Loading...
Loading...
Receive and verify WooCommerce webhooks. Use when setting up WooCommerce webhook handlers, debugging signature verification, or handling e-commerce events like order.created, order.updated, product.created, or customer.created.
npx skill4agent add hookdeck/webhook-skills woocommerce-webhooksconst crypto = require('crypto');
function verifyWooCommerceWebhook(rawBody, signature, secret) {
if (!signature || !secret) return false;
const hash = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('base64');
try {
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(hash)
);
} catch {
return false;
}
}const express = require('express');
const app = express();
// CRITICAL: Use raw body for signature verification
app.use('/webhooks/woocommerce', express.raw({ type: 'application/json' }));
app.post('/webhooks/woocommerce', (req, res) => {
const signature = req.headers['x-wc-webhook-signature'];
const secret = process.env.WOOCOMMERCE_WEBHOOK_SECRET;
if (!verifyWooCommerceWebhook(req.body, signature, secret)) {
return res.status(400).send('Invalid signature');
}
const payload = JSON.parse(req.body);
const topic = req.headers['x-wc-webhook-topic'];
console.log(`Received ${topic} event:`, payload.id);
res.status(200).send('OK');
});import crypto from 'crypto';
import { NextRequest } from 'next/server';
export async function POST(request: NextRequest) {
const signature = request.headers.get('x-wc-webhook-signature');
const secret = process.env.WOOCOMMERCE_WEBHOOK_SECRET;
const rawBody = await request.text();
if (!verifyWooCommerceWebhook(rawBody, signature, secret)) {
return new Response('Invalid signature', { status: 400 });
}
const payload = JSON.parse(rawBody);
const topic = request.headers.get('x-wc-webhook-topic');
console.log(`Received ${topic} event:`, payload.id);
return new Response('OK', { status: 200 });
}import hmac
import hashlib
import base64
from fastapi import FastAPI, Request, HTTPException
app = FastAPI()
def verify_woocommerce_webhook(raw_body: bytes, signature: str, secret: str) -> bool:
if not signature or not secret:
return False
hash_digest = hmac.new(
secret.encode(),
raw_body,
hashlib.sha256
).digest()
expected_signature = base64.b64encode(hash_digest).decode()
return hmac.compare_digest(signature, expected_signature)
@app.post('/webhooks/woocommerce')
async def handle_webhook(request: Request):
raw_body = await request.body()
signature = request.headers.get('x-wc-webhook-signature')
secret = os.getenv('WOOCOMMERCE_WEBHOOK_SECRET')
if not verify_woocommerce_webhook(raw_body, signature, secret):
raise HTTPException(status_code=400, detail='Invalid signature')
payload = await request.json()
topic = request.headers.get('x-wc-webhook-topic')
print(f"Received {topic} event: {payload.get('id')}")
return {'status': 'success'}| Event | Triggered When | Common Use Cases |
|---|---|---|
| New order placed | Send confirmation emails, update inventory |
| Order status changed | Track fulfillment, send notifications |
| Order deleted | Clean up external systems |
| Product added | Sync to external catalogs |
| Product modified | Update pricing, inventory |
| New customer registered | Welcome emails, CRM sync |
| Customer info changed | Update profiles, preferences |
WOOCOMMERCE_WEBHOOK_SECRET=your_webhook_secret_keyX-WC-Webhook-SignatureX-WC-Webhook-TopicX-WC-Webhook-ResourceX-WC-Webhook-EventX-WC-Webhook-SourceX-WC-Webhook-IDX-WC-Webhook-Delivery-ID# Install via npm
npm install -g hookdeck-cli
# Or via Homebrew
brew install hookdeck/hookdeck/hookdeckhookdeck listen 3000 --path /webhooks/woocommerceoverview.mdsetup.mdverification.mdexamples/