<?php
// app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'api/webhook/moncash',
];Enregistrer le service dans le container
php
<?php
// config/services.php — ajouter dans le tableau
'moncash' => [
'secret_key' => env('MONCASH_SECRET_KEY'),
'webhook_secret' => env('MONCASH_WEBHOOK_SECRET'),
'base_url' => env('MONCASH_BASE_URL', 'https://hvlmeoqyxaguzcujpmit.supabase.co/functions/v1'),
],Ce service Laravel est prêt pour la production. Obtenez vos clés API MonCashConnect pour commencer à tester.
Obtenir mes clés API →