Building a bKash Payment Gateway for Blogger
How I built an open-source bKash payment system for Blogger without backend access. A technical breakdown of challenges, architecture, API integration, security handling, and deployment strategy for Bangladeshi websites.
Blogger is powerful.
But it has one massive limitation: no backend access.
As a Bangladeshi digital creator, I noticed something frustrating — thousands of Blogger users monetize with ads, but they can’t directly accept payments using local gateways like bKash.
So I decided to solve it.
This project is an open-source bKash Payment Integration System for Blogger, built specifically for Bangladeshi bloggers who want to:
- Sell digital products
- Accept donations
- Offer premium content
- Collect service payments
- Use Bangladeshi payment methods
All without migrating to WordPress.
And yes — the entire project is shared publicly on GitHub.
Project Link - bKash Blogger PGW
The Core Problem
Blogger does not provide:
- Server-side scripting (No PHP, Node.js, Python)
- No database access
- No custom backend routes
- No secure server execution layer
But bKash API requires:
- API Key & Secret
- Token generation
- Authorization headers
- Server-side validation
- Callback handling
- Secure transaction verification
Which means:
Blogger and bKash architecture are fundamentally incompatible.
So the question became:
How do you integrate a server-based payment gateway into a frontend-only platform?
Technical Challenges I Faced
1️⃣ No Backend on Blogger
Blogger is purely static + client-side rendered.
But bKash APIs require secure server-side authentication.
Directly calling bKash from JavaScript is impossible because:
- API secrets would be exposed
- CORS would block requests
- Token generation must remain private
Solution: I had to create a middleware backend layer outside Blogger.
2️⃣ Secure Token Management
bKash uses OAuth-style token generation.
Flow:
- App Key + App Secret → Generate ID Token
- Use Token → Create Payment
- Execute Payment
- Query Transaction Status
Since Blogger cannot store secrets securely, I implemented:
- External server (Node.js / Express-based micro service)
- Environment variables for API keys
- Server-side token caching
- Token expiration handling logic
3️⃣ Payment Verification & Fraud Prevention
Client-side validation is dangerous.
Users can manipulate frontend JavaScript.
So I implemented:
- Server-side payment execution verification
- Transaction ID validation
- Status check endpoint
- Duplicate payment prevention logic
- Payment confirmation via callback URL
Only after backend confirmation does the success message trigger.
4️⃣ CORS & Cross-Origin Issues
Blogger runs under blogspot domain.
Backend runs on separate domain.
To solve CORS:
- Configured Express CORS middleware
- Restricted allowed origins
- Secured only required endpoints
- Used HTTPS enforced endpoints
System Architecture
Here’s the simplified architecture:
User → Blogger Website → External API Server → bKash API
bKash → API Server → Blogger Success Page
Components:
- Frontend (Blogger)
- Custom HTML widget
- JavaScript payment trigger
- Dynamic checkout button
- Redirect handler
- Backend (Node.js Microservice)
- Token generator
- Create payment endpoint
- Execute payment endpoint
- Query transaction endpoint
- Environment-based configuration
- bKash Merchant API
Key Technical Stack
- HTML5
- Vanilla JavaScript
- Fetch API
- Node.js
- Express.js
- bKash Merchant API
- GitHub (Open Source Distribution)
No frameworks. No CMS dependency. Pure architecture thinking.
Security Considerations
Since payment systems handle money, I focused on:
- No API keys exposed in frontend
- All secret keys in environment variables
- HTTPS mandatory
- Token expiration handling
- Server-side execution validation
- Strict CORS policy
- Input sanitization
Why This Project Matters
Bangladesh has:
- Thousands of Blogger users
- Growing digital product creators
- Coaches, teachers, freelancers
- Limited access to global payment systems
But local payment integration was missing.
This solution enables:
- Local currency payments
- Seamless checkout
- Low migration cost
- Open access system for beginners
It bridges the gap between legacy blogging platforms and modern fintech APIs.
Open Source Philosophy
I didn’t want this to be another closed system.
So I made it:
- Fully documented
- Beginner-friendly
- Customizable
- Free to use
- Available on GitHub
Developers can fork it.
Modify it.
Deploy it.
And Bangladeshi bloggers finally get a local payment solution.
Lessons Learned
- Platform limitation is not a dead end — it’s an architectural challenge.
- Security must always come before convenience.
- Middleware is the key when frontend platforms lack backend access.
- Open source accelerates ecosystem growth.
- Fintech integration requires patience, documentation reading, and proper testing.
Final Thoughts
This wasn’t just about integrating bKash.
It was about solving a real ecosystem problem.
When platforms limit you, you either complain — or you build around the limitation.
I chose to build.
And this project reflects my core belief:
Technology is not about tools. It’s about creating systems where none exist
