u/Mushydaddybear

Image 1 — I made a simple way to accept Monero on your own site without heavy self hosted infrastructure
Image 2 — I made a simple way to accept Monero on your own site without heavy self hosted infrastructure
▲ 12 r/foss

I made a simple way to accept Monero on your own site without heavy self hosted infrastructure

Hallo!

Theres a lot of people want to accept Monero on their websites but get discouraged by how heavy/difficult setup of most self hosted solutions are.

You usually end up having to run a dedicated server, manage a full node, and maintain extra infrastructure just to receive payments....

xmrpay was made to remove that friction :)

The idea is simple: make Monero payments easy to accept without forcing you to run a heavy self hosted instance.

Why its lighter:

  • WordPress users : they can install the WooCommerce plugin and start accepting Monero directly inside their existing site. Verification runs in pure PHP!!, no Node.js, no background daemon, and no extra server process required for normal operation....
  • For other platforms (Joomla, custom sites, etc.): ofc you can embed a lightweight widget. You only need a small stateless endpoint if you want automatic verification.
  • You don’t have to run your own Monero node. It can work with public nodes or minimal setups. ( But please, run a Monero node :) )

The goal is to let normal site owners accept Monero without turning their setup into a full crypto infrastructure project... I wanna help to improve Monero adoption

Try it right now on stagenet (test coins):

Links:

I’m the developer. I built this because I wanted something practical that people could actually use without a big self hosted setup.

Yes, I use Claude code, but I don't rely 100% on it, mostly to deploy or things that are boring/annoying to me.

Would love some honest feedback from anyone who runs a store or has tried other Monero payment solutions.

Please be harsh, any kind of feedback is welcome

In the last couple of weeks, people have been fueling this project! and for that, many many thanks!

the XMR donations sent to the xmrpay address were put to good use:

https://x.com/SlowBearDigger/status/2072039459864879435?s=20

u/Mushydaddybear — 4 days ago
▲ 15 r/Monero

Updated Monero gateway for modern WHMCS (PHP 8 + WHMCS 8.x/9.x)

Disclosure: I’m the one who made the changes.

Hello!, the old official monerowhmcs repo has been broken for a while on current WHMCS versions.

money_format() got removed in PHP 8, plus some other deprecated stuff and a dead price feed, so the gateway would just fatal error when a customer tried to pay...

I went ahead and fixed it while keeping the original approach: self hosted, your own monero-wallet-rpc + daemon, integrated addresses, and either a QR or just a copiable address at checkout.

What I changed:

  • Fixed PHP 8 compatibility (money_format, sanitization, null checks on database lookups)
  • Switched the price feed to CoinGecko with Kraken fallback
  • In one branch I replaced the old third-party QR service (api.qrserver.com) with local QR generation so the address and amount don’t get sent to an external site

Tested end to end on WHMCS 8.13.4 and 9.0.5 with PHP 8.3.

Two branches:

  • fix-php8-local-qr > it has local QR generation (recommended)
  • fix-php8-no-qr > only a minimal change, just copiable address, no QR

Repo: https://github.com/SlowBearDigger/monerowhmcs

Evidence and testing notes here: https://github.com/SlowBearDigger/monerowhmcs/blob/fix-php8-local-qr/docs/EVIDENCE.md

Now the real questions:

If you run WHMCS and accept Monero, would you like to have a new solution?
Would you give a try to a WHMCS version of XMRPAY? (see: https://github.com/SlowBearDigger/xmr-pay)

I already tested it myself and it works, but I’d rather have more people try it on real setups before calling it solid.

If you have WHMCS 8 or 9 and want to test it, I’d really appreciate feedback (even if it’s “broke on my setup because of X Y or Z")...

thanks!

u/Mushydaddybear — 4 days ago
▲ 21 r/Monero

xmr-pay now for Joomla: ready to install packages for HikaShop & VirtueMart (one ZIP = payment plugin + scheduler task)!

Disclosure: I'm the creator of xmrpay.

This is the next step after the PHP engine plus theadapter guide I posted a while ago (where I said "soon for Joomla")...

Remember that xmrpay is free, open source (MIT), non custodial Monero payment verification using only your view key. without the need of monerod, no wallet-rpc 24/7, no middleman.
Funds go straight to your wallet. We already have the serverless JS library, PHP engine, WooCommerce plugin, Composer package and Laravel adapter!!

Now delivering on the Joomla promise :)

I built xmr-pay-build, it is a simple packager that generates ready to install Joomla extension packages from the canonical sources (single source of truth, no stale vendored code).

What you can get:

  • One single ZIP per cart that installs both the payment method plugin and the settlement scheduler task (no separate installs needed).
  • HikaShop > pkg_xmrpay_hikashop.zip (plg_hikashoppayment_xmrpay + plg_task_xmrpaysettle)
  • VirtueMart > pkg_xmrpay_virtuemart.zip (plg_vmpayment_xmrpay + plg_task_xmrpaysettle_vm)

It automatically adds index.html files for directory listing protection + JED compliance, and always pulls fresh code from xmr-pay-php and xmr-pay-adapter-core.

Verified: Both packages install cleanly on Joomla 5.4.6 with HikaShop 6.5.0 and VirtueMart 4.6.4.

To get the packages: clone https://github.com/SlowBearDigger/xmr-pay-build and run ./build.sh > the ZIPs will be in dist/. Super transparent and reproducible.

Same honest trust model as the rest of xmrpay:

  • View key only (can read payments, can never spend)
  • Amount proven by on chain RingCT commitment (forged amounts rejected)
  • Fails closed: commitment + confirmations + not time-locked + no double-count must all pass
  • Refunds are manual (Monero is irreversible + sender is hidden)
  • You only trust the node(s) you configure (run your own or use two for bigger amounts)

What I need from you all:

  • Install and test on your real Joomla setups (different versions, other carts, etc.)
  • Full flow test: configure payment method > create order > pay with Monero (start with stagenet) > check if the scheduler settles it correctly
  • Feedback on the single ZIP bundling approach, is it convenient?
  • Any issues with manifests, files, installation, or Joomla specific flows (tax, shipping, partial payments, multiple currencies, etc.)
  • Docs are still minimal (it's mainly a build tool right now), what would actually help you?

Please be harsh. This is early. If something feels off, confusing, broken, or doesn't fit real merchant workflows, tell me. I'll fix it or document the limit.

The goal is solid, trustworthy Monero acceptance on Joomla without the usual infrastructure pain.

Links:

Thanks in advance, real feedback is what makes this stuff actually usable!! (Like on the wordpress plugin, thanks to feedback I was able to deliver a nice plugin for Woocommerce)

u/Mushydaddybear — 5 days ago
▲ 40 r/Monero

Monero payments in pure PHP PLUS WooCommerce plugin + Composer package + Laravel adapter...

Disclosure: I’m the creator... and I know I been posting similar stuff... but listen..

Tired of running monerod + wallet-rpc 24/7 or trusting some third party gateway just to accept Monero on a PHP site? xmr-pay-php don't do like that...

PHP engine that verifies incoming payments using only your view key, pulling public chain data from any Monero node you point it at.
No monero-wallet-rpc, no daemon on your box, no backend service. It derives a per order subaddress, detects the output, verifies the RingCT amount commitment, checks confirmations and time locks, and handles the old burning bug deduping.

It builds on the monero-integrations crypto primitives. Doesn’t reimplement them <3

The honest part, because you’ll find it anyway:

It only holds the view key, so it can read payments but never spend. The amount is proven by the on-chain commitment, not the ecdh value, so a forged amount gets rejected. It fails closed — commitment + confirmations + no time-lock + no double-count must all pass or the order stays unpaid. The only thing you trust is the node(s) you configure. For real money, run your own or use two so a lagging one can only delay, never falsely confirm early. Monero is irreversible and the sender is hidden, so refunds are manual.

State of it:

Fresh beta (v0.1.0). Not widely used yet outside the WooCommerce plugin. Verification logic is cross checked against the reference Monero library on real stagenet payments, and the same results come out across the JS library, the PHP package, the WooCommerce plugin, and the Laravel adapter.

There’s a short guide for writing adapters for other platforms (WHMCS, Joomla, PrestaShop, Symfony, etc.) if anyone wants to: https://github.com/SlowBearDigger/xmr-pay-php/blob/main/docs/WRITING-AN-ADAPTER.md

Feedback on the verification approach and the trust model is very welcome.

Please be harsh! try to break the checks with weird edge cases, node quirks, partial payments, whatever. If it doesn’t fit your setup or you spot something off, say it. I’ll fix it or document the limit.

u/Mushydaddybear — 13 days ago
▲ 47 r/Monero+1 crossposts

XMR-PAY 1.0 is out (free, open source, non-custodial): the serverless library + a WooCommerce plugin built on it. You asked for the ugly edge cases, I built a suite for them.

Disclosure: I'm the creator. Inspired by GOXMR. This is the 1.0 follow up to the xmr-pay post I made a couple of weeks ago...

Quick recap: xmr-pay is a free, open source (MIT) way to accept Monero with no company in the middle. Non-custodial, funds go straight to your wallet, no accounts, no API keys, no keys held by anyone but you.

What changed since the first post:

  1. It's two things now, and the library is still the core.

- The library: a serverless JavaScript engine. A buyer pays, your server re verifies the payment proof on chain, done. Stateless, runs in a serverless function or your own box. Plus a watch mode agent that auto detects and sums payments (installments and top-ups complete on their own), and a zero dependency checkout widget.

- A WooCommerce plugin built on the same engine, for people who want a store without touching code. This one verifies payments inside WordPress itself, in pure PHP (vendored ed25519 / Keccak / base58 / RingCT decode + commitment check), against any Monero node. No Node, no monero wallet-rpc, nothing running 24/7. View key only.

  1. I took the "break it" feedback seriously.

On the last post, u/ProfessionalLead257 said the ugly edge cases are where payment systems earn trust: delayed confirmations, node failures, duplicate submissions, partial payments, congestion, user mistakes. That stuck with me. So a big part of 1.0 is an adversarial test suite that does exactly that: chaos tests for down / slow / lying nodes, reorgs, double spends, time locked outputs, replay, dust floods, plus property and fuzz tests over the money math. A property test actually caught a real order dependence bug in the settlement dedup right before 1.0, which is the whole point of writing them.

Non custodial by construction:

- View key only. It reads incoming payments, it can never spend. The spend key is never asked for.

- The amount is checked against the on chain RingCT commitment, so a forged or edited amount is rejected.

- Four gates (commitment, confirmations, not time- ocked, no double count) must all pass or the order stays unpaid. It never guesses "paid".

The honest part, because you'll find it anyway:

- Monero is irreversible and the sender is hidden, so refunds are manual.

- Verification trusts the node you point it at. Run your own or require two to agree for serious money; it fails closed on disagreement.

- Few confirmations is fast but reversible (reorg risk). Your dial.

- The browser is never trusted; fulfillment is server-side only.

Try it live on stagenet (free faucet coins, no real money):

- configure the plugin yourself: https://live.xmrpay.shop

- a full demo store you can actually pay: https://demo.xmrpay.shop

- the widget + proof flow: https://xmrpay.shop/demo.html

Links:

- Library (npm): https://www.npmjs.com/package/xmr-pay

- Library source: https://github.com/SlowBearDigger/xmr-pay

- WooCommerce plugin: https://github.com/SlowBearDigger/xmr-pay-woocommerce

Same ask as last time, louder: please be harsh. It's view key only and non custodial, so the worst realistic case is a missed detection, not lost funds, but I want it hammered. Edge cases, weird wallets, broken nodes, docs that don't match your setup. Tell me what's wrong and I'll fix it or document the limit.

(And yes, I still use Claude Code for the tedious parts and the test grunt work. The design and the calls are mine.)

reddit.com
u/Mushydaddybear — 16 days ago
▲ 48 r/Monero

xmr-pay: Free, open source Monero payment gateway (serverless, non custodial) &gt; Test it and break it

Disclosure: I'm the creator of this project, and is inspired on GOXMR

After months of building, I'm releasing xmr-pay, a free, open source payment gateway for Monero that requires no backend infrastructure (serverless), holds zero funds (non custodial), and is completely transparent.

What is it?

A lightweight JavaScript library + widget that lets merchants accept Monero payments with proof verification instead of key custody. Two modes:

  1. Tx-proof mode: buyers submit proof of payment; merchant verifies serverless (tx proof verification only, no Monero wallet)
  2. Watch-mode: merchant optionally runs their own monero-wallet-rpc to auto detect subaddress payments

No accounts, no API keys, no middleman holding your keys. Merchants control their own address and run verification on their own infrastructure... and I think is nice...

The real thing:

  • v0.1.6 live on npm &gt; u/xmr-pay package
  • Open repo &gt; github.com/SlowBearDigger/xmr-pay (MIT licensed)
  • Mainnet verified &gt; tested on real XMR transactions
  • 41 test cases &gt; offline config/watch/uri parsing + 15 live stagenet validations
  • Zero dependencies in core &gt; monero-ts only loads when verifying
  • Widget is 73KB &gt; single file, no CDN calls, system fonts, pure CSS

What I need from you:

I'm looking for real feedback, not hype. This is genuinely free and open source:

  • Can you break it? Try the tx proof path with edge cases (large amounts, old UTXOs, locked outputs)
  • Does the verify flow work for your use case? (serverless endpoint, webhook signature, quorum nodes)
  • Mobile UX? Widget tested at 375×812; does proof pasting work on your phone?
  • Missing wallets? I documented Feather, GUI, CLI, Cake, Monerujo — did I miss your flow?
  • Doc gaps? DEPLOY.md covers Vercel/Express; where does your setup differ?
  • What's wrong? Anything confusing, broken, or overhyped?

Links:

The honest part:

  • No inflation: real XMR amounts in piconeros, no pretending things work that don't
  • No account BS: literally zero accounts to create
  • Threat model documented: what I protect (tx proof verification), what you protect (your order DB + webhook secrets)
  • Security audited: found and fixed unlock-time scams, replay bugs, quorum logic; documented the footguns you must handle...

Please be harsh. If this doesn't fit your workflow, or if you found a real bug, say it. I'll fix it or document the limit.

I coded this, took me a while, I been use Claude code for testing and tedious stuff (UI/UX I took from GOXMR, so Claude did the boring/annoying part)

u/Mushydaddybear — 24 days ago
▲ 22 r/Monero

GOXMR: Monero-native federated identity + marketplace (I'm the dev, feedback welcome!)

Yo! I'm SlowBearDigger (same handle on X and GitHub), the lazy ass developer behind GOXMR.

I've been building this because I wanted a clean, privacy first way for Monero users to have a single identity that actually works across the fediverse, Nostr, and as a proper OpenAlias.

Everything core is completely free. The only optional paid thing is the Dead Man's Switch plus a small supporter icon for a one time 0.001 XMR (think of it as tipping the dev if you like the project).

What you get with a free account:

  • Your own subdomain: "username.goxmr.click" (wildcard HTTPS)
  • Ready to use OpenAlias: "username@goxmr.click" > works in Cake, Feather, Monerujo, MyMonero, etc. (due to some VPS tweaks that I am working on, this may be a bit buggy atm)
  • Classic profile page at "goxmr.click/username"
  • NIP-05 verification for Nostr (Damus, Amethyst, Snort…)
  • WebFinger so Mastodon/Pleroma searches forward correctly
  • PGP key publishing + encrypted email notifications

Marketplace (the part a lot of people seem to like): Sell physical stuff, digital downloads, or services. Buyers pay directly to your own wallet in Monero!! fully non custodial. Every order gets its own subaddress so you can match payments easily.

Encrypted downloads with download limits, proof of purchase reviews, optional PINs for unlisted products… all the little details that actually make it usable.... I think xd

Built-in tools:

  • Fee free XMR swap aggregator (via Trocador, my setup us 0% fees, I do earn the bare minimum by Trocador, and that's gonna be used to improve GOXMR )
  • XMR block explorer :P
  • Nice QR code generator with logo support
  • Self destruct timer with arming + heartbeat

Privacy side: No analytics, no tracking cookies, no fingerprinting.

IPs are reduced to /24 before they even hit disk.

Everything sensitive is HMAC hashed with a server only secrets.

Full Tor v3 hidden service mirror.

JWT only in localStorage. Strict CSP, HSTS, the works.

Full details are on the site under /privacy and /status.

The whole project is open source:
https://github.com/SlowBearDigger/GOXMR

My X account (where I post updates and actually listen to feedback):
https://x.com/SlowBearDigger

I genuinely take suggestions from the Monero community, a bunch of current features came straight from people on X and GitHub. If you try it and think “this would be better if…” or “why doesn’t it do X?”, please tell me. I’m still actively adding, fixing, and removing stuff based on what actual users want.

Give it a spin at https://goxmr.click whenever you feel like it.

Thanks for reading, and stay safe out there.

goxmr.click
u/Mushydaddybear — 1 month ago