Laqira Payments for WooCommerce

Laqira Payments is a secure, efficient, and Fully Decentralized Asset-Agnostic Multi-Network Payment Gateway for WooCommerce, enabling businesses to accept digital payments seamlessly with advanced blockchain technology. It offers enhanced flexibility and security, transparent financial statements, and in-app wallet features for users.

Key Features:

• Fully Decentralized: Uses blockchain for secure, anonymous transactions without third-party oversight.
• Asset-Agnostic: Allows payments in any origin asset and provides stablecoin in destination to providers, minimizing risk and maximizing stability.
• Multi-Network Support: Supports diverse network payments, with user options dependent on provider acceptance and configuration.
• Chainlink Price Feeds: Automatic exact amount detection and stablecoin depeg detection for vendor settlement.
• Security: Utilizes HttpOnly cookies for JWT authorization and employs robust input hardening and sanitization throughout.

How LaqiraPayments Works:

1. Provider Registration: Register on LaqiraPayments and receive a dedicated smart contract address (API key) where transparent financial records are carved.
2. Plugin Setup: Install the LaqiraPayments plugin, input your API key, and configure settings.
3. Customer Payment: Customers select the LaqiraPayments method, choose a network and cryptocurrency, connect their wallet, and complete the transaction.

External Services

This plugin connects to external services to complete wallet connections, read blockchain data, send blockchain transactions, load payment metadata, verify payment state, and open provider or explorer links. No external request is made merely by activating the plugin. After a merchant configures payment contract, wallet, RPC, or metadata settings, the plugin may contact configured or bundled payment/blockchain services during checkout/payment flows, scheduled cache refreshes, transaction verification, payment metadata loading, or when a user clicks an external link shown by the plugin.

1) Required Laqira runtime services
* What the service is used for: Laqira services are used for provider registration links, support/documentation links, Laqira Pay account or wallet pages, Laqira-hosted payment metadata, payment contract metadata, token/network metadata, and payment verification data when the merchant configures Laqira-hosted endpoints or Laqira Pay account flows.
* Domains that may be opened or requested: laqirapay.com, laqirahub.com.
* What data is sent and when: When an administrator or customer clicks a Laqira link, the browser sends normal HTTPS request data such as IP address, user agent, referrer, and any data included in the destination URL. When the merchant uses Laqira-hosted configuration or metadata endpoints, the browser or store server may send configured provider/payment metadata, payment contract identifiers, token/network identifiers, transaction hashes, wallet addresses where required for payment verification, and normal HTTPS request data.
* Required or optional: Required when the merchant uses Laqira provider registration, Laqira-hosted metadata, or Laqira Pay account/payment metadata flows; optional for support/documentation/account links.
* Terms of Service: https://laqira.io/terms-and-conditions
* Privacy Policy: https://laqira.io/privacy-policy

2) WalletConnect / Reown runtime services
* What the service is used for: These services power the wallet connection modal, wallet discovery, WalletConnect sessions, WalletConnect relay/RPC features, session verification, telemetry/status endpoints used by the wallet connection libraries, and wallet deep-link routing.
* Domains that may be requested by the generated checkout bundle or opened from the admin settings link: cloud.walletconnect.com, api.web3modal.org, rpc.walletconnect.org, relay.walletconnect.org, pulse.walletconnect.org, echo.walletconnect.com, verify.walletconnect.com, verify.walletconnect.org, secure.walletconnect.org, secure-mobile.walletconnect.com, secure-mobile.walletconnect.org, walletconnect.com, walletconnect.org, reown.com.
* What data is sent and when: When a customer opens the wallet modal, searches/selects a wallet, scans a QR code, connects a wallet, or signs/submits a blockchain transaction, the browser may send wallet connection metadata, project ID, selected chain/network, wallet address or session identifiers, relay messages, transaction/session metadata, and normal HTTPS/WebSocket request data such as IP address and user agent.
* Required or optional: Required for WalletConnect/Reown wallet connection flows; optional if the customer uses an injected wallet flow that does not require WalletConnect.
* Terms of Service: https://reown.com/terms-of-service
* Privacy Policy: https://reown.com/privacy-policy

3) Wallet application providers and wallet discovery/deep-link services
* What the service is used for: The bundled wallet connection libraries include support for wallet-specific discovery pages, mobile deep links, install links, and optional wallet-specific connection flows for providers such as MetaMask / Consensys, Rainbow, Safe, Coinbase Wallet, Phantom, Solflare, Trust Wallet, and other wallets exposed by the bundled wallet libraries.
* Domains that may be opened or requested depending on the wallet selected by the customer: metamask.io, metamask.app.link, metamask-sdk.api.cx.metamask.io, mm-sdk-analytics.api.cx.metamask.io, fwd.metamask.io, rainbow.me, rainbow.download, rnbwapp.com, enhanced-provider.rainbow.me, learn.rainbow.me, www.rainbowkit.com, app.safe.global, phantom.app, solflare.com, t.me, go.cb-w.com, meldcrypto.com, apps.apple.com, play.google.com, chrome.google.com, microsoftedge.microsoft.com, addons.mozilla.org, addons.opera.com, trustwallet.com.
* What data is sent and when: These requests occur when the wallet connection UI is loaded, when the customer chooses a supported wallet, opens a wallet deep link, follows an install link, or uses a wallet-specific connection flow. The browser may send wallet/app selection metadata, chain/network information, wallet connection/session identifiers, public wallet address where required by the selected wallet flow, and normal HTTPS request data such as IP address and user agent.
* Required or optional: Optional; the customer chooses the wallet provider.
* MetaMask / Consensys Terms of Service: https://consensys.io/terms-of-use
* MetaMask / Consensys Privacy Policy: https://consensys.io/privacy-notice
* Rainbow Terms of Service: https://app.userainbow.com/static/documents/terms-of-service.pdf
* Rainbow Privacy Policy: https://rainbow.me/privacy

4) Merchant-configured RPC endpoints
* What the service is used for: Merchants may configure RPC endpoints so the plugin can read smart contract data, refresh payment/network metadata, check balances and allowances, verify transactions, estimate gas, and broadcast transactions requested by the customer.
* Domains that may be requested: Any RPC endpoint configured by the merchant in the plugin settings or returned by the merchant’s configured payment metadata.
* What data is sent and when: During checkout/payment flows, scheduled cache refreshes, transaction verification, or payment metadata loading, the browser or store server may send blockchain query data such as chain ID, contract address, token address, wallet address where needed, transaction hash, transaction payload data, token/contract metadata requests, and normal HTTPS request data such as IP address and user agent.
* Required or optional: Required when the selected payment configuration depends on a merchant-configured RPC endpoint. The merchant is responsible for choosing RPC providers whose Terms of Service and Privacy Policy are suitable for the store’s use case.

5) Bundled chain metadata and default RPC references
* What the service is used for: Bundled wallet/web3 libraries include default chain metadata and fallback RPC references for providers and networks such as thirdweb, Arbitrum, BNB Chain, Merkle, Base, Polygon, Mantle, WalletConnect RPC, and Infura / Consensys. These references may be used by the selected wallet, configured network metadata, merchant/network settings, or bundled library when the customer starts a blockchain payment flow.
* Domains that may be requested depending on the configured network, selected wallet, and bundled library defaults: bsc-dataseed.binance.org, rpc.walletconnect.org, 56.rpc.thirdweb.com, api.avax.network, arb1.arbitrum.io, mainnet.base.org, polygon.drpc.org, rpc.mantle.xyz, eth.merkle.io, mainnet.infura.io, goerli.infura.io, sepolia.infura.io, arbitrum-mainnet.infura.io, arbitrum-goerli.infura.io, polygon-mainnet.infura.io, polygon-mumbai.infura.io, optimism-mainnet.infura.io, optimism-goerli.infura.io, avalanche-mainnet.infura.io, avalanche-fuji.infura.io, linea-mainnet.infura.io, linea-goerli.infura.io, celo-mainnet.infura.io, celo-alfajores.infura.io, aurora-mainnet.infura.io, aurora-testnet.infura.io, palm-mainnet.infura.io, palm-testnet.infura.io, starknet-mainnet.infura.io, starknet-goerli.infura.io, starknet-goerli2.infura.io.
* What data is sent and when: If a bundled/default RPC endpoint is used during a selected wallet or network flow, the request may include JSON-RPC data such as wallet address, transaction payload data, contract addresses, chain ID/network details, transaction hash, and normal HTTPS request data such as IP address and user agent.
* Required or optional: Required only when the selected wallet/network/library flow uses one of these bundled/default RPC endpoints. Not every bundled RPC URL is called by the plugin.
* WalletConnect RPC Terms of Service: https://reown.com/terms-of-service
* WalletConnect RPC Privacy Policy: https://reown.com/privacy-policy
* Infura / Consensys Terms of Service: https://consensys.io/terms-of-use
* Infura / Consensys Privacy Policy: https://consensys.io/privacy-notice
* thirdweb Terms of Service: https://thirdweb.com/terms
* thirdweb Privacy Policy: https://thirdweb.com/privacy-policy
* Arbitrum Terms of Service: https://arbitrum.io/tos
* Arbitrum Privacy Policy: https://arbitrum.io/privacy
* BNB Chain Terms / Disclaimer: https://www.bnbchain.org/en/disclaimer
* BNB Chain Privacy Policy: https://www.bnbchain.org/en/privacy-policy
* Merkle Privacy Policy: https://www.merkle.io/privacy
* Base Terms of Service: https://docs.base.org/terms-of-service
* Base Privacy Policy: https://docs.base.org/privacy-policy
* Polygon Terms of Use: https://polygon.technology/terms-of-use
* Polygon Privacy Policy: https://polygon.technology/privacy-policy
* Mantle Terms of Service: https://www.mantle.xyz/terms
* Mantle Privacy Policy: https://www.mantle.xyz/privacy-policy

6) Blockchain explorers, explorer APIs, and transaction links
* What the service is used for: The plugin and bundled blockchain libraries may generate links to blockchain explorers or include explorer API metadata so customers or administrators can inspect transaction hashes, addresses, or network data.
* Domains that may be opened or referenced depending on the selected network: bscscan.com, api.bscscan.com, etherscan.io, api.etherscan.io, goerli.etherscan.io, sepolia.etherscan.io, arbiscan.io, api.arbiscan.io, basescan.org, api.basescan.org, mantlescan.xyz, api.mantlescan.xyz, snowtrace.io, api.snowtrace.io, polygonscan.com, solscan.io.
* What data is sent and when: A request is sent when a customer or administrator clicks an explorer link, or when a bundled library queries explorer API metadata for a supported chain. The browser or API request may include the transaction hash, wallet or contract address, selected network, and normal HTTPS request data such as IP address and user agent.
* Required or optional: Optional for clicked explorer links; explorer API metadata may be required by the selected wallet/library/network.
* BscScan Terms of Service: https://bscscan.com/terms
* BscScan Privacy Policy: https://bscscan.com/privacyPolicy
* Etherscan Terms of Service: https://etherscan.io/terms
* Etherscan Privacy Policy: https://etherscan.io/privacyPolicy
* Arbiscan Terms of Service: https://arbiscan.io/terms
* Arbiscan Privacy Policy: https://arbiscan.io/privacyPolicy
* BaseScan Terms of Service: https://basescan.org/terms
* BaseScan Privacy Policy: https://basescan.org/privacyPolicy
* PolygonScan Terms of Service: https://polygonscan.com/terms
* PolygonScan Privacy Policy: https://polygonscan.com/privacyPolicy

7) Remote payment metadata, token metadata, ABI, and IPFS endpoints
* What the service is used for: The plugin reads remote JSON, ABI, token, network, and metadata files so it can load supported assets, contract ABIs, chain metadata, wallet metadata, and payment configuration data. This includes the server-side request made by BlockchainService::getRemoteJsonCid() to the CID/metadata URL returned by the configured Laqira payment contract.
* Domains that may be requested depending on the selected network and bundled library metadata: ipfs.io, arweave.net, 4byte.sourcify.dev, raw.githubusercontent.com, docs.soliditylang.org, and any merchant-configured CID, ABI, token, network, or RPC metadata URL.
* What data is sent and when: When the plugin refreshes blockchain configuration data or the checkout interface needs token/network/ABI metadata, the browser or store server requests the remote URL and sends normal HTTPS request data such as IP address and user agent. If the URL includes a CID, token, contract, network, or transaction identifier, that identifier is sent as part of the request URL.
* Under which conditions: Requests are sent only after the merchant has configured the payment contract/RPC settings or when checkout/payment screens need the metadata to display available networks and assets.
* Required or optional: Required when the selected payment configuration depends on remote metadata; optional when required metadata is already available locally.
* Terms of Service / Privacy Policy: For Laqira-hosted metadata, see https://laqira.io/terms-and-conditions and https://laqira.io/privacy-policy . For the ipfs.io public gateway, see https://ipfs.tech/legal/ ; IPFS privacy background is documented at https://docs.ipfs.tech/concepts/privacy-and-encryption/ .

8) Static bundled library references that are not plugin runtime services
Generated JavaScript bundles include third-party wallet/web3 library strings, documentation URLs, example URLs, package metadata, app-store install links, wallet deep-link domains, browser issue URLs, standards URLs, and optional media/embed references. These strings may appear in bundled JavaScript, but Laqira Payments does not intentionally call them as plugin runtime services unless a customer clicks a link, the selected wallet opens its own deep link, the selected wallet/library flow uses that service, or a merchant explicitly configures one of those URLs.

• Examples found in bundled libraries: docs.metamask.io, medium.com, ethstats.net, snowtrace.io, api.snowtrace.io, solscan.io, go.cb-w.com, t.me, apps.apple.com, play.google.com, chrome.google.com, microsoftedge.microsoft.com, addons.mozilla.org, addons.opera.com, www.youtube.com, player.vimeo.com.

Note: Some bundled Composer, JavaScript, CSS, and license files contain documentation URLs, issue tracker URLs, example URLs, standards URLs, or project homepages. Those references are not automatically contacted by Laqira Payments during normal plugin operation. The lists above focus on domains that the generated runtime bundle, wallet libraries, configured blockchain/payment metadata, or user-clicked links may actually request or open.

Important Note: No external request is made merely by activating the plugin. After administrator configuration, external requests may occur during checkout/payment screens, scheduled cache refreshes, wallet connection, blockchain reads, transaction submission or verification, payment metadata loading, or when a user clicks an external link shown by the plugin.

Source Code

Human-readable source code, build tools, and build instructions for the generated JavaScript bundles are available at https://github.com/LaqiraProtocol/laqira-payments . The checkout bundle is generated from the source files under src/ with npm run build; the release ZIP is generated with tools/build-release-artifact.sh.

Translations

• English (en_US)
• Chinese (zh_CN)
• Hindi (hi_IN)
• Spanish (es_ES)
• Italian (it_IT)
• Turkish (tr_TR)

Support

For support or bug reports, please visit the official support page at https://laqirahub.com/laqira-pay/introduction or the support forum.