FEATURES

BILLING & M-PESA

wolfXcore uses Paystack to process M-Pesa STK push payments in Kenyan Shillings (KES). Users pay directly from their mobile wallet — no card needed.

How it works

When a user selects a plan and enters their Safaricom number, the panel triggers a Paystack Charge API call with the mpesa channel. Paystack delivers an STK push prompt to the user's phone. Once the user approves on their phone, Paystack sends a webhook to the panel confirming payment, and the plan is activated.

Plan	Price	Badge
LIMITED	KES 50 / month	LIMITED
UNLIMITED	KES 100 / month	UNLIMITED

Paystack API keys

Keys are stored in the database settings table, not in .env. This allows live key rotation from the Super Admin panel without redeployment.

Setting key	Description
`paystack::secret_key`	Server-side secret key (starts with `sk_live_`)
`paystack::public_key`	Client-side public key (starts with `pk_live_`)
`paystack::currency`	Should be set to `KES`

⚠️

Live keys only. M-Pesa STK push is only available on Paystack live mode. Test mode will not trigger a real STK prompt. Switch to live keys in the Super Admin panel before going to production.

Setting keys via the Super Admin panel

Navigate to /admin/wxn-super/auth and authenticate.
Go to Payment Settings.
Enter your Paystack live secret key and public key.
Set currency to KES.
Save — keys are stored immediately in the DB settings table.

Setting keys via SQL (manual)

SQL

INSERT INTO settings (key, value) VALUES
  ('paystack::secret_key', 'sk_live_YOUR_KEY'),
  ('paystack::public_key',  'pk_live_YOUR_KEY'),
  ('paystack::currency',    'KES')
ON DUPLICATE KEY UPDATE value = VALUES(value);

Phone number normalisation

The billing controller normalises all phone inputs to the international +254XXXXXXXXX format before sending to Paystack. Accepted input formats:

07XXXXXXXX → +2547XXXXXXXX
01XXXXXXXX → +2541XXXXXXXX
2547XXXXXXXX → +2547XXXXXXXX
+2547XXXXXXXX → passed through unchanged

ℹ️

Safaricom numbers only. Paystack M-Pesa in Kenya supports Safaricom lines (07xx / 01xx prefixes). Airtel and other operators are not supported through this channel.

STK push overlay states

The billing UI (resources/views/billing/index.blade.php) shows an animated overlay while payment is being processed:

State	Description
Pending	STK push sent, waiting for user to approve on phone
Success	Payment confirmed by Paystack webhook
Failure	User cancelled or wrong PIN entered
Timeout	User did not respond within 60 seconds

Paystack webhook

Configure the webhook URL in your Paystack dashboard to point to:

Paystack webhook URL

https://panel.xwolf.space/billing/webhook

The webhook handler verifies the X-Paystack-Signature header using your secret key before processing any event.

Relevant source files

File	Purpose
`app/Http/Controllers/BillingController.php`	Payment initiation & webhook handler
`app/Services/PaystackService.php`	Paystack API wrapper (charge, verify)
`resources/views/billing/index.blade.php`	Billing UI with STK overlay

← Wings Setup Super Admin Panel →