# signifyd/module-connect

> Signifyd integration for Magento

`composer require signifyd/module-connect`

Canonical URL: https://packagento.com/signifyd/module-connect

## At a glance

- **Vendor**: signifyd (https://packagento.com/signifyd.md)
- **Latest version**: 5.10.2 — released 2026-02-11
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/signifyd/module-connect and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require signifyd/module-connect:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Signifyd integration for Magento

## README

Signifyd’s Magento extension enables merchants on Magento 2 to integrate with Signifyd, automating fraud prevention and protecting them in case of chargebacks.

### Install/update using composer

Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.

You can learn more about it at [https://getcomposer.org](https://getcomposer.org).

Before getting started make sure you have composer properly installed on your environment.

*Note: depending on the operating system and how composer is installed, you may need to add '.phar' after 'composer' using the command lines, i.e. change from 'composer' => 'composer.phar'*

#### Install/update

With composer installed, run the command below on terminal. This will install/update Signifyd extension to the [latest release](https://github.com/signifyd/magento2/releases).

```bash
cd MAGENTO_ROOT
composer config repositories.signifydmage2 git https://github.com/signifyd/magento2.git
composer require signifyd/module-connect
bin/magento setup:upgrade
bin/magento setup:di:compile
``` 

#### Uninstall extension

**This only applies if extension has been installed using composer** 

To remove extension completely, run this command in terminal.

```bash
cd MAGENTO_ROOT
composer remove signifyd/module-connect
bin/magento setup:upgrade
bin/magento setup:di:compile
```

And run this command on MySQL.

```mysql
DELETE FROM setup_module WHERE module='Signifyd_Connect';
```

You can also delete all Signifyd extension data using this guide, [install troubleshooting doc](docs/INSTALL-TROUBLESHOOT.md#purge-all-signifyd-data).

### Configure
View our Magento 2 product manual to learn how to [configure the extension](https://community.signifyd.com/support/s/article/magento-2-extension-install-guide)

### Logs

Info or general logs can be found on MAGENTO_ROOT/var/log/signifyd_connect.log file.
If debug mode is enabled those logs can be found on MAGENTO_ROOT/var/log/signifyd_connect_debug.log

### Advanced Settings

These settings enable fine grain control over advanced capabilities of the extension.

_Updating these settings should only be performed by an experienced developer under the supervision of the Signifyd support team. If these steps are not completed correctly an issue may occur._

#### Restrict orders by states

Restrict orders with specific order states (not status) from being sent to Signifyd.

[Restrict orders by states](docs/RESTRICT-STATES.md) 

#### Restrict orders by payment methods

Restrict orders with specific payment methods from being sent to Signifyd.

[Restrict orders by payment methods](docs/RESTRICT-PAYMENTS.md)

#### Add carriers/methods mappings

Map custom shipping carriers and methods from Magento to Signifyd.

[Carrier/method mapping](docs/SHIPPING-MAPPING.md)

#### Add payment methods mappings

Map custom payment methods from Magento to Signifyd.

[Payment method mapping](docs/PAYMENT-MAPPING.md)

#### Pass custom payment data using payment gateways APIs

The Signifyd extension will use external class to collect payment data (avsResponseCode, cvvResponseCode, cardBin, cardLast4, cardExpiryMonth and cardExpiryYear) from payment gateway APIs when submitting an order for guarantee. If these fields are missing from submitted orders you can pass these fields by using existing gateways APIs integrations on our SDK or building your own. 

[Payment gateways](docs/PAYMENT-DETAILS-GATEWAY.md)

#### Pass custom payment data using payment mappers

The Signifyd extension will try to collect payment data (avsResponseCode, cvvResponseCode, cardBin, cardLast4, cardExpiryMonth and cardExpiryYear) from Magento when submitting an order for guarantee. If these fields are missing from submitted orders you can pass these fields by using the extension's mappers. 

[Payment mappers](docs/PAYMENT-DETAILS.md)

#### Pass payment details - pre auth policy

On the pre auth policy, Signifyd cases are created before the payment being submitted to the payment gateway. So, AVS code, CVV code and transaction ID are not available at all at this moment. But it is desirable to try to collect most of these information: bin, last4, expiry month and expiry year.
In order to do that, it's needed to use some JavaScript code to collect most information as possible.

[Pass payment details](docs/PASS-PAYMENT-PRE-AUTH.md)

## Recent Versions

| Version | Released |
|---|---|
| 5.10.2 | 2026-02-11 |
| 5.10.1 | 2026-01-29 |
| 5.10.0 | 2025-12-10 |
| 5.9.1 | 2025-09-23 |
| 5.9.0 | 2025-08-07 |
| 5.8.2 | 2025-04-02 |
| 5.8.1 | 2024-07-25 |
| 5.8.0 | 2024-06-05 |
| 5.7.0 | 2024-03-22 |
| 5.6.0 | 2024-01-31 |

Showing 10 of 90 versions. Full release history on https://packagento.com/signifyd/module-connect.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| monolog/monolog | >=1.16.0 |
| php | >=5.5.22 |
| signifyd/signifyd-php | 4.1.6 |

## Quality

Latest release (5.10.2) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | Pass | Pass |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 2 | 2 warnings (ruleset: Magento2) |
| PHPMD | Warning | 151 | 151 rule violations (UnusedFormalParameter:44, CyclomaticComplexity:28, NPathComplexity:18, ExcessiveParameterList:13, ExcessiveMethodLength:13) |
| Cpd | Pass | 0 |  |
| Composer validate | Info | 4 | valid; 4 advisory notes (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 262 | 262 | – | – |
| 2.4.8 | – | 262 | 262 | – |
| 2.4.9 | – | – | 261 | 261 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Error | Error | – | – |
| 2.4.8 | – | 50 | not tested | – |
| 2.4.9 | – | – | 50 | not tested |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["signifyd/module-connect"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

signifyd is a Magento 2 vendor on Packagento. See https://packagento.com/signifyd.md for their full catalogue.

