Klarna Checkout - Callbacks
During a purchase with an embedded checkout solution like Klarna Checkout, there are a number of http requests back and forth to keep WooCommerce and Klarna in sync. It's important that these requests can be executed without being blocked, otherwise the customer will not be able to create an order in WooCommerce.
Requirements for getting callbacks to work
- The website needs to have a publicly queryable URL (use a service like ngrok.com if you want to use KCO in a local development environment).
- The website needs to have https configured correctly (not only in checkout, but for the entire website).
- Pretty permalinks must be enabled in your WordPress installation.
- Multilingual plugins must not alter the URL structure for WooCommerce API Callbacks (e.g. change http://yoursite.com/wc-api/CALLBACK/ to http://yoursite.com/en/wc-api/CALLBACK/).
Validation callbacks are now required
Since of version 1.10.2 of the KCO plugin we now require all validation callbacks from Klarna to succeed and result in a 200 HTTP response from your server. The validation callback is sent from Klarna to your WooCommerce store when the customer clicks the Place order button in KCO. In this callback the plugin checks for things like:
- All products in the cart has enough stock.
- A shipping method is chosen if shipping is required for the order.
- Used coupons are valid.
- User needs to login before finalizing the purchase.
- Order totals match between Klarna and WooCommerce.
If any of these requirements fail the plugin replies with a 303 HTTP response, the purchase will not go through and the customer will see a notice describing the cause of the problem.
Be aware of firewalls and security plugins
Even if you fulfill all of the requirements mentioned above, you might still experience issues. If you have a firewall solution or a security plugin installed those could block access to the WC-API endpoints and by that making the callbacks to fail.
We recommend (if possible) to whitelist:
But if you want to specify what urls to whitelist you can use these:
This example is from a Cloudflare account:
Retrieve more info in Klarna Merchant Portal
To troubleshoot this you have the possibility to look closer in the logs that are available in your Klarna Merchant Portal. Here is a screenshot displaying the response from a validation callback, where the request is blocked (with a 503 HTTP response) by the security plugin Wordfence:
Another common response header if the request is being blocked by a security/firewall application is 403 (forbidden). See a list of http status codes here.
We have tested this update (v1.10.2), with a general configuration, on the following plugins (that are all working):
Firewall or security plugins
- I-themes security
- WP Security (All In One WP Security)
- Sucuri (see above if you are using their WAF/CDN service)
- Polylang Pro & Polylang for WooCommerce
Good to know
- You might get another outcome if you have these plugins configured in a more custom way than the general setup.
- All plugins were update to the latest versions available from 2019-07-01.