Woocommerce webhook payload and header example

webhook.header.txt

expect	100-continue
content-length	1998
connection	close
x-wc-webhook-delivery-id	36e520ebabc2fa725092ff4a47acedf2
x-wc-webhook-id	3
x-wc-webhook-signature	5poyFy4qB6fdvvT5pGbefZmfkpL48uD47F0WYwfmpo4=
x-wc-webhook-event	created
x-wc-webhook-resource	order
x-wc-webhook-topic	order.created
x-wc-webhook-source	https://www.website.com/
content-type	application/json
referer	https://api.website.com/woocommerce
accept-encoding	deflate, gzip
accept	*/*
user-agent	WooCommerce/3.9.1 Hookshot (WordPress/5.3.2)
host	webhook.site

webhook.payload.json

{
  "id": 4750,
  "parent_id": 0,
  "number": "4750",
  "order_key": "wc_order_Q6tuhq12KJOel",
  "created_via": "admin",
  "version": "3.9.1",
  "status": "completed",
  "currency": "CLP",
  "date_created": "2020-03-11T16:54:40",
  "date_created_gmt": "2020-03-11T19:54:40",
  "date_modified": "2020-03-11T16:56:05",
  "date_modified_gmt": "2020-03-11T19:56:05",
  "discount_total": "0",
  "discount_tax": "0",
  "shipping_total": "0",
  "shipping_tax": "0",
  "cart_tax": "0",
  "total": "18000",
  "total_tax": "0",
  "prices_include_tax": false,
  "customer_id": 1,
  "customer_ip_address": "",
  "customer_user_agent": "",
  "customer_note": "",
  "billing": {
    "first_name": "Test",
    "last_name": "Test",
    "company": "Test",
    "address_1": "Test",
    "address_2": "",
    "city": "Test",
    "state": "",
    "postcode": "1231234",
    "country": "CL",
    "email": "[email protected]",
    "phone": "999999"
  },
  "shipping": {
    "first_name": "Test",
    "last_name": "Test",
    "company": "Test",
    "address_1": "Test",
    "address_2": "",
    "city": "Test",
    "state": "Test",
    "postcode": "99999999",
    "country": ""
  },
  "payment_method": "",
  "payment_method_title": "",
  "transaction_id": "",
  "date_paid": "2020-03-11T16:56:05",
  "date_paid_gmt": "2020-03-11T19:56:05",
  "date_completed": "2020-03-11T16:56:05",
  "date_completed_gmt": "2020-03-11T19:56:05",
  "cart_hash": "",
  "meta_data": [
    {
      "id": 91263,
      "key": "first_name_beneficiary",
      "value": "Juan"
    },
    {
      "id": 91299,
      "key": "slide_template",
      "value": "default"
    }
  ],
  "line_items": [
    {
      "id": 2593,
      "name": "Test product",
      "product_id": 626,
      "variation_id": 0,
      "quantity": 1,
      "tax_class": "",
      "subtotal": "18000",
      "subtotal_tax": "0",
      "total": "18000",
      "total_tax": "0",
      "taxes": [],
      "meta_data": [],
      "sku": "5e519da42e647469316de29c",
      "price": 18000
    }
  ],
  "tax_lines": [],
  "shipping_lines": [],
  "fee_lines": [],
  "coupon_lines": [],
  "refunds": [],
  "_links": {
    "self": [
      {
        "href": "https://www.website.com/wp-json/wc/v3/orders/4750"
      }
    ],
    "collection": [
      {
        "href": "https://www.website.com/wp-json/wc/v3/orders"
      }
    ],
    "customer": [
      {
        "href": "https://www.website.com/wp-json/wc/v3/customers/1"
      }
    ]
  }
}

Some fields were added by custom plugins also URLs were changed for security reasons.

Tips

Try use exclusive endpoints for Woocommerce webhooks because works very bad when returns HTTP codes different of range 200-204, always it's deactivated if your endpoint maybe returns 401, 403, etc.

The field status say you if the order is completed or not. The following list have the possible status:

• pending_payment
• failed
• processing
• completed
• on_hold
• canceled
• refunded
• authentication_required

This is the flow of orders:

Woocommerce Docs (https://docs.woocommerce.com/document/managing-orders/)

Security

I was never can send to my endpoints a JWT in the header, but I do validations starting from IP and x-wc-webhook-source.

IS VERY IMPORTANT VALIDATE WHERE DOES THE REQUEST COME FROM AND ADD PROTECTIONS FOR DDOS ATTACKS.