Skip to content

Instantly share code, notes, and snippets.

@matiaslopezd
Last active June 12, 2024 15:53
Show Gist options
  • Save matiaslopezd/81349f4f6a48cb0efefa0c38f6e2844c to your computer and use it in GitHub Desktop.
Save matiaslopezd/81349f4f6a48cb0efefa0c38f6e2844c to your computer and use it in GitHub Desktop.
Woocommerce webhook payload and header example
expect 100-continue
content-length 1998
connection close
x-wc-webhook-delivery-id 36e520ebabc2fa725092ff4a47acedf2
x-wc-webhook-id 3
x-wc-webhook-signature 5poyFy4qB6fdvvT5pGbefZmfkpL48uD47F0WYwfmpo4=
x-wc-webhook-event created
x-wc-webhook-resource order
x-wc-webhook-topic order.created
x-wc-webhook-source https://www.website.com/
content-type application/json
referer https://api.website.com/woocommerce
accept-encoding deflate, gzip
accept */*
user-agent WooCommerce/3.9.1 Hookshot (WordPress/5.3.2)
host webhook.site
{
"id": 4750,
"parent_id": 0,
"number": "4750",
"order_key": "wc_order_Q6tuhq12KJOel",
"created_via": "admin",
"version": "3.9.1",
"status": "completed",
"currency": "CLP",
"date_created": "2020-03-11T16:54:40",
"date_created_gmt": "2020-03-11T19:54:40",
"date_modified": "2020-03-11T16:56:05",
"date_modified_gmt": "2020-03-11T19:56:05",
"discount_total": "0",
"discount_tax": "0",
"shipping_total": "0",
"shipping_tax": "0",
"cart_tax": "0",
"total": "18000",
"total_tax": "0",
"prices_include_tax": false,
"customer_id": 1,
"customer_ip_address": "",
"customer_user_agent": "",
"customer_note": "",
"billing": {
"first_name": "Test",
"last_name": "Test",
"company": "Test",
"address_1": "Test",
"address_2": "",
"city": "Test",
"state": "",
"postcode": "1231234",
"country": "CL",
"email": "[email protected]",
"phone": "999999"
},
"shipping": {
"first_name": "Test",
"last_name": "Test",
"company": "Test",
"address_1": "Test",
"address_2": "",
"city": "Test",
"state": "Test",
"postcode": "99999999",
"country": ""
},
"payment_method": "",
"payment_method_title": "",
"transaction_id": "",
"date_paid": "2020-03-11T16:56:05",
"date_paid_gmt": "2020-03-11T19:56:05",
"date_completed": "2020-03-11T16:56:05",
"date_completed_gmt": "2020-03-11T19:56:05",
"cart_hash": "",
"meta_data": [
{
"id": 91263,
"key": "first_name_beneficiary",
"value": "Juan"
},
{
"id": 91299,
"key": "slide_template",
"value": "default"
}
],
"line_items": [
{
"id": 2593,
"name": "Test product",
"product_id": 626,
"variation_id": 0,
"quantity": 1,
"tax_class": "",
"subtotal": "18000",
"subtotal_tax": "0",
"total": "18000",
"total_tax": "0",
"taxes": [],
"meta_data": [],
"sku": "5e519da42e647469316de29c",
"price": 18000
}
],
"tax_lines": [],
"shipping_lines": [],
"fee_lines": [],
"coupon_lines": [],
"refunds": [],
"_links": {
"self": [
{
"href": "https://www.website.com/wp-json/wc/v3/orders/4750"
}
],
"collection": [
{
"href": "https://www.website.com/wp-json/wc/v3/orders"
}
],
"customer": [
{
"href": "https://www.website.com/wp-json/wc/v3/customers/1"
}
]
}
}
@matiaslopezd
Copy link
Author

Some fields were added by custom plugins also URLs were changed for security reasons.

Tips

Try use exclusive endpoints for Woocommerce webhooks because works very bad when returns HTTP codes different of range 200-204, always it's deactivated if your endpoint maybe returns 401, 403, etc.

The field status say you if the order is completed or not. The following list have the possible status:

  • pending_payment
  • failed
  • processing
  • completed
  • on_hold
  • canceled
  • refunded
  • authentication_required

This is the flow of orders:

image

Woocommerce Docs (https://docs.woocommerce.com/document/managing-orders/)

Security

I was never can send to my endpoints a JWT in the header, but I do validations starting from IP and x-wc-webhook-source.

IS VERY IMPORTANT VALIDATE WHERE DOES THE REQUEST COME FROM AND ADD PROTECTIONS FOR DDOS ATTACKS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment