@extends('admin.layouts.app') @section('title', 'Settings — ExtraCash Admin') @section('page-title', 'Settings') @section('breadcrumb', 'Platform configuration') @section('content')
@csrf
{{-- Tab bar --}}
{{-- ===== PANEL: Lenco ===== --}}
@php $lencoApiSaved = !empty($settings['lenco_api_key'] ?? ''); $lencoSecretSaved = !empty($settings['lenco_secret_key'] ?? ''); $lencoMask = function (?string $v): string { if ($v === null || $v === '') { return ''; } $v = (string) $v; if (strlen($v) <= 12) { return str_repeat('•', min(12, strlen($v))); } return substr($v, 0, 8).'••••••••'.substr($v, -4); }; @endphp

Payment Gateway — Lenco (Access API)

Values below map to the Lenco developer portal (Access v2). The portal’s API Name is only a label there — it is not required in this form.

Credentials are stored in the application database. Restrict database access and use strong secrets in production.

Match the key set in the Lenco portal (Live vs sandbox / test).

@error('settings.lenco_environment')

{{ $message }}

@enderror

Lenco · API Keys tab

Copy Base URL, Public key, and API (Secret) key from the portal. Lenco v2 authorizes the secret as Authorization: Bearer; the public key is sent as X-Secret-Key when both are set, plus X-Environment (must match the key: Sandbox vs Live).

Portal field: Base URL (e.g. https://api.lenco.co/access/v2)

Lenco: Public Key (often pub-…) — sent as X-Secret-Key with the secret in Authorization: Bearer

@if($lencoApiSaved)

Current: {{ $lencoMask($settings['lenco_api_key'] ?? '') }} — leave blank to keep the saved value.

@endif

Lenco: API (Secret) key (copy from portal; shown once) — required for Authorization: Bearer (avoids 401 Unauthorized)

@if($lencoSecretSaved)

Current: {{ $lencoMask($settings['lenco_secret_key'] ?? '') }} — leave blank to keep the saved value.

@endif

Payouts & request locale

Not on the API Keys screen — required by our app for transfers and API payloads.

ISO-2 code sent on collection/transfer calls (e.g. Zambia: zm)

Lenco account / wallet UUID to debit for disbursements — from your Lenco dashboard, not the API Keys page.

Lenco · Webhook tab (optional)

If the portal provides a signing secret for server webhooks, paste it here. Used when verifying callbacks to /webhook/lenco/…. Leave empty until you configure webhooks.

@if(!empty($settings['lenco_api_key']))

Lenco credentials saved — {{ ucfirst($settings['lenco_environment'] ?? 'sandbox') }} mode

@else

Add Public key and API (Secret) key from the Lenco API Keys tab to enable Lenco in the app.

@endif

Callback and webhook URLs

Use these in the Lenco developer dashboard where applicable. X-Callback-URL is sent on outgoing collection/transfer API calls. Incoming POSTs to /webhook/lenco/… are accepted (CSRF-exempt) and logged.

@foreach($lencoCallbackUrls as $lencoLabel => $lencoUrl)

{{ $lencoLabel }}

{{ $lencoUrl }}

@endforeach

Test calls Lenco with a fake collection reference (like Landlord). It uses values already saved in the database — save changes before testing.

@csrf
{{-- ===== PANEL: Cashback ===== --}} {{-- ===== PANEL: Withdrawals ===== --}} {{-- ===== PANEL: Compliance ===== --}} {{-- ===== PANEL: SMS (OTP) ===== --}}

Saves all sections in one go — switch tabs to review each area before saving.

Reset view
@endsection @push('scripts') @endpush