Description
Pay4All for TWINT adds TWINT as a payment method to the free Pay4All Shop plugin (order-form-based checkouts).
TWINT is a trademark of TWINT AG (Switzerland). This plugin is an independent integration and is not affiliated with, endorsed by, or sponsored by TWINT AG.
Main features:
- TWINT integration for the free Pay4All Shop plugin (order forms with TWINT payment).
- Step-by-step setup wizard: TWINT credentials, certificate upload, connection test, status page.
- Automatic conversion of the .p12 certificate delivered by TWINT to PEM format.
- Cash register enrollment and connection test built into the wizard.
- Localized payment instructions in French, German, Italian and English.
To use this plugin you need:
- the free Pay4All Shop plugin installed and active.
- a TWINT merchant account with a configured store and an active certificate (see https://portal.twint.ch).
There is no license fee, no subscription, no domain activation. Install, activate, run the wizard, done.
WooCommerce support
The WooCommerce payment-gateway integration (classic checkout, Checkout Blocks, HPOS, refunds, background monitoring) is not shipped inside this free plugin. It lives inside the paid companion « Pay4All Pro », distributed outside WordPress.org from https://pay4all.ch/. Install Pay4All Pro next to this plugin to enable the WooCommerce TWINT gateway.
External services
This plugin connects to the TWINT merchant SOAP API (operated by TWINT AG) to authorize, capture, refund and reconcile payments. Without a valid TWINT merchant account and certificate, the gateway cannot process payments.
What it is used for
- Every TWINT payment initiated from a Pay4All Shop form is forwarded to the TWINT SOAP API for authorization and status polling (payment start, background status polling, refund, cancellation).
- Nothing else is sent to any external service.
What data is sent, and when
- On payment start: the order number, the amount, the currency, the store UID (from your TWINT merchant account), the cash-register ID and — depending on your TWINT setup — the customer’s e-mail or phone number.
- On status polling and reconciliation: only the TWINT transaction identifier returned by the previous call.
- On refund: the TWINT transaction identifier plus the amount to refund.
- No login credentials, no plugin telemetry, no site metadata are sent.
Where the data is sent
The plugin talks to one of three TWINT-owned endpoints depending on your T4A_ENVIRONMENT setting:
- Production:
https://service.twint.ch/merchant/service/TWINTMerchantServiceV8_4 - Integration / staging:
https://service-int.twint.ch/merchant/service/TWINTMerchantServiceV8_4 - Pre-authorization test:
https://service-pat.twint.ch/merchant/service/TWINTMerchantServiceV8_4
Terms of use and privacy policy for TWINT
- TWINT terms of use: https://www.twint.ch/en/legal/
- TWINT data protection: https://www.twint.ch/en/data-protection/
No other external service is contacted by this plugin.
Source code
The complete, non-minified source of this plugin is bundled inside the ZIP itself. Every PHP file is human-readable and directly editable. The JavaScript bundles under assets/js/ are shipped in a pretty-printed, non-minified form so you can read and modify them without a build step.
No compiler, transpiler or bundler is required to work on this plugin.
Screenshots





Installation
- Upload the
pay4all-for-twintfolder to/wp-content/plugins/(or install the ZIP from Plugins > Add New). - Activate “Pay4All for TWINT” from the WordPress Plugins screen.
- Install and activate the free “Pay4All Shop” plugin (required companion).
- Open the “Pay4All TWINT” menu in the admin and follow the wizard: TWINT credentials, certificate upload, status.
Server requirements:
- PHP 7.4 or higher (8.x recommended).
- PHP extensions:
openssl,soap,curl. - WordPress 5.9 or higher.
- Pay4All Shop plugin (required).
FAQ
-
Does the plugin work without Pay4All Shop?
-
No. Pay4All Shop is a required companion — the wizard shows a warning when the companion is missing. Install both plugins together.
-
Does the plugin work with WooCommerce?
-
Not directly. The WooCommerce TWINT gateway is packaged in the paid « Pay4All Pro » add-on, distributed from https://pay4all.ch/. That add-on installs on top of this free plugin and wires the WooCommerce checkout, Checkout Blocks, HPOS compatibility and background monitoring.
-
Where do I find my TWINT credentials?
-
Log in to https://portal.twint.ch, create a store and generate a certificate. The wizard asks for the store UID, certificate password, cash-register ID and the certificate file.
-
Do I need a Pay4All account or license?
-
No. This plugin is fully free and works standalone (with Pay4All Shop). You only need TWINT merchant credentials.
-
Is WordPress Multisite supported?
-
Not in this version. Activate the plugin site by site.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Pay4All TWINT – For WooCommerce & Pay4All Shop” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Pay4All TWINT – For WooCommerce & Pay4All Shop” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.3.0
- Security — merchant certificate no longer at a predictable URL. The TWINT PEM (private key + certificate) used to be written to
wp-content/uploads/t4a_twint/twint.pem— a fixed, guessable path protected only by.htaccess deny from all. On nginx (which silently ignores.htaccess) or Apache withAllowOverride None, the file was directly downloadable. Each merchant now gets a random 48-hex filename minted per install (stored int4a_twint_settings_certfile), the containing folder ships both anindex.phpand an.htaccess(belt-and-suspenders), and the file is chmod’d to 0600. Certificate renewal via TWINT backoffice also mints a fresh name, so a previously exposed URL is invalidated. - Security — certificate password encrypted at rest. The password protecting the private key was stored in cleartext in
wp_optionsand re-emitted in the wizard HTML + AJAX response + parsing error message. It is now stored encrypted via authenticated encryption (see below), never echoed back to the DOM (the field renders empty with a « laissez vide pour conserver » hint), and the « Failed to parse certificate » error no longer includes the provided password. - Security — authenticated encryption for stored secrets.
Cipherwas AES-256-CTR with a length-checked salt suffix — malleable, no MAC, key material wasLOGGED_IN_KEYused raw. Replaced withsodium_crypto_secretbox(XChaCha20-Poly1305) with anopenssl aes-256-gcmfallback, keyed via HKDF-SHA256 fromLOGGED_IN_KEY + LOGGED_IN_SALT. Ciphertexts written by earlier versions keep decrypting (backward-compatible reader) so no data loss. - Security — TWINT return signature now expires. The signature on the redirect / cancel URL was computed with a fixed
t=1, meaning it was replayable indefinitely. It now embeds the real timestamp and rejects any URL older thanT4A_REDIRECT_SIGNATURE_EXPIRATION(bumped from 60 s to 30 min so realistic TWINT-app flows are not rejected). - Security —
FileServerdefense-in-depth. Internalbasename()+ type whitelist +realpathbounding are now enforced insidesend_file()/display_pdf(), in addition to the callers’ existing sanitisation. Any request that escapes the allowed upload directory returns HTTP 404. - Security — nginx-proof folder protection.
t4a_twint/,logs/,temp/,locks/now systematically ship both.htaccessand an emptyindex.phpso servers that ignore.htaccessstill can’t list or serve them. - Internal :
EnvironmentConfig::get_certificate_file_path()is resolved LIVE (not from theT4A_CERTIFICATE_PATHconstant frozen at boot) so a cert upload followed by a connection test in the same request reads the just-written file. Same for the certificate password — the SoapClient reads it viaget_certificate_password()instead ofstripcslashes(get_option(...)).
1.2.0
- Wizard rework — new « Commande » tab. The setup wizard now has 4 steps (Préparation, Identifiants, Commande, État). The « Commande » tab merges the Pay4All Shop and WooCommerce post-payment order-status configuration into a single unified card, with matching labels (« Commande contenant… ») between both integrations and editable status pickers.
- Standalone boot. The plugin no longer requires Pay4All Shop to be present at activation. When the companion is missing, a scoped admin notice explains what’s needed instead of blocking activation. WooCommerce-only merchants can install Pay4All Pro next to this plugin and skip Pay4All Shop entirely.
- Pay4All Pro compatibility. The Commande tab detects when Pay4All Pro is active and offers a « Plus de réglages » shortcut to
admin.php?page=pay4all-twint-woo, keeping advanced WooCommerce settings in a single place. - Localized tutorial link. The « Besoin d’aide » block in the Préparation tab now points to
https://pay4all.ch/p/twint-woocommerce#tutorialsin FR/DE/IT/EN. - Internal : FormDomainEvents.mark_payment_paid delegates to a shared
paid_status_for_p4all_form_order()helper so Pay4All Shop and WooCommerce share the same virtual/deferred/default logic.
1.1.0
- SOAP client rewritten in non-WSDL mode. The full TWINT Merchant Service v8.4 WSDL/XSD contract (previously shipped as
.xmlschema files undersrc/Engine/Soap/schemas/v8_4/) has been removed from the plugin package per WordPress.org’s blanket file-type policy. Every SOAP request is now built as a hand-written XML envelope insideTwintSoapClient::dispatch(), transported by\SoapClientin non-WSDL mode (mTLS + gzip + timeouts unchanged), and the response is parsed by an in-houseDOMDocumentstdClassconverter that mimics SoapClient’s classic->_shape so every existing consumer ($response->Order->Status->Status->_, etc.) keeps working. Validated live against production TWINT on a small-amount payment + refund round-trip (StartOrder GetOrder polling ConfirmOrder REVERSAL). - Sensitive payloads no longer logged. The SOAP journal used to record the full
$argsrequest payload and$responseobject for every operation. On WordPress.org’s review request the plugin now only logs the operation name + message id, never the payload. Applies toTwintSoapClient,TransactionService,BackofficeTransactionServiceandAdminAjax::check_successful_order_statuses. Debug-onlyprint_r( $this->client )block removed. - Internal :
set_headers(),send_soap_request(),get_default_params()retired ; replaced bydispatch()+build_envelope()+merchant_information_xml()helpers.
1.0.0
- Initial release on WordPress.org.
- TWINT integration for the free Pay4All Shop plugin.
- Setup wizard, certificate handling, cash-register enrollment.
- French, German, Italian and English translations bundled.
