# gbg-loqate/loqate-integration

> Performs address capture and data validation (email, phone number and address) using Loqate API.

`composer require gbg-loqate/loqate-integration`

Canonical URL: https://packagento.com/gbg-loqate/loqate-integration

## At a glance

- **Vendor**: gbg-loqate (https://packagento.com/gbg-loqate.md)
- **Latest version**: 2.0.10 — released 2026-06-05
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/gbg-loqate/loqate-integration and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require gbg-loqate/loqate-integration:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Performs address capture and data validation (email, phone number and address) using Loqate API.

## README

### What is the Loqate API Integration?

Performs address capture and data validation (email, phone number and address) using Loqate API.

### Download

#### Download via composer

Request composer to fetch the module:

```
composer require loqate-integration/adobe
```

#### Manual Download

Download & copy the git content to `/app/code/Loqate/ApiIntegration`.

### Install

Please run the following commands after you download the module.

```
php bin/magento module:enable Loqate_ApiIntegration
php bin/magento setup:upgrade
php bin/magento setup:di:compile
```

### Configuration Instructions

The configuration for the module is located under Stores -> Configuration -> Loqate.

### Magento 2 DevContainer Setup

This repository includes a [devcontainer](.devcontainer/) for rapid Magento 2 extension development.

#### Quick Start

1. **Create a devcontainer.env**: Before opening the devcontainer you will need to create a `devcontainer.env` file which you can copy from [`devcontainer.env.example`](.devcontainer/devcontainer.env.example).
1. **Open in VS Code**: Use the "Reopen in Container" command (requires the Remote - Containers extension).
1. **Wait for Setup**: The devcontainer will build, install dependencies, and set up Magento 2 automatically.
1. **Access Magento**:
   - Storefront: [http://localhost:8080](http://localhost:8080)
   - Admin: [http://localhost:8080/admin](http://localhost:8080/admin)
   - Default admin user: `admin` / `admin123`
1. **Live Extension Development**: Your extension source is mounted into the running Magento instance. Changes are reflected immediately after running `bin/magento setup:upgrade` and clearing cache.

#### Services

- PHP-FPM (8.1)
- Nginx
- MySQL 8
- Opensearch
- Redis

#### Notes

- The first startup may take several minutes (Magento install, Composer, DB setup).
- The extension is symlinked into `app/code/Loqate/ApiIntegration`.
- To re-run setup, use [`.devcontainer/setup-magento.sh`](.devcontainer/setup-magento.sh) inside the container.
- If you have any DNS issues, you will need to copy your Zscaler certificate into the PHP container - see the Zscaler workaround comment in the [`Dockerfile`](.devcontainer/Dockerfile).

### Useful helpers

- `php -r '$e=include "app/etc/env.php"; $d=$e["db"]["connection"]["default"]; printf("mysql -h%s -u%s -p%s %s\n",$d["host"],$d["username"],$d["password"],$d["dbname"]);'` Will extract the command to access mysql within the devcontainer, currently that command is `mysql -hdb -umagento -pmagento magento`
- `bin/magento config:show` will list all of the config currently set in the instance, this can be set with `bin/magento config:set <PATH> <VALUE>`


### Testing

#### Automated unit tests

Unit tests live under [`Test/Unit`](Test/Unit) and run with Magento's unit test suite. From the Magento root of an instance that has the module installed:

```bash
## Module installed via composer:
vendor/bin/phpunit -c dev/tests/unit/phpunit.xml.dist \
  vendor/gbg-loqate/loqate-integration/Test/Unit

## Module installed under app/code:
vendor/bin/phpunit -c dev/tests/unit/phpunit.xml.dist \
  app/code/Loqate/ApiIntegration/Test/Unit
```

`Test/Unit/Helper/ValidatorTest.php` covers the captured-address (Loqate lookup) bypass: array-street parsing, that a looked-up address is recognised across countries (e.g. UK province-name vs region, US `CA` vs `California`), case/whitespace tolerance, and the guards that a different or empty address is **not** bypassed.

#### Manual testing (checkout flow)

**Prerequisites** (Admin → Stores → Configuration → Loqate, or `bin/magento config:set`):

- `loqate_settings/settings/api_key` — a valid Loqate API key
- `loqate_settings/address_settings/enable_checkout` = `1` (verification enabled at checkout)
- Capture/lookup enabled on checkout
- Optional: set strict thresholds under `loqate_settings/verify_threshold_settings` so a hand-typed address would be rejected, making the bypass behaviour obvious

**Verify a looked-up address is accepted (the main regression):**

1. Go to checkout (guest or logged-in).
2. Use the **Loqate lookup** and **select a suggested address from the dropdown** — do not hand-type it.
3. Proceed through shipping / place order. The address should be accepted and checkout should proceed (the selected address bypasses re-verification).

**Different-country checks** (the bypass is locale-agnostic):

- **US** — lookup returns the state as a full name (e.g. *California*) while Magento stores the region as `CA`; the address should still be accepted.
- **UK** — lookup an address with no region; should be accepted.

**Guard checks (verification is still active):**

- Hand-type an invalid address **without** using the lookup → verification still fires and rejects it.
- Select a lookup address, then **edit** a field (e.g. the street) → it is re-verified, since it no longer matches the captured address.

**Observe via logs** — a bypassed (captured) address makes no verify API call, whereas a hand-typed one does:

```bash
tail -f var/log/loqate*.log
```


### Deployment

Releasing a new version requires two separate deployments: one to the **Adobe Marketplace** and one via **Composer**. Before proceeding with either, update the version number in both [`composer.json`](composer.json) and [`etc/module.xml`](etc/module.xml) to reflect the new release, then commit and push the change.

Note that the Git tag for the Composer release is created automatically when changes are merged to `master` — see the [Composer](#composer) section below.

#### Adobe Marketplace

_(README truncated for .md surface. Full README on https://packagento.com/gbg-loqate/loqate-integration.)_

## Recent Versions

| Version | Released |
|---|---|
| 2.0.10 | 2026-06-05 |
| 2.0.9 | 2026-06-04 |
| 2.0.4 | 2026-05-05 |
| 2.0.3 | 2026-01-21 |
| 2.0.2 | 2025-12-10 |
| 2.0.1 | 2025-10-21 |
| 2.0.0 | 2025-09-23 |
| 1.1.16 | 2025-08-12 |
| 1.1.14 | 2025-02-28 |
| 1.1.13 | 2025-02-26 |

Showing 10 of 15 versions. Full release history on https://packagento.com/gbg-loqate/loqate-integration.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| lqt/api-connector | * |

## Quality

Latest release (2.0.10) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | Pass | Pass |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 91 | 91 warnings (ruleset: Magento2) — 39 auto-fixable with phpcbf |
| PHPMD | Warning | 27 | 27 rule violations (UnusedFormalParameter:8, IfStatementAssignment:8, UndefinedVariable:5, CyclomaticComplexity:3, NPathComplexity:2) |
| Cpd | Warning | 1 | 1 duplicated chunk spanning 33 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Info | 3 | valid; 3 advisory notes (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 26 | 26 | – | – |
| 2.4.8 | – | 27 | 27 | – |
| 2.4.9 | – | – | 27 | 27 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["gbg-loqate/loqate-integration"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

gbg-loqate is a Magento 2 vendor on Packagento. See https://packagento.com/gbg-loqate.md for their full catalogue.