How to Test WooCommerce Webhooks
Inspect WooCommerce order, product, and customer event payloads in real time — without a public-facing server.
TL;DR: WooCommerce fires signed JSON webhooks when orders, products, or customers change. Generate a Requex URL, add it in WooCommerce → Settings → Advanced → Webhooks, create a webhook for the event you want, then place a test order.
WooCommerce Webhook Events
WooCommerce calls its webhook event types "topics". Each topic is a combination of a resource and an action. Here are the most commonly used topics:
| Topic | When It Fires |
|---|---|
order.created | A new order is placed in the store |
order.updated | An order's status or data changes (e.g. pending → processing) |
order.deleted | An order is deleted from the admin |
product.created | A new product is added to the catalog |
product.updated | A product's price, stock, or metadata changes |
customer.created | A new customer account is registered |
Step 1: Generate Requex Endpoint
Open requex.me in your browser. A unique webhook URL is generated immediately with no account required. Copy it — it looks like:
https://requex.me/hook/a1b2c3d4-e5f6-7890-abcd-ef1234567890
Keep this tab open. WooCommerce webhook deliveries will appear in real time.
Step 2: Create a Webhook in WooCommerce
In your WordPress admin panel, navigate to WooCommerce → Settings → Advanced → Webhooks and click Add webhook. Fill in the form:
- Name: Give it a descriptive name like
Test Order Created. - Status: Set to Active.
- Topic: Choose the event you want to test, e.g.
Order created. - Delivery URL: Paste your Requex URL here.
- Secret: WooCommerce auto-generates a secret key — copy this value. You will need it to verify the HMAC signature in your real handler.
- API version: Leave as the latest (WP REST API v3).
Click Save webhook. WooCommerce immediately sends a ping request to verify the URL — you will see it appear in Requex.
Step 3: Trigger a Test Event
There are two ways to trigger a test event:
Option A — Ping button: On the webhook detail page, click Deliver test ping. WooCommerce sends a test payload to your Requex URL immediately. This is the fastest way to confirm the URL is working.
Option B — Place a real test order: Go to your WooCommerce storefront and add an item to cart, fill in test details, and complete checkout. Choose "Cash on delivery" or any payment method that does not require real credentials in the test environment. A full order.created payload will fire within seconds.
Switch to the Requex tab — the new request will appear with the full WooCommerce order object in the body.
Step 4: Inspect the Payload
Click the request in Requex. A typical order.created payload includes the complete WooCommerce order object:
{
"id": 1234,
"status": "pending",
"currency": "USD",
"total": "49.99",
"billing": {
"first_name": "Jane",
"last_name": "Smith",
"email": "jane@example.com",
"address_1": "123 Main St",
"city": "Austin",
"state": "TX",
"postcode": "78701",
"country": "US"
},
"shipping": { ... },
"line_items": [
{
"id": 1,
"name": "Test Product",
"quantity": 2,
"total": "49.99",
"sku": "PROD-001"
}
],
"date_created": "2026-04-05T10:00:00",
"customer_id": 5
}The full payload includes billing, shipping, line items, coupon data, shipping methods, and meta data. Use Requex to see the exact fields your handler will receive — the WooCommerce REST API docs describe the schema but real payloads sometimes include additional fields from installed plugins.
WooCommerce HMAC Signature
WooCommerce signs every webhook delivery using HMAC-SHA256 of the raw request body, keyed with the webhook secret you copied during setup. The signature is sent in the X-WC-Webhook-Signature header as a Base64-encoded string.
In Requex, check the Headers tab of the incoming request and confirm you can see the X-WC-Webhook-Signature header. Here is how to verify it in your production handler:
// Node.js / Express — WooCommerce HMAC verification
const crypto = require('crypto');
app.post('/api/webhooks/woocommerce',
express.raw({ type: 'application/json' }),
(req, res) => {
const signature = req.headers['x-wc-webhook-signature'];
const secret = process.env.WC_WEBHOOK_SECRET;
const expected = crypto
.createHmac('sha256', secret)
.update(req.body) // raw Buffer — do NOT parse JSON first
.digest('base64');
if (signature !== expected) {
return res.status(401).json({ error: 'Invalid signature' });
}
const event = JSON.parse(req.body.toString());
// Handle the event...
console.log('Order ID:', event.id, 'Status:', event.status);
res.status(200).json({ received: true });
}
);Important: Use express.raw() — not express.json() — for the webhook route. The HMAC is computed over the raw bytes of the request body. If your body parser runs first and re-serialises the JSON, the signature will not match.
Common WooCommerce Webhook Issues
| Issue | Cause | Fix |
|---|---|---|
| Webhook status shows "Failed" in WooCommerce log | Your endpoint returned a non-200 status code, or timed out after 10 seconds | Return HTTP 200 immediately; move processing to a background job. Check WooCommerce → Status → Logs for the exact error |
| HMAC signature does not match | Body was parsed by express.json() before the HMAC check, or the wrong secret is used | Use express.raw() on the webhook route; double-check that WC_WEBHOOK_SECRET matches the secret shown in the WooCommerce webhook settings |
| Webhook fires multiple times for one order | WooCommerce retries after a non-200 response; your handler is not returning 200 reliably | Ensure the route always returns 200 on receipt; use the X-WC-Webhook-Delivery-ID header as an idempotency key to deduplicate retries |
Inspect Your WooCommerce Payloads Now
Generate a free Requex endpoint and see the exact JSON WooCommerce sends — before writing a single line of handler code.
Open Requex →Related guides
Start Testing Webhooks Now
Generate your unique URL and test webhooks instantly. Free, no signup.
Open Webhook Tester →