In some cases, the order in WooCommerce is not being created and processed in the customer’s browser as intended. The main reason for this not happening is because the customer is making the purchase from a mobile phone, switching to another app (like Swish or Mobile Bank ID) to finalize the purchase, but never returning back to the browser after completing the payment in the other app.

In theses cases, the order is not created correctly in WooCommerce. To be able to handle these scenarios, the plugin is listening for (and creating the order in WooCommerce via) a server-to-server callback from Ecster.

Requirements for getting callbacks to work 

  • The website needs to have a publicly queryable URL (use a service like if you want to use Ecster Pay in a local development environment).
  • Pretty permalinks must be enabled in your WordPress installation.
  • Multilingual plugins must not alter the URL structure for WooCommerce API Callbacks (e.g. change to

Be aware of firewalls and security plugins

Even if you fulfill all of the requirements mentioned above, you might still experience issues. If you have a firewall solution or a security plugin installed those could block access to the WC-API endpoints and by that making the callbacks to fail. If you are using Cloudflare CDN and their WAF Firewall (or other WAF/CDN too like Sucuri or similar server hosting firewalls) you need to create a specific Page Rule to whitelist the API-calls that are needed for the Ecster plugin to work properly.

We recommend (if possible) to whitelist requests to:


If you want to whitelist specifically the Ecster callback URL you can use this:


Make sure that cronjob works

When a callback is sent from Ecster to your store, the task of executing the callback is scheduled to happen 2 minutes after the actual callback (so the callback isn’t accidentally processed at the same time as the order is finalized by the customer in the checkout).

The plugin relies on the Action Scheduler, that is included in WooCommerce. The Action Scheduler in its turn relies on WordPress cron. Basically this means that WP cron must work as intended for the callbacks to function properly.