HubACP Documentation
Welcome to the complete guide for HubACP (WooCommerce Agentic Commerce Protocol) - the definitive API that empowers AI agents to interact with your WooCommerce store.
Getting Started
HubACP provides a comprehensive REST API that allows AI agents to browse products, manage checkouts, and complete purchases in your WooCommerce store. This guide will help you get up and running quickly.
What You'll Need
- WordPress 6.0 or higher
- WooCommerce 8.0 or higher
- PHP 8.1 or higher
- SSL certificate (HTTPS recommended for production)
Installation
Option 1: Install from WordPress.org (Free Version)
- Log in to your WordPress admin panel
- Navigate to Plugins → Add New
- Search for "HubACP"
- Click Install Now and then Activate
Option 2: Manual Installation
- Download the plugin ZIP file from WordPress.org
- Navigate to Plugins → Add New → Upload Plugin
- Choose the downloaded ZIP file and click Install Now
- Click Activate Plugin
Option 3: Pro Version
- Purchase and download the Pro version from our website
- Navigate to Plugins → Add New → Upload Plugin
- Upload the Pro ZIP file and activate
- Enter your license key in WooCommerce → Settings → HubACP
Configuration
Step 1: Access Settings
Navigate to WooCommerce → Settings → HubACP in your WordPress admin panel.
Step 2: Generate API Credentials
Click the "Generate New Credentials" button to create your API key and signing secret.
API Key: wcp_abc123def456ghi789
Signing Secret: sec_xyz789abc123def456⚠️ Important Security Note
Store your signing secret securely. Never commit it to version control or expose it in client-side code. This secret is used to verify webhook signatures and API requests.
Step 3: Configure Webhook URL (Pro Only)
If you're using the Pro version, configure your webhook endpoint URL to receive real-time order updates.
https://your-ai-agent.com/webhooks/hubacpAPI Overview
The HubACP API is organized around REST principles with predictable, resource-oriented URLs. It uses standard HTTP response codes and returns JSON-encoded responses.
Base URL
https://your-store.com/wp-json/acp/v1/API Capabilities
🔍 Product Discovery
Browse, search, and filter your entire product catalog with pagination support.
🛒 Checkout Management
Create and manage checkout sessions with cart items, shipping, and tax calculations.
💳 Order Completion
Finalize purchases and create WooCommerce orders with a single API call.
🔔 Real-time Webhooks
Receive instant notifications for order status changes and events.
Authentication
HubACP uses API key authentication with HMAC signature verification for secure communication.
Authentication Header
X-WCP-API-Key: wcp_abc123def456ghi789
X-WCP-Signature: sha256=
Content-Type: application/json Generating HMAC Signature
For write operations (POST, PUT, DELETE), you must include an HMAC signature of the request body.
const crypto = require('crypto');
const payload = JSON.stringify(requestBody);
const signature = crypto
.createHmac('sha256', signingSecret)
.update(payload)
.digest('hex');
const hmacHeader = `sha256=${signature}`;import hmac
import hashlib
import json
payload = json.dumps(request_body)
signature = hmac.new(
signing_secret.encode(),
payload.encode(),
hashlib.sha256
).hexdigest()
hmac_header = f"sha256={signature}"API Endpoints
Products API
/wp-json/acp/v1/products
Retrieve a paginated list of products from your catalog.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
search |
string | Search query for product name or description |
category |
string | Filter by category slug |
page |
integer | Page number (default: 1) |
per_page |
integer | Items per page (default: 20, max: 100) |
orderby |
string | Sort by: date, title, price (default: date) |
order |
string | Sort order: asc, desc (default: desc) |
Example Request
GET /wp-json/acp/v1/products?search=shirt&per_page=10
X-WCP-API-Key: wcp_abc123def456ghi789Example Response
{
"products": [
{
"id": 123,
"name": "Classic Cotton T-Shirt",
"slug": "classic-cotton-tshirt",
"price": "29.99",
"regular_price": "39.99",
"sale_price": "29.99",
"on_sale": true,
"stock_status": "instock",
"stock_quantity": 50,
"description": "Comfortable 100% cotton t-shirt",
"short_description": "Classic everyday tee",
"images": [
{
"src": "https://your-store.com/wp-content/uploads/tshirt.jpg",
"alt": "Classic T-Shirt"
}
],
"categories": ["Clothing", "T-Shirts"],
"variations": []
}
],
"pagination": {
"total": 150,
"pages": 15,
"current_page": 1,
"per_page": 10
}
}Checkout Sessions API (Pro Only)
/wp-json/acp/v1/checkout-sessions
Create a new checkout session with cart items.
Request Body
{
"items": [
{
"product_id": 123,
"quantity": 2,
"variation_id": null
}
],
"customer": {
"email": "customer@example.com",
"first_name": "John",
"last_name": "Doe"
},
"idempotency_key": "unique-request-id-123"
}Example Response
{
"session_id": "cs_abc123",
"status": "pending",
"items": [...],
"subtotal": "59.98",
"tax": "5.40",
"shipping": "0.00",
"total": "65.38",
"expires_at": "2025-01-15T18:30:00Z"
}/wp-json/acp/v1/checkout-sessions/{id}/shipping
Calculate shipping options for a checkout session.
Request Body
{
"shipping_address": {
"first_name": "John",
"last_name": "Doe",
"address_1": "123 Main St",
"city": "New York",
"state": "NY",
"postcode": "10001",
"country": "US"
}
}Example Response
{
"shipping_methods": [
{
"id": "flat_rate",
"label": "Flat Rate",
"cost": "10.00",
"delivery_time": "3-5 business days"
},
{
"id": "express",
"label": "Express Shipping",
"cost": "25.00",
"delivery_time": "1-2 business days"
}
]
}/wp-json/acp/v1/checkout-sessions/{id}/complete
Finalize the checkout and create a WooCommerce order.
Request Body
{
"payment_method": "stripe",
"payment_intent_id": "pi_xyz123",
"billing_address": {
"first_name": "John",
"last_name": "Doe",
"address_1": "123 Main St",
"city": "New York",
"state": "NY",
"postcode": "10001",
"country": "US",
"email": "customer@example.com",
"phone": "+1234567890"
},
"shipping_method_id": "flat_rate"
}Example Response
{
"order_id": 456,
"order_number": "456",
"status": "processing",
"total": "75.38",
"customer": {...},
"items": [...],
"created_at": "2025-01-15T15:30:00Z"
}Webhooks (Pro Only)
Webhooks allow your AI agent to receive real-time notifications when events occur in your WooCommerce store.
Supported Events
| Event | Description |
|---|---|
order.created |
A new order has been created |
order.updated |
An order status has been updated |
order.completed |
An order has been marked as completed |
order.cancelled |
An order has been cancelled |
order.refunded |
A refund has been issued for an order |
Webhook Payload
{
"event": "order.created",
"timestamp": "2025-01-15T15:30:00Z",
"data": {
"order_id": 456,
"order_number": "456",
"status": "processing",
"total": "75.38",
"customer": {
"email": "customer@example.com",
"first_name": "John",
"last_name": "Doe"
},
"items": [...]
}
}Verifying Webhook Signatures
All webhooks include an HMAC signature in the X-WCP-Signature header. Always verify this signature to ensure the webhook came from HubACP.
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return signature === `sha256=${expectedSignature}`;
}
// In your webhook handler
app.post('/webhooks/wooacp', (req, res) => {
const signature = req.headers['x-wcp-signature'];
const payload = JSON.stringify(req.body);
if (!verifyWebhook(payload, signature, signingSecret)) {
return res.status(401).send('Invalid signature');
}
// Process webhook
console.log('Received event:', req.body.event);
res.status(200).send('OK');
});Webhook Retry Policy
If your webhook endpoint returns a non-200 status code, HubACP will retry the webhook with exponential backoff:
- Retry 1: After 1 minute
- Retry 2: After 5 minutes
- Retry 3: After 15 minutes
- Retry 4: After 1 hour
- Retry 5: After 6 hours (final attempt)
Security Best Practices
🔐 Security Checklist
- ✅ Always use HTTPS in production
- ✅ Store API keys and signing secrets securely (use environment variables)
- ✅ Verify HMAC signatures on all webhooks
- ✅ Use idempotency keys to prevent duplicate orders
- ✅ Implement rate limiting on your webhook endpoints
- ✅ Regularly rotate your API credentials
- ✅ Monitor API usage for suspicious activity
Idempotency Keys
To prevent duplicate orders from network retries, include an idempotency key with checkout requests:
{
"items": [...],
"customer": {...},
"idempotency_key": "unique-request-id-" + Date.now()
}If the same idempotency key is used within 24 hours, HubACP will return the original response instead of creating a duplicate.
Code Examples
Complete Purchase Flow
const HubACPClient = require('hubacp-client');
const client = new HubACPClient({
baseUrl: 'https://your-store.com',
apiKey: process.env.HUBACP_API_KEY,
signingSecret: process.env.HUBACP_SIGNING_SECRET
});
async function completePurchase() {
// 1. Search for products
const products = await client.products.list({
search: 'laptop',
per_page: 5
});
console.log(`Found ${products.pagination.total} laptops`);
// 2. Create checkout session
const session = await client.checkout.createSession({
items: [
{ product_id: products.products[0].id, quantity: 1 }
],
customer: {
email: 'customer@example.com',
first_name: 'John',
last_name: 'Doe'
},
idempotency_key: `order-${Date.now()}`
});
console.log(`Session created: ${session.session_id}`);
// 3. Calculate shipping
const shipping = await client.checkout.calculateShipping(session.session_id, {
shipping_address: {
first_name: 'John',
last_name: 'Doe',
address_1: '123 Main St',
city: 'New York',
state: 'NY',
postcode: '10001',
country: 'US'
}
});
console.log('Shipping options:', shipping.shipping_methods);
// 4. Complete the order
const order = await client.checkout.complete(session.session_id, {
payment_method: 'stripe',
payment_intent_id: 'pi_123abc',
billing_address: { /* ... */ },
shipping_method_id: shipping.shipping_methods[0].id
});
console.log(`Order created: #${order.order_number}`);
return order;
}Python Example
from hubacp import HubACPClient
import os
client = HubACPClient(
base_url='https://your-store.com',
api_key=os.getenv('HUBACP_API_KEY'),
signing_secret=os.getenv('HUBACP_SIGNING_SECRET')
)
# Search products
products = client.products.list(search='laptop', per_page=5)
print(f"Found {products['pagination']['total']} laptops")
# Create checkout session
session = client.checkout.create_session(
items=[
{'product_id': products['products'][0]['id'], 'quantity': 1}
],
customer={
'email': 'customer@example.com',
'first_name': 'John',
'last_name': 'Doe'
},
idempotency_key=f"order-{int(time.time())}"
)
# Complete order
order = client.checkout.complete(
session['session_id'],
payment_method='stripe',
payment_intent_id='pi_123abc',
billing_address={...},
shipping_method_id='flat_rate'
)
print(f"Order created: #{order['order_number']}")Troubleshooting
Common Issues
401 Unauthorized Error
Cause: Invalid API key or missing authentication header.
Solution: Verify your API key is correct and included in the X-WCP-API-Key header.
403 Forbidden - Invalid Signature
Cause: HMAC signature doesn't match the request body.
Solution: Ensure you're using the correct signing secret and computing the HMAC correctly. The signature must be generated from the exact request body string.
404 Product Not Found
Cause: Product ID doesn't exist or is not published.
Solution: Check the product exists in WooCommerce and is published. Only published products are available via the API.
422 Session Expired
Cause: Checkout session has expired (sessions expire after 1 hour).
Solution: Create a new checkout session. Don't store session IDs for long periods.
429 Rate Limit Exceeded
Cause: Too many requests in a short time period.
Solution: Implement exponential backoff and respect rate limit headers. Free plan: 60 requests/minute. Pro plan: 300 requests/minute.
Debug Mode
Enable debug mode in the HubACP settings to log all API requests and responses:
- Go to WooCommerce → Settings → HubACP
- Enable Debug Mode
- Check logs at WooCommerce → Status → Logs
⚠️ Warning: Debug mode can expose sensitive data. Only enable it temporarily for troubleshooting and disable it in production.
Frequently Asked Questions
What's the difference between Free and Pro?
The Free version provides read-only access to your product catalog. The Pro version unlocks the full checkout API, webhooks, unlimited site licenses, and priority support.
Can I use HubACP with any AI agent?
Yes! HubACP is AI-agnostic. Any system that can make HTTP requests can integrate with the API. We provide SDKs for popular languages to make integration easier.
How do I handle payments?
HubACP integrates with your existing WooCommerce payment gateways. Your AI agent should collect payment on its end (via Stripe, PayPal, etc.) and then pass the payment confirmation to the checkout completion endpoint.
Are webhooks guaranteed to be delivered?
We make a best effort to deliver webhooks with automatic retries. However, you should implement idempotency on your end and periodically poll for order status if webhook delivery is critical.
Can I test the API in a sandbox environment?
Yes, we recommend setting up a staging WooCommerce site for testing. You can generate separate API credentials for your staging and production environments.
What happens if I exceed the rate limit?
You'll receive a 429 status code with a Retry-After header indicating when you can retry. Implement exponential backoff to handle rate limits gracefully.
How do I upgrade from Free to Pro?
Purchase the Pro version, install it (it will override the free version), and activate with your license key. Your existing API credentials will continue to work.
Is HubACP compatible with my WooCommerce plugins?
HubACP works with standard WooCommerce functionality. Compatibility with third-party plugins depends on the plugin. Tax, shipping, and payment gateway plugins should work normally.
Need Help?
📧 Email Support
Pro customers get priority email support with 24-hour response time.
Contact Support