Authentication
WooCommerce connect uses a bootstrap or reconnect key. After connect, the plugin uses a dedicated integration key with Woo-only scopes.Connect
POST /v1/integration/woocommerce/connect
| Scope | woocommerce:connect (bootstrap/reconnect keys) |
api_key, webhook_secret, and integration_public_id (int_...).
Security
Store webhook secret in WordPress options only. Never expose in frontend.Disconnect
POST /v1/integration/woocommerce/disconnect
Scope: woocommerce:disconnect.
Status
GET /v1/integration/woocommerce/status
Returns connection state, payout readiness, and integration_public_id (int_...).
Invoice → webhook → payment_complete() flow
- Woo plugin creates invoice via dedicated key (
invoices:create). - Buyer pays on hosted checkout.
- Meum delivers
invoice.paidwithX-Meum-*headers. - Plugin verifies signature,
X-Meum-Integration-Id(int_...), and timestamp. - Handler calls
$order->payment_complete()once perX-Meum-Event-Id. - Duplicate events return
{ "duplicate": true }without re-running payment actions.
Security notes
- Reject webhooks when integration id does not match stored
int_... - Do not replay production webhook payloads in test environments without proper isolation