# External Integrations

**Analysis Date:** 2026-05-10

## APIs & External Services

### Payment Gateways

- **PayNow (BLIK / bank transfer / card)** — `modules/paynow/paynow.php` (v1.6.35)
  - SDK: `pay-now-php-sdk` (Guzzle HTTP, PSR-7)
  - Auth: API key / signature (configured in module back-office)
  - Functions: payment authorization, refund, GDPR
  - Webhook: payment status notification with retry/stop logic

- **Santander eRaty (installment credit)** — `modules/santandercredit/santandercredit.php` (v5.5)
  - PL-specific Santander Consumer Bank
  - Calculator widget + simulator iframe
  - Hooks: order state confirmation

- **Check Payment** — `modules/ps_checkpayment/`
- **Wire Transfer** — `modules/ps_wirepayment/`

### Marketplace

- **Empik Marketplace** — `modules/empikmarketplace/empikmarketplace.php` (v1.6.5)
  - Guzzle HTTP client
  - Symfony DI container
  - Sync orders, products, inventory with Empik.com
  - Cron controllers — `modules/empikmarketplace/controllers/cron/`

### Shipping & Logistics

- **DPD Polska** — `modules/dpdpoland/dpdpoland.php`
  - Custom API integration — `modules/dpdpoland/config.api.php`
  - Manifest, package, pickup webservices
  - PDF label generation

### Reviews & Ratings

- **Ceneo.pl Trusted Reviews** — `modules/ceneo_trustedreviews/ceneo_trustedreviews.php` (v1.0.1)
- **eKomi Ratings & Reviews** — `modules/ekomiratingsandreviews/ekomiratingsandreviews.php`
  - API: `https://plugins-dashboard.ekomiapps.de/api/v1/order`
  - Validation: `https://api.ekomi.de/v3/getSettings`
  - Cron-based export
- **eKomi SFF (Shop Feedback Form)** — `modules/ekomiSff/`
- **PrestaShop Product Comments** — `modules/productcomments/`

### Analytics & Tracking

- **Google Analytics 4 Pro** — `modules/pdgoogleanalytycs4pro/pdgoogleanalytycs4pro.php` (v1.0.2)
  - SDK: `br33f/php-ga4-mp` (GA4 Measurement Protocol)
  - Enhanced conversions with phone (uses `libphonenumber-for-php`)
  - Refund tracking, Google Ads (AW) conversions, Merchant Center

- **Google Merchant Center Pro** — `modules/pdgooglemerchantcenterpro/`

- **BAE Commerce Tracking** — `modules/baecommercetracking/baecommercetracking.php` (v1.0.6)
  - GA + Google Ads conversion + Facebook Pixel events

- **Facebook Conversion Pixel** — `modules/fbpixel/fbpixel.php` (v2.0.2)
  - Purchase event injection at order confirmation

- **20+ PrestaShop stats modules** — `modules/dash*`, `modules/stats*`

### Customer Communication

- **Smartsupp Live Chat** — `modules/smartsupp/smartsupp.php`

### Spam / Bot Protection

- **Google reCAPTCHA** — `modules/eicaptcha/vendor/google/recaptcha/`
  - Also referenced in `buy-by-phone.php` (key hardcoded — see `concerns.md`)

### Content / SEO

- **XML Feeds** — `modules/xmlfeeds/`
- **Google Sitemap** — `modules/gsitemap/`
- **Advanced SEO Pro** — `modules/arseopro/`
- **Link Rewriter** — `modules/x13linkrewrite/`

### Product / Content Management

- **App Page Builder** — `modules/appagebuilder/` (CodeMirror editor)
- **Cross-Sell Pro (custom)** — `modules/crosssellpro/`
- **Image Hover Effects** — `modules/ybc_productimagehover/`
- **WebP Optimization** — `modules/x13webp/` (uses `.htaccess` rewrite)

### GDPR / Security

- **GDPR Data Privacy** — `modules/ps_dataprivacy/`
- **Cookies Plus** — `modules/cookiesplus/`
- **Security Watcher** — `modules/securitywatcher/`

### External XML Feed (custom script)

- `import-product.php` fetches `https://amz.com.pl/bazy-produktow-export/produkty-amz.xml` for batch product updates

## Data Storage

**Database:**
- MySQL with InnoDB
- Connection: `app/config/parameters.php` (DB host, name, user, password — currently committed; see `concerns.md`)
- DB prefix: `materac_` (schema `admin_drmaterac`)
- ORM: PrestaShop `ObjectModel` (front-office), Doctrine (admin Symfony layer)

**File Storage:**
- Local filesystem (PrestaShop default)
- Image variants in `img/` (PrestaShop core layout)
- WebP variants generated by `modules/x13webp/`

**Caching:**
- Memcached configured but disabled — `app/config/parameters.php` (`ps_caching: CacheMemcached`, `ps_cache_enable: false`)
- `modules/pagecache/` — page-level cache module (uses override of `Hook.php`)

## Authentication & Identity

**Customer auth:**
- PrestaShop core (cookies + DB)

**Admin auth:**
- Symfony Security via `iadmin/` AppKernel
- Custom-named admin folder is *not* a security control (security through obscurity — see `concerns.md`)

**Service auth (per-integration):**
- API keys / OAuth tokens stored in PrestaShop `Configuration` (DB `ps_configuration` / `materac_configuration` table) per module

## Email / SMTP

- SMTP at `127.0.0.1:25` — `app/config/parameters.php`
- PrestaShop mail templates: `mails/{en,pl}/`
- Custom transactional: `buy-by-phone.php` uses bundled `phpmailer/` (with hardcoded SMTP credentials — see `concerns.md`)

## Multi-Domain Routing

- Two domains served from one install — `.htaccess`
  - `drmaterac.pl` (primary)
  - `lulandia.pl` (secondary)
- Per-domain image rewrite + WebP fallback rules

## Webhooks

**Incoming:**
- PayNow payment notifications — `modules/paynow/` controllers
- Empik Marketplace cron callbacks — `modules/empikmarketplace/controllers/cron/`
- eKomi cron-based order export

**Outgoing:**
- GA4 Measurement Protocol — `modules/pdgoogleanalytycs4pro/`
- Facebook Pixel events — `modules/fbpixel/`
- Empik order/inventory sync — `modules/empikmarketplace/`

## Environment Configuration

- All secrets currently in `app/config/parameters.php` (committed) — DB password, app secret, cookie keys
- No `.env` / `.env.example` mechanism in use
- **Rotation required** for any credential exposed in git history (see `concerns.md`)

## CI/CD & Deployment

- No CI workflows detected (no `.github/workflows/`, no `.gitlab-ci.yml`)
- Deploy method appears manual / FTP — daily Polish changelog at `changelog/YYYY-MM-DD.md`
- `iadmin/autoupgrade/` contains `prestashop_1.7.5.1.zip` — appears to be an upgrade payload left in webroot

---

*Integration audit: 2026-05-10*
*Update when adding/removing external services*