OwnPay v0.1.0 - Initial Public Release 🚀
We are proud to announce the initial public release of OwnPay, a self-hosted, enterprise-grade, open-source payment gateway platform built on PHP 8.3+ and designed to put businesses in full control of their payment stack.
Unlike multi-tenant SaaS platforms, OwnPay is operated by a single owner, serving multiple isolated brands (stores) under their own custom domains. Each brand enjoys distinct gateways, custom ledger configurations, and a unique customer checkout identity.
🏛️ Major Highlights & Features
1. Multi-Brand Architecture & Custom Domains
- Scoped Brand Context: Isolation at the database query layer via the
TenantScopetrait. A single super-administrator manages multiple brands (op_merchants) with zero cross-contamination. - White-Label Custom Domains:
DomainMiddlewareresolves custom domains for checkouts, automatically routing payments to the appropriate brand while keeping/admin/*interfaces restricted to the master domain. - Cascading Settings: Settings dynamically resolve from a brand-specific override, falling back to global system-wide defaults.
2. 123 Bundled Payment Gateways 💳
We include 123 built-in payment gateway integrations out of the box, categorized for global reach:
- Southeast Asia: bKash API, Nagad Merchant API, SSLCommerz, Rocket, GCash, Maya, Touch 'n Go, GrabPay, PromptPay, QRIS, and more.
- South Asia: Razorpay, Cashfree, Instamojo, PayTM, EasyPaisa, JazzCash.
- Latin America: MercadoPago, Pix, PagSeguro, EBANX, dLocal.
- Africa: M-Pesa, MTN MoMo, Flutterwave, Paystack, Orange Money.
- Europe & Global: Stripe, PayPal Checkout, Adyen, Braintree, Klarna, Mollie, Authorize.Net, Square.
- Cryptocurrency: Binance Pay, BitPay, BTCPay Server, Coinbase Commerce, OpenNode, NowPayments.
- Plus a robust Manual (Offline) Gateway System allowing brands to display customized bank transfer instructions, manual payment details, and QR codes.
3. GAAP-Compliant Double-Entry Ledger Engine 📈
- Double-Entry Accounting: Full bookkeeping journal (
op_ledger_accounts,op_ledger_transactions,op_ledger_entries) that validates and maintains balance constraints at the database level. - Atomic Refunds & Multi-Currency Processing: Safe transaction posting secured by mutexes, enabling seamless conversions and ledger entries across different base currencies.
4. Companion Mobile App & SMS Verification Engine 📱
- SMS-to-Payment Confirmation: Connects securely with the OwnPay Console Android app.
- Automated Offline Matching: An SMS verification job parses incoming bank/MFS text messages, matching transaction IDs or amounts/timeframes to pending invoices for instant checkout confirmation.
- Secure Device Auth: JWT-based API access for companion devices, featuring automatic key rotation and instant device revocation.
5. Guided Web Installer Wizard 🧙♂️
- Step-by-Step Installation: Automatic check for directory permissions, database connectivity, table schema creation, default brand generation, and
.envconfiguration. - Fail-Safe Design: Completely database-independent setup wizard ensuring a smooth first-time deployment.
6. Enterprise-Grade Security
- Argon2id & TOTP 2FA: Industry-standard password hashing and built-in two-factor authentication.
- Advanced Middleware Stack: Injects CSRF tokens, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and dynamic Content Security Policies (CSP) tailored only to the active payment gateways.
- Parameterized SQL Queries: 100% protection against SQL injections.
- Plugin Sandbox: Scans third-party plugin scripts on load to block dangerous PHP calls (
eval,exec,system, etc.).
7. Developer APIs & Webhooks
- API Integration: Full OpenAPI 3.1.1 specification (
docs/v2/api/openapi.yaml) with public interactive API documentation. - Merchant & Inbound Webhooks: Webhook delivery retry queue to notify external platforms (like WHMCS, WooCommerce, or custom platforms) of payment states.
🚀 Getting Started
To install OwnPay on your server, ensure you meet the following requirements:
Prerequisites
- PHP: 8.3 or higher with extensions (
pdo_mysql,openssl,bcmath,mbstring,curl,gd,zip). - Database: MySQL 8.0+ or MariaDB 10.5+.
- Web Server: Nginx or Apache with URL rewriting enabled.
Installation
- Clone the repository to your server's web root:
git clone https://github.com/own-pay/ownpay.git .