Liontech Laravel Laravel Package

Technical Evaluation

Architecture Fit

• Updated API Endpoint Alignment: The migration to fusionpayments.io domain (as seen in #22) reflects LionTech’s rebranding or infrastructure changes. This aligns with the package’s goal of abstracting SDK complexity but introduces a critical dependency on external domain ownership. The facade and DI architecture remain intact, but the change may require:
  • Validation of DNS/SSL: Ensure fusionpayments.io is properly resolved and HTTPS endpoints are secure (e.g., no mixed-content warnings).
  • Config Override Support: The package should allow users to revert to legacy domains via config/liontech.php (e.g., api_url override) for backward compatibility during transition periods.
• Unified API Layer: Still encapsulates LionTech’s SDK, but the domain shift may necessitate updated SDK version checks (e.g., does nokimaro/liontech-php-sdk v2.x+ support fusionpayments.io?).
• Webhook Security: Unchanged, but verify if LionTech’s webhook endpoints now use fusionpayments.io (requires updating webhook_url in config).
• Configuration Management: The .env/config/liontech.php system remains robust, but users must now account for the new domain in:
  • API base URLs (e.g., LIONTECH_API_URL=https://fusionpayments.io).
  • Webhook verification (if LionTech’s signature algorithm or endpoint path changed).

Integration Feasibility

• Laravel 11–13 Compatibility: Unaffected by the domain change, but test thoroughly if LionTech’s SDK now enforces stricter TLS/host validation (e.g., HSTS).
• Auto-Discovery: Still eliminates manual setup, but users must:
  • Update .env to reflect fusionpayments.io (e.g., LIONTECH_API_URL).
  • Republish config if using config:publish:

    php artisan config:publish liontech-laravel --tag=config --force
    

• SDK Wrapping: Higher risk now—confirm nokimaro/liontech-php-sdk v2.x+ supports fusionpayments.io. If not, the package may break until the SDK is updated.
• Testing: The release notes lack test coverage details, but regression tests for API endpoints are critical. Use Laravel’s HttpTests to verify:
  • Domain redirects (if LionTech uses 301 redirects from old to new domain).
  • Webhook signature validation with fusionpayments.io as the source.

Technical Risk

• Domain Migration Risks:
  • Downtime: If LionTech’s old domain (liontech.com) is deprecated, ensure the package handles 410 Gone or 301 redirects gracefully.
  • SSL/TLS: Verify the new domain’s certificate chain (e.g., no expired intermediates).
  • Rate Limiting: LionTech may enforce new rate limits on fusionpayments.io; test under load.
• Unofficial Package: Risks remain (deprecation, SDK drift), but the domain change increases urgency to:
  • Monitor LionTech’s official channels for Laravel-native SDKs.
  • Fork the package if maintenance stalls post-migration.
• Webhook Reliability: If LionTech changed webhook endpoint paths (e.g., /v1/webhooks → /api/v2/events), the package’s verification logic may fail silently.
• RSA Encryption: No changes mentioned, but revalidate key exchange if LionTech’s webhook docs now reference fusionpayments.io endpoints.
• Performance: Unchanged, but log DNS resolution times for fusionpayments.io to detect latency spikes.

Key Questions

1. Domain Migration Impact:
   • Does nokimaro/liontech-php-sdk v2.x+ support fusionpayments.io? If not, what’s the ETA for an update?
   • Are there intermediate steps (e.g., dual-domain support) during LionTech’s transition?
2. Configuration Flexibility:
   • Can users override the API/webhook domain via config/liontech.php (e.g., api_url and webhook_url keys)?
   • Does the package support environment-specific domains (e.g., staging.fusionpayments.io)?
3. Webhook Validation:
   • Has LionTech’s webhook signature algorithm or endpoint path changed? If so, does the package update verification logic?
4. Testing Requirements:
   • Are there new test cases for fusionpayments.io in the package’s CI? If not, how will users verify compatibility?
5. Deprecation Timeline:
   • When will LionTech deprecate the old domain (liontech.com)? Does the package warn users before breaking changes?
6. PCI Compliance:
   • Does fusionpayments.io meet PCI-DSS requirements for card data handling? (Verify LionTech’s compliance docs.)
7. Fallback Mechanism:
   • If the domain migration fails, can the package fall back to the old domain temporarily?

Integration Approach

Stack Fit

• Laravel Ecosystem: Still fully compatible, but add domain validation middleware to:
  • Check DNS resolution of fusionpayments.io on app boot (e.g., using Illuminate\Support\Facades\URL).
  • Log warnings if the domain is unreachable (e.g., via Laravel Log).
• PHP 8.3+ Features: Unchanged, but add runtime checks for:
  • openssl extension (critical for RSA).
  • curl version (if LionTech’s SDK uses modern HTTP/2 features).
• Testing: Update test suites to:
  • Mock fusionpayments.io responses (e.g., using Http::fake()).
  • Test webhook signatures with the new domain as the source.

Migration Path

1. Prerequisites (Updated):
   • DNS Check: Verify fusionpayments.io resolves correctly in your infrastructure.
   • SDK Version: Ensure nokimaro/liontech-php-sdk is v2.x+ (check composer.json).
   • Config Backup: Save current config/liontech.php before updating.
2. Installation:

   composer require nokimaro/liontech-laravel:nokimaro/liontech-php-sdk@^2.0
   php artisan config:publish liontech-laravel --tag=config --force
   

3. Configuration Updates:
   • Update .env:

     LIONTECH_API_URL=https://fusionpayments.io
     LIONTECH_WEBHOOK_URL=https://fusionpayments.io/api/v2/webhooks
     

   • Override config/liontech.php if needed:

     'api' => [
         'url' => env('LIONTECH_API_URL', 'https://fusionpayments.io'),
         'timeout' => 30,
     ],
     

4. Facade/Service Integration:
   • Test All API Calls: Verify transactions, refunds, and webhooks work with the new domain.
   • Example:

     $transaction = LionTech::transaction()->create([
         'amount' => 1000,
         'currency' => 'USD',
     ]);
     // Add error handling for domain-related failures (e.g., DNS, SSL).
     

5. Webhook Setup:
   • Update webhook endpoint to handle fusionpayments.io:

     public function handleWebhook(Request $request) {
         if (!LionTech::verifyWebhook($request, 'fusionpayments.io')) {
             abort(403, 'Invalid signature or domain');
         }
         // Process event
     }
     

6. Testing:
   • Domain-Specific Tests:
     • Simulate DNS failures (e.g., using laravel-mockhttp).
     • Test webhook signatures with fusionpayments.io as the Host header.
   • Regression Tests: Ensure old domain (liontech.com) is rejected if deprecated.

Compatibility

• Laravel Versions: Still 11–13, but add a runtime check for PHP 8.3+ (e.g., using phpversion()).
• PHP Extensions: Critical to validate openssl and curl at boot (e.g., via AppServiceProvider).
• Database: No changes, but audit transaction logs for domain-related errors.
• Third-Party: Conflict risk if another package overrides LionTech facade or LionTech’s SDK bindings.

Sequencing

1. Phase 1: Pre-Migration Checks (1 week):
   • Validate fusionpayments.io DNS/SSL.
   • Update SDK to v2.x+ and test locally.
2. Phase 2: Config Update (1 day):
   • Deploy new .env and config/liontech.php.
   • Monitor logs for domain-related errors. 3