Paymora Payment Gateway – Complete Integration Guide

This documentation explains everything required to integrate Paymora Payment Gateway into any website, software, or mobile app, using any programming language.

Golden Rule:
Payment success is confirmed ONLY via webhook.
Redirect URLs are UI-only and must NEVER update database records.

1. Prerequisites

Public HTTPS backend server
Database (orders, payments, balance)
Webhook endpoint reachable from internet
Secure storage for secrets

2. Credentials Provided by Paymora

client_id
webhook_secret
webhook_url (your backend)
Authorized domain

Never expose webhook_secret in frontend or client-side JavaScript.

3. Hosted Payment Page

Redirect user to the following URL to start payment:

https://pay.winx99.space/gateway/pay.php

Required Parameters

client_id
order_id (unique, backend-generated)
amount (final payable amount)
success_url (UI only)
fail_url (UI only)

Do NOT call this URL using AJAX. Always redirect the browser.

4. Payment Lifecycle (CRITICAL)

Create order in database
Calculate final payable amount
Save payable_amount
Generate unique order_id
Redirect user to Paymora
User completes payment
Paymora sends webhook
Verify webhook signature
Read paid amount from webhook
Save txn_id
Mark order as paid
Credit user balance

5. Webhook Payload

{
  "txn_id": "TXN2609YsH01Hs54Y6d587F8D73a1JYuvC",
  "order_id": "ORDER_123456",
  "amount": 1500,
  "status": "approved"
}

The amount field is the FINAL APPROVED AMOUNT.
Use this value to update balance and records.

6. Webhook Security (MANDATORY)

Read RAW request body
Verify HMAC SHA256 signature
Header: X-Genext-Signature
Reject invalid signatures
Implement idempotency

7. Client Webhook Processing Logic

Receive webhook
Read RAW payload
Verify signature
Reject if invalid
Parse JSON
Process only approved status
Find order using order_id
Check already paid
Match webhook amount with DB
Save txn_id and paid_amount
Credit balance
Lock record
Return HTTP 200 OK

8. Discount Handling

Apply discount BEFORE payment
Send discounted amount to Paymora
Webhook amount already reflects discount

9. What NOT To Do

Do not update DB on success_url
Do not trust frontend data
Do not skip webhook verification

10. Supported Platforms

PHP, Node.js, Python, Java, .NET, Go, WordPress, Shopify (custom), React, Angular, Vue, Android, iOS, +all Languags.

11. AI PROMPT (DETAILED & FINAL)

You are a senior payment gateway integration engineer and security expert.

I want to integrate Paymora Payment Gateway into my system.

Payment URL:
https://pay.winx99.space/gateway/pay.php

Webhook:
POST https://mydomain.com/webhook/paymora

Webhook Payload:
{
  "txn_id": "string",
  "order_id": "string",
  "amount": number,
  "status": "approved | declined | expired"
}

Security Rules:
- Verify HMAC SHA256 signature using webhook_secret
- Header: X-Genext-Signature
- Use RAW payload
- Process ONLY approved payments
- Implement idempotency
- Never trust redirect URLs
- Never trust frontend amount

Flow Requirements:
1. Create order
2. Calculate final amount
3. Save payable_amount
4. Redirect user to Paymora
5. Receive webhook
6. Verify signature
7. Match amount
8. Save txn_id
9. Save paid_amount
10. Credit balance
11. Lock record

Explain end-to-end integration.
Provide code examples.
Highlight common mistakes.
Do not simplify security.