Klarna Checkout - Callbacks

During a purchase with an embedded checkout solution like Klarna Checkout, there are a number of http requests back and forth to keep WooCommerce and Klarna in sync. It's important that these requests can be executed without being blocked, otherwise the customer will not be able to create an order in WooCommerce.

Requirements for getting callbacks to work 

Validation callbacks are now required

Since of version 1.10.2 of the KCO plugin we now require all validation callbacks from Klarna to succeed and result in a 200 HTTP response from your server. The validation callback is sent from Klarna to your WooCommerce store when the customer clicks the  Place order button in KCO. In this callback the plugin checks for things like:

  • All products in the cart has enough stock.
  • A shipping method is chosen if shipping is required for the order.
  • Used coupons are valid.
  • User needs to login before finalizing the purchase.
  • Order totals match between Klarna and WooCommerce.

If any of these requirements fail the plugin replies with a 303 HTTP response, the purchase will not go through and the customer will see a notice describing the cause of the problem.

Be aware of firewalls and security plugins

Even if you fulfill all of the requirements mentioned above, you might still experience issues. If you have a firewall solution or a security plugin installed those could block access to the WC-API endpoints and by that making the callbacks to fail. 

If you are using Cloudflare CDN and their WAF Firewall (or other WAF/CDN too like Sucuri or similar) you need to create a specific Page Rule in your Cloudflare account to whitelist the API-calls that is needed for the Klarna plugin to work properly:
https://domain.topdomain/wc-api/KCO_WC_Validation/*

Retrieve more info in Klarna Merchant Portal

To troubleshoot this you have the possibility to look closer in the logs that are available in your  Klarna Merchant Portal. Here is a screenshot displaying the response from a validation callback, where the request is blocked (with a 503 HTTP response) by the security plugin Wordfence:

Another common response header if the request is being blocked by a security/firewall application is 403 (forbidden). See a list of http status codes here.

Tested plugins

We have tested this update (v1.10.2), with a general configuration, on the following plugins (that are all working): 

Firewall or security plugins
- I-themes security 
- WP Security (All In One WP Security) 
- Sucuri (see above if you are using their WAF/CDN service)
- Wordfence 

Multilingual plugins 
- WPML
- Polylang Pro & Polylang for WooCommerce 

Good to know
- You might get another outcome if you have these plugins configured in a more custom way than the general setup.
- All plugins were update to the latest versions available from 2019-07-01.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.