Documentation
Packagento docs
Everything a buyer needs to install paid Magento modules with Composer, and everything a vendor needs to publish them. Pick a topic below or use the sidebar to navigate.
For buyers
Set up Composer, manage tokens, work across teams.
- Composer setup - add the registry, drop in auth.json, install your first package.
- API tokens - project-scoped credentials: create, rotate, revoke.
- Composer endpoints - /packages.json, /p2/*.json, /dist/*: auth, status codes, caching.
- Source visibility - what you can read and patch in a licensed package.
- Pricing - free, paid, and subscription pricing models.
- Cancel a subscription - how cancellation, period-end, and access work.
- Refunds & disputes - buyer requests, platform review, Stripe-driven chargebacks.
- Refund window timing - when a sale is still refundable and what changes after the window closes.
- Subscription renewals - how each yearly renewal is charged, retried, and reflected in your licence.
- Multi-vendor checkout - buying packages from several vendors in a single order.
- Project package activation - pinning a licence to a specific project so Composer can install it.
- Missing dependency detection - what to do when a package needs another package you haven't licensed yet.
- Team and roles - org and project roles, invites, ownership transfer.
- Cross-org project sharing - share a project read-only with someone outside your org by email.
For vendors
Apply, connect Git + Stripe, ship versions, get paid.
- Apply to be a vendor - what we ask for, what review looks like.
- Vendor onboarding - Git provider, Stripe Connect, your first package.
- Package publishing - add a package, tag a release, what buyers see when.
- Quality & review - the automated checks (PHPCS, PHPStan, security, copy-paste detection) and the package-approval step.
- Repository ingest webhooks - inbound: how tag-push events on your Git repo trigger version ingestion.
- Webhooks - outbound: receive license created / activated / renewed / refunded / revoked events at your own HTTPS endpoints.
- Vendor license keys - the webhook contract Packagento POSTs to your endpoint for licence issuance, refresh, revoke.
- Stripe payouts - payout cadence, holds, troubleshooting.
- Vendor public profile - what buyers see on your vendor page and how to edit it.
- Vendor moderation - the checks a vendor account goes through and how status changes affect your packages.
Reference
- Activity feed - the timeline of events on your account, where to find it, and what shows up on each feed.
- Abuse reports - how to report a package or vendor and what happens after you submit a report.
Need something else?
Get in touch through our contact form for anything not covered here. Security issues should be reported privately through the same contact form - please don't open public issues for vulnerabilities.