{"id":282803,"date":"2026-04-26T08:08:09","date_gmt":"2026-04-26T08:08:09","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/southpay-gateway-for-woocommerce\/"},"modified":"2026-05-11T17:49:43","modified_gmt":"2026-05-11T17:49:43","slug":"southpay-gateway-for-woocommerce","status":"publish","type":"plugin","link":"https:\/\/test.wordpress.org\/plugins\/southpay-gateway-for-woocommerce\/","author":23453879,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.1.2","stable_tag":"2.1.2","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"SouthPay Crypto Payment Gateway","header_author":"SouthPay","header_description":"Cryptocurrency Payment Gateway powered by SouthPay.","assets_banners_color":"","last_updated":"2026-05-11 17:49:43","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/southpay.io\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":113,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.0.0":{"tag":"2.0.0","author":"southpay","date":"2026-04-26 08:07:37"},"2.1.2":{"tag":"2.1.2","author":"southpay","date":"2026-05-11 17:49:43"}},"upgrade_notice":{"2.0.0":"<p>Requires updated API key and new Webhook Signing Secret from your SouthPay dashboard. The old HMAC-SHA512 webhook secret is not compatible \u2014 please create a new webhook endpoint and update your settings.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3529045,"resolution":"128x128","location":"assets","locale":"","width":150,"height":150},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3529045,"resolution":"256x256","location":"assets","locale":"","width":1000,"height":1000}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.0.0","2.1.2"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1886,21057,12611,6593,286],"plugin_category":[45],"plugin_contributors":[261075],"plugin_business_model":[],"class_list":["post-282803","plugin","type-plugin","status-publish","hentry","plugin_tags-bitcoin","plugin_tags-crypto","plugin_tags-cryptocurrency","plugin_tags-payment-gateway","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-southpay","plugin_committers-southpay"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/southpay-gateway-for-woocommerce\/assets\/icon-128x128.jpg?rev=3529045","icon_2x":"https:\/\/ps.w.org\/southpay-gateway-for-woocommerce\/assets\/icon-256x256.png?rev=3529045","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>SouthPay Crypto Payment Gateway lets your WooCommerce store accept cryptocurrency payments through SouthPay's secure hosted checkout. Connect in one click via OAuth, and the plugin handles webhook setup, token refresh, and on-chain confirmation automatically \u2014 no key copy-pasting and no manual webhook configuration.<\/p>\n\n<p>Customers are redirected to a secure SouthPay-hosted checkout where they can pay using supported cryptocurrencies. The order status updates automatically via webhook once payment is confirmed on-chain.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li>One-click \"Connect with SouthPay\" \u2014 OAuth 2.0 with PKCE, no key copy-pasting<\/li>\n<li>Automatic background token refresh \u2014 the connection stays live without merchant action<\/li>\n<li>Accept cryptocurrency payments via a hosted checkout<\/li>\n<li>Automatic order status updates via secure webhooks<\/li>\n<li>Automatic webhook endpoint registration after first connection<\/li>\n<li>HMAC-SHA256 webhook signature verification<\/li>\n<li>Configurable invoice prefix<\/li>\n<li>Minimum order amount filter<\/li>\n<li>Debug logging via WooCommerce \u2192 Status \u2192 Logs<\/li>\n<li>Customisable checkout title and description<\/li>\n<li>Block checkout (Gutenberg) support<\/li>\n<\/ul>\n\n<h3>Requirements<\/h3>\n\n<ul>\n<li>WordPress 5.8 or higher<\/li>\n<li>WooCommerce 6.0 or higher<\/li>\n<li>PHP 7.4 or higher (cURL and OpenSSL extensions enabled)<\/li>\n<li>HTTPS on your store domain \u2014 required for OAuth redirect and webhook delivery<\/li>\n<li>A publicly reachable site URL so SouthPay can POST webhook events<\/li>\n<li>A SouthPay merchant account at https:\/\/southpay.io\/<\/li>\n<\/ul>\n\n<h3>Configuration<\/h3>\n\n<p>All settings live at <strong>WooCommerce \u2192 Settings \u2192 Payments \u2192 SouthPay<\/strong>.<\/p>\n\n<p><strong>Your SouthPay Account<\/strong><\/p>\n\n<ul>\n<li><strong>Status<\/strong> \u2014 shows the current connection state (Connected, Disconnected, or Reconnect Required) and the connected store name.<\/li>\n<li><strong>Connect \/ Disconnect<\/strong> \u2014 manages the OAuth connection. Disconnecting revokes the refresh-token family on SouthPay's side, not just the local copy.<\/li>\n<li><strong>API Key<\/strong> \u2014 only used as a manual fallback when OAuth isn't possible (see <em>Authentication<\/em> below). Leave blank in the normal OAuth flow.<\/li>\n<\/ul>\n\n<p><strong>Checkout Appearance<\/strong><\/p>\n\n<ul>\n<li><strong>Payment Method Name<\/strong> \u2014 what customers see at checkout (default: <em>SouthPay<\/em>). Customise this to something like \"Pay with Crypto\".<\/li>\n<li><strong>Payment Method Description<\/strong> \u2014 short text shown below the name at checkout.<\/li>\n<\/ul>\n\n<p><strong>Advanced<\/strong><\/p>\n\n<ul>\n<li><strong>Minimum Order Amount<\/strong> \u2014 hides SouthPay at checkout when the cart total is below this value. Set to <code>0<\/code> to always show it. Default: <code>1<\/code>.<\/li>\n<li><strong>Order Reference Prefix<\/strong> \u2014 prepended to the order number sent to SouthPay (default: <code>WC-<\/code>), so orders are easy to identify in the SouthPay dashboard.<\/li>\n<li><strong>Debug Logging<\/strong> \u2014 writes detailed request\/response logs to <strong>WooCommerce \u2192 Status \u2192 Logs<\/strong> under the <code>southpay<\/code> source. Enable only when troubleshooting; the logs can contain order metadata.<\/li>\n<\/ul>\n\n<h3>Authentication<\/h3>\n\n<p>The plugin uses <strong>OAuth 2.0 with PKCE<\/strong> and the <code>offline_access<\/code> scope, so the connection survives access-token expiry without merchant intervention:<\/p>\n\n<ul>\n<li>Access tokens are short-lived (one hour) and refreshed automatically before each API call.<\/li>\n<li>Refresh tokens rotate on every use, and the previous refresh token is invalidated server-side.<\/li>\n<li>If the refresh-token family is ever revoked (for example, an admin clicks <em>Disconnect<\/em> in the SouthPay dashboard), the plugin surfaces a <strong>Reconnect your account<\/strong> admin notice in WooCommerce and the gateway is hidden at checkout until reconnected.<\/li>\n<li>Disconnecting from the WooCommerce side calls SouthPay's revoke endpoint to invalidate the entire token family \u2014 not just the locally cached access token.<\/li>\n<\/ul>\n\n<p><strong>Manual API Key fallback.<\/strong> For environments without browser access (air-gapped boxes, whitelabel deployments, automated provisioning), paste a long-lived API key from <strong>SouthPay Dashboard \u2192 Developers \u2192 API Keys<\/strong> into the <strong>API Key<\/strong> field. This mode bypasses OAuth and does not auto-refresh; you are responsible for rotating the key yourself. The webhook still needs to be created manually in this mode.<\/p>\n\n<h3>Webhook Setup<\/h3>\n\n<p>In the standard OAuth flow there is nothing to configure \u2014 the plugin registers a webhook endpoint pointing at your site automatically the first time you connect, and stores the signing secret locally.<\/p>\n\n<ul>\n<li>The active endpoint URL is shown in the <strong>Webhook URL<\/strong> row on the settings page (it is the WooCommerce REST route <code>\/wc-api\/southpay_webhook<\/code>).<\/li>\n<li>Every inbound delivery is signed with <strong>HMAC-SHA256<\/strong> over the raw request body plus a timestamp. The plugin rejects requests with a missing, malformed, or stale signature before any order state is touched.<\/li>\n<li>If you ever need to rotate the signing secret (for example, after a security incident or when migrating environments), click <strong>Reconnect webhook<\/strong> on the settings page. The plugin will deregister the old endpoint and create a new one with a fresh secret in one step.<\/li>\n<\/ul>\n\n<h3>How It Works<\/h3>\n\n<ol>\n<li>The customer selects SouthPay at checkout and clicks <strong>Place order<\/strong>.<\/li>\n<li>WooCommerce creates the order with status <strong>Pending payment<\/strong>.<\/li>\n<li>The plugin calls <code>POST https:\/\/api.southpay.io\/api\/v2\/payments<\/code> with the order total, currency, order reference, and return URLs to create a hosted-checkout session.<\/li>\n<li>The customer is redirected to SouthPay's hosted checkout, where they choose a cryptocurrency, see the quoted amount and exchange rate, and send the funds from their wallet.<\/li>\n<li>Once the transaction is confirmed on-chain, SouthPay POSTs a signed webhook to your store.<\/li>\n<li>The plugin verifies the HMAC-SHA256 signature, matches the event to the WooCommerce order, and transitions the order:\n\n<ul>\n<li><strong>paid<\/strong> \u2192 order moves to <em>Processing<\/em> (or <em>Completed<\/em> for virtual orders), and a payment note is added.<\/li>\n<li><strong>expired<\/strong> \u2192 order moves to <em>Cancelled<\/em>.<\/li>\n<li><strong>failed<\/strong> \u2192 order moves to <em>Failed<\/em>; the customer can retry from the order-pay page.<\/li>\n<\/ul><\/li>\n<li>The customer is redirected back to your store's order-received page.<\/li>\n<\/ol>\n\n<p>All state transitions are driven by webhooks \u2014 the customer's browser returning is not required to mark the order as paid.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the SouthPay API to create cryptocurrency payment sessions and receive order status updates via webhook. Connection to this service is required for the gateway to function.<\/p>\n\n<p>When a customer places an order using SouthPay as the payment method, the plugin sends the order total, currency, and return URLs to https:\/\/api.southpay.io\/api\/v2\/payments to generate a hosted checkout session. No data is sent at any other time during normal store operation.<\/p>\n\n<p>This service is provided by SouthPay: https:\/\/southpay.io\/\nTerms of service: https:\/\/southpay.io\/terms\nPrivacy policy: https:\/\/southpay.io\/privacy<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code>, or install via the WordPress plugin screen (Plugins \u2192 Add New \u2192 Upload).<\/li>\n<li>Activate the plugin through the \"Plugins\" menu in WordPress.<\/li>\n<li>Go to <strong>WooCommerce \u2192 Settings \u2192 Payments<\/strong>, find <strong>SouthPay<\/strong> in the list, and click <strong>Manage<\/strong>.<\/li>\n<li>Tick <strong>Enable SouthPay<\/strong> and click <strong>Connect with SouthPay<\/strong>.<\/li>\n<li>You are redirected to SouthPay to sign in, pick the store to connect, and approve the requested permissions.<\/li>\n<li>On return, the plugin stores the OAuth tokens and registers a webhook endpoint automatically. The settings page will show <strong>Status: Connected<\/strong>.<\/li>\n<\/ol>\n\n<p>That's it \u2014 you are ready to accept crypto payments. No API keys to copy, no webhook URLs to paste.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20handle%20crypto%20wallets%20directly%3F\"><h3>Does this plugin handle crypto wallets directly?<\/h3><\/dt>\n<dd><p>No. All payments are processed through SouthPay's secure hosted checkout.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20a%20payment%20expires%3F\"><h3>What happens if a payment expires?<\/h3><\/dt>\n<dd><p>The order is automatically marked as cancelled.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20a%20payment%20fails%3F\"><h3>What happens if a payment fails?<\/h3><\/dt>\n<dd><p>The order is marked as failed and the customer can retry.<\/p><\/dd>\n<dt id=\"how%20is%20the%20webhook%20secured%3F\"><h3>How is the webhook secured?<\/h3><\/dt>\n<dd><p>Each webhook delivery is signed with HMAC-SHA256. The plugin verifies the signature before processing any status update.<\/p><\/dd>\n<dt id=\"which%20cryptocurrencies%20are%20supported%3F\"><h3>Which cryptocurrencies are supported?<\/h3><\/dt>\n<dd><p>Supported cryptocurrencies depend on your SouthPay account configuration. Contact SouthPay support for details.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.1.2<\/h4>\n\n<ul>\n<li>Rename plugin to \"SouthPay Crypto Payment Gateway\"<\/li>\n<li>Expanded plugin description and readme (requirements, configuration, authentication, webhook setup, end-to-end payment flow)<\/li>\n<\/ul>\n\n<h4>2.1.1<\/h4>\n\n<ul>\n<li>Request a live-mode OAuth token at authorize time so webhook endpoints\nregister in the correct mode (previously fell back to test mode, which\ncaused \"Connected \u2014 webhook setup incomplete\" on first connect for\nlive-only stores)<\/li>\n<\/ul>\n\n<h4>2.1.0<\/h4>\n\n<ul>\n<li>One-click \"Connect with SouthPay\" using OAuth 2.0 with PKCE<\/li>\n<li>Automatic refresh-token rotation \u2014 connections survive token expiry without merchant action<\/li>\n<li>Reconnect-required admin notice when the refresh family is revoked server-side<\/li>\n<li>Disconnect now revokes the entire token family server-side, not just the active access token<\/li>\n<li>Webhook endpoint is registered automatically after OAuth completes \u2014 no more secret copy-paste<\/li>\n<li>Manual API key paste is still supported as a fallback for environments without browser access<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>Integrated SouthPay API v2<\/li>\n<li>Replaced popup checkout with direct hosted checkout redirect<\/li>\n<li>Updated webhook signature verification to timestamped HMAC-SHA256<\/li>\n<li>Improved WordPress plugin review compliance: split into include files, added uninstall.php, hardened escaping<\/li>\n<li>Added WooCommerce Block checkout support<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<\/ul>","raw_excerpt":"Accept cryptocurrency payments in WooCommerce via SouthPay&#039;s hosted checkout, with one-click OAuth connect and automatic webhook registration.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/282803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=282803"}],"author":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/southpay"}],"wp:attachment":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=282803"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=282803"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=282803"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=282803"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=282803"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=282803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}