General information
Callbacks
After the order has been placed in WooCommerce and with the payment provider, there are a number of http requests back and forth to keep WooCommerce and the payment provider in sync. It’s important that these requests can be executed without being blocked, otherwise the customer will not be able to create an order in WooCommerce.
Requirements for getting callbacks to work
- The website needs to have a publicly queryable URL (use a service like ngrok.com if you want to use the plugin in a local development environment).
- The website needs to have https configured correctly (not only in checkout, but for the entire website).
- Pretty permalinks must be enabled in your WordPress installation.
- Multilingual plugins must not alter the URL structure for WooCommerce API Callbacks (e.g. change http://yoursite.com/wc-api/CALLBACK/ to http://yoursite.com/en/wc-api/CALLBACK/).
Be aware of firewalls and security plugins
Even if you fulfill all of the requirements mentioned above, you might still experience issues. If you have a firewall solution or a security plugin installed those could block access to the WC-API endpoints and by that making the callbacks to fail. If you are using Cloudflare CDN and their WAF Firewall (or other WAF/CDN too like Sucuri or similar server hosting firewalls) you need to create a specific Page Rule to whitelist the API-calls that is needed for the plugin to work properly.
We recommend (if possible) to whitelist:
https://domain.topdomain/wc-api/*
Specify what URLs to whitelist
If you want to specify what URLs to whitelist, please visit the article for your plugin:
Avarda Checkout for WooCommerce
Kustom Checkout for WooCommerce
Troubleshooting callbacks and HTTP status codes
Before reaching out to us, here are a few important things to check when dealing with callbacks and HTTP status codes from your payment service provider (PSP).
Check the PSP callback and HTTP status code
Look at the callback requests sent from the PSP to your store, and take note of the HTTP status codes they receive. Based on the response code, here’s what you need to consider:
2xx / 3xx Responses – Looks OK, but still having issues?
If the callback returns a 2xx or 3xx status code but the order is still not updating correctly, here are some important things to know:
- A
200 OKresponse doesn’t always mean everything worked. In some cases, servers or firewalls are configured to return a 200 status on all requests – even failed ones. - Try comparing one callback that worked with one that didn’t. This can help narrow down where the issue lies.
What Krokedil will do:
- We’ll check the WooCommerce logs to see if any callbacks were registered at all.
- If no callbacks are logged, the issue is likely related to the server or site blocking the requests – not the plugin.
In this case, you’ll need to contact your hosting provider or developer. We can’t resolve this on our end. - If we do see callbacks in the logs, we’ll continue troubleshooting from our side.
4xx Responses – Callback blocked by your site
A 4xx status code means your site is actively blocking the callback request. This is usually caused by:
- Security or firewall plugins
- Hosting-level firewalls (like ModSecurity)
- CDN or WAF services like Cloudflare or Sucuri
What the merchant needs to do:
- Whitelist the callback URL:
https://yourdomain.com/wc-api/ - Contact your web developer or hosting provider for help – this is not something we at Krokedil can fix, as it’s outside the plugin scope.
5xx Responses – Server error or plugin crash
A 5xx error usually indicates a server-side issue. It could be caused by:
- Server configuration problems
- A fatal error in plugin or theme code
Next steps:
- Contact your hosting provider or developer to investigate.
- If you suspect a plugin-related error, contact us at Krokedil. We’ll need:
- WooCommerce logs
- The fatal error log from the day the issue occurred
You can find information on how to obtain the logs, as well as other support related information, in the How to prepare a support ticket article.