WPMR Agentic Checkout is a free WordPress plugin that connects your WooCommerce store to OpenAI’s Agentic Commerce Protocol (ACP), the technology behind “Buy it in ChatGPT.” Once set up and approved, ChatGPT can surface your products to its users and pass purchase orders directly to your WooCommerce store, fully paid and ready to ship.
This guide walks you through everything: what the plugin does, what you need before you start, and how to configure every setting correctly for a production-ready integration.
What is the Agentic Commerce Protocol?
The Agentic Commerce Protocol is an open standard co-developed by OpenAI, Stripe, and Meta that defines how AI agents communicate with e-commerce stores. Think of it as the language ChatGPT speaks to your shop: it lets the AI browse your catalog, create checkout sessions, process payments, and hand completed orders to you for fulfillment.
For WooCommerce store owners, the practical result is a new sales channel. Your products get discovered inside ChatGPT conversations. When a user decides to buy, the entire checkout flow happens in chat; they never have to visit your website to place the order.
Important note on availability: Instant Checkout (where the payment completes inside ChatGPT) is currently available to U.S. consumers buying from U.S.-based merchants only. OpenAI has not announced an international launch date. However, the product feed side of ACP, making your products discoverable inside ChatGPT, is open to merchants globally. Setting up this plugin now means you are ready the moment OpenAI expands access.
What WPMR Agentic Checkout does
The plugin has two jobs. First, it generates a ChatGPT-optimized product feed through its integration with WP Product Feed Manager, which OpenAI uses to index your catalog. Second, it implements all the ACP REST API endpoints that ChatGPT calls when a user places an order: creating the checkout session, validating inventory and the shipping address, redeeming the Stripe payment token, creating the WooCommerce order, and sending order status updates back to OpenAI via webhooks.
Everything flows through your existing WooCommerce setup; tax, shipping zones, inventory, and order management all work exactly as they do today.
If you only want your products to appear in ChatGPT search results without enabling in-chat checkout, you can stop after creating a ChatGPT feed in WP Product Feed Manager, no ACP approval or Stripe setup is needed. This guide covers the full path: product discovery plus Instant Checkout.
Before you begin
Make sure you have the following in place before installing the plugin.
Software requirements:
- WordPress 6.5 or higher
- WooCommerce 5.0 or higher
- PHP 7.4 or higher
- WP Product Feed Manager for WooCommerce (required — the plugin will not function without it)
External accounts you will need:
- A Stripe account for payment processing via Stripe’s Shared Payment Token. PayPal support for ACP is also in active development, but the WPMR plugin currently integrates via Stripe.
- OpenAI ACP approval: your store must be approved and allowlisted by OpenAI before ChatGPT will process orders from your site. Apply at openai.com/index/buy-it-in-chatgpt. Approval is selective and may take time; applying early is recommended.
Step 1: Apply for OpenAI ACP approval
Before doing anything else, submit your application to OpenAI. You can find the form at https://chatgpt.com/merchants.
Upon approval, OpenAI will provide you with:
- An OpenAI API Key (format: sk-…) for authenticating incoming ACP requests
- An OpenAI Public Key in PEM format, used to verify request signatures
- An OpenAI Webhook URL and Signing Key for outgoing order status notifications
Keep these credentials safe. You will enter them in the plugin settings in the steps below.
Step 2: Install the plugin
- In your WordPress admin, go to Plugins > Add New.
- Search for “WPMR Agentic Checkout for WooCommerce”.
- Click Install Now, then Activate.
Alternatively, download the plugin directly from wordpress.org/plugins/wpmr-agentic-checkout and upload it via Plugins > Add New > Upload Plugin.
After activation, the plugin settings are located at Feed Manager > AI Checkout.
Step 3: Create a product feed for ChatGPT
The plugin relies on WP Product Feed Manager to generate the feed OpenAI will use to index your catalog.
- In your WordPress admin, go to Feed Manager and click Create New Feed.
- Select ChatGPT as the channel. WP Product Feed Manager will automatically format your product data to OpenAI’s specifications.
- Choose which products to include, all products, specific categories, or a custom filter.
- Set your update schedule. For stores with frequently changing prices or stock levels, updates every 15 minutes keep ChatGPT current. For stable catalogs, daily is sufficient.
- Review the field mapping. Most fields are mapped automatically, but verify that titles, descriptions, prices, and image URLs are correct.
- Save and publish the feed.
- Copy the Product Feed URL, you will find it in the sidebar of the plugin settings page under API Endpoints & Validation. You will submit this URL to OpenAI for indexing in Step 1 (or return to submit it after approval).
What the feed must include
Every product in your feed needs these fields: a unique product ID, a title (60–100 characters works well), a description written in natural language, the current price, availability status (in stock / out of stock), a publicly accessible image URL, and a link to the product page on your store.
Fields that significantly improve how ChatGPT matches your products to customer requests: brand name, product category, materials, size or dimensions, color options, and variant information.
One important note on descriptions: ChatGPT’s matching is conversational, not keyword-based. A description like “Waterproof leather hiking boots for serious trekkers — cushioned insoles for all-day comfort on rugged trails, available in sizes 8–12” performs better than a keyword-dense snippet. Write for a customer asking a question, not for a search engine.
Step 4: Configure the ACP API settings
Go to Feed Manager > AI Checkout and work through each settings section.
ACP API Settings
Enable ACP API should be checked. This activates the REST API routes at /wp-json/wpmrac/v1/ that ChatGPT calls. If this is off, ChatGPT receives a 404 and orders cannot be placed.
Test Mode creates “test” WooCommerce orders tagged with a special order meta and note, without affecting your business statistics. Enable this while you are configuring and testing the integration. Disable it before going live.
OpenAI API Key: paste the sk-... key you received from OpenAI after ACP approval. This is the Bearer token OpenAI sends in the Authorization header of every incoming ACP request. The plugin uses it as the first authentication check.
Step 5: Configure Stripe payment settings
Stripe Publishable Key and Secret Key
Log in to your Stripe Dashboard at dashboard.stripe.com/apikeys and copy both keys.
- Publishable Key — format:
pk_live_...(orpk_test_...for testing) - Secret Key — format:
sk_live_...(orsk_test_...for testing)
The plugin uses the Secret Key to redeem the delegated payment token that OpenAI sends. Your store never handles raw card data — Stripe processes the payment and sends a tokenized confirmation.
Stripe Webhook Secret
The plugin listens for asynchronous payment events from Stripe at /wp-json/wpmrac/v1/webhooks/stripe. You need to register this URL in your Stripe Dashboard and copy the resulting webhook secret (format: whsec_...) back into the plugin.
In Stripe Dashboard, go to Developers > Webhooks, add an endpoint, and configure it to listen for payment_intent.succeeded and payment_intent.payment_failed events. The exact endpoint URL is shown in the plugin sidebar under API Endpoints & Validation.
Step 6: Select your product feed
In the Product Feed Settings section, use the dropdown to select the feed you created in Step 3. This tells the plugin which feed to expose to OpenAI for catalog indexing.
Step 7: Configure security settings
These settings are mandatory before going live. OpenAI’s ACP certification requires all three to be active in production.
Enable Signature Verification
Check this box. The plugin will validate the detached JWS (JSON Web Signature) in the Signature header of each incoming ACP request against your OpenAI Public Key using RSA (RS256/384/512). Any request that fails signature verification is rejected with HTTP 401.
OpenAI Public Key
Paste the full PEM-formatted public key you received from OpenAI. It starts with -----BEGIN PUBLIC KEY-----. This is a specific ACP key, not your general OpenAI API key.
Use the Verify Signature Setup button in the sidebar to confirm that your PHP server’s OpenSSL extension can read the key correctly before going live.
Timestamp Tolerance
Default: 300 seconds (5 minutes). The plugin reads the X-OpenAI-Timestamp header and rejects requests where the timestamp differs from your server clock by more than this value. This prevents replay attacks.
Make sure your server clock is synchronized via NTP. If you experience legitimate requests being rejected, check that your server time is accurate before widening this tolerance.
Idempotency Handling
Leave this enabled (it is on by default, with a 24-hour expiry window).
ACP requires strict idempotency. If there is a network timeout, OpenAI will re-send the exact same request. Without idempotency handling, a customer would be charged twice and you would receive duplicate orders. With it enabled, the plugin stores the response of the first successful request and returns it for any retry with the same Idempotency-Key header. A request with the same key but a different body returns HTTP 409 Conflict, per the ACP specification.
Enable IP Allowlisting
Enable this in production and set the fallback to Deny.
The plugin fetches OpenAI’s published CIDR block list from https://openai.com/chatgpt-connectors.json and caches it in WordPress. Every incoming ACP request is checked against these IP ranges. If the list cannot be fetched temporarily, the Fallback setting determines whether requests are allowed or blocked. Setting the fallback to “Deny” is the safe choice for a production environment.
Step 8: Configure webhooks
OpenAI requires you to send asynchronous order status updates back to them whenever an order’s status changes in WooCommerce. This is how the customer inside ChatGPT sees that their order has shipped, been canceled, or refunded.
OpenAI Webhook URL and Signing Key
Enter the webhook URL and signing key provided by OpenAI after approval. The plugin uses the signing key to sign each outgoing payload with HMAC-SHA256 (signing_key + timestamp + "." + payload), added as an X-OpenAI-Signature header.
The plugin fires events automatically:
order_createdwhen the WooCommerce order is first createdorder_updatedwhen the order status changes or a refund is processed
WordPress Action Scheduler handles delivery asynchronously, so webhook failures do not block the order flow.
Retry settings
If OpenAI does not respond or returns an error, the plugin will retry automatically using an exponential backoff:
| Setting | Default |
|---|---|
| Max Retries | 3 |
| Base Delay | 60 seconds |
| Multiplier | 5x |
With these defaults, retries occur at roughly 60 seconds, 5 minutes, and 25 minutes after the first failure. You can adjust these values if needed.
Use the Test Webhook Delivery button in the sidebar to fire a test payload and confirm that HMAC signing and connectivity are working before going live.
Step 9: Configure logging
Enable Logging stores detailed events in a custom database table. The log is accessible at AI Checkout Logs in the admin menu.
- Min Log Level set to
Debugwhen troubleshooting. This shows incoming payloads and JWS parsing steps. Set to Info for normal operation (logs successful orders only). - Retention between 7 and 90 days. Logs are cleaned up automatically via WP Cron.
If you are having trouble with signature verification or idempotency, switch the log level to Debug and check the logs for the exact point of failure.
Step 10: Allow OpenAI crawlers in robots.txt
For OpenAI to index your product feed, its crawlers need to be allowed through your server. Add the following to your robots.txt file:
User-agent: OAI-SearchBot Allow: / User-agent: ChatGPT-User Allow: / User-agent: GPTBot Allow: /
If you use Yoast SEO or Rank Math, you can add these rules through the plugin’s robots.txt editor. Alternatively, edit the robots.txt file directly in the root of your WordPress installation. The plugin’s settings sidebar includes a copy-paste snippet as a reminder.
Controlling which products appear in ChatGPT
By default, all products in your selected feed are available for ChatGPT checkout. You can exclude specific products using the per-product control added in version 1.1.0.
Edit any product in WooCommerce and find the ChatGPT Checkout meta box in the product edit screen. Use it to enable or disable that specific product for ChatGPT checkout.
To manage multiple products at once, go to Products in the admin menu and use the Bulk Actions dropdown to enable or disable ChatGPT checkout for a selected group of products.
Production checklist
Before disabling Test Mode and going live, verify all of the following:
- Your server clock is synchronized via NTP
- Test Mode is disabled
- Live Stripe keys (
pk_live_... / sk_live_...) are entered - Signature verification is enabled and the OpenAI Public Key passes the sidebar verification test
- IP Allowlisting is enabled with fallback set to Deny
- Idempotency handling is enabled
- Webhook URL and Signing Key are configured and the test delivery succeeds
- Action Scheduler is running (WP Cron must be active)
- Your product feed URL has been submitted to OpenAI for indexing
- OpenAI crawlers are allowed in
robots.txt
Frequently asked questions
Do I need to apply for OpenAI approval before installing the plugin? Yes. OpenAI must approve and allowlist your store before ChatGPT will send orders to it. You can install and configure the plugin in advance, but Instant Checkout will not work until approval is granted. Apply at chatgpt.com/merchants.
Is the plugin free? Yes. WPMR Agentic Checkout is free and open source under the GPLv2 license. There are no fees from the plugin itself. Standard Stripe processing fees apply to payments. Get the plugin from WordPress »
Is Instant Checkout available outside the U.S.? Currently, Instant Checkout is available to U.S. consumers buying from U.S.-based merchants only. No international launch date has been announced. Product discovery in ChatGPT (without in-chat checkout) is available globally, so setting up your product feed now is worthwhile regardless of your location.
What happens if my Stripe webhook is delayed? The plugin uses WordPress Action Scheduler to deliver webhooks asynchronously. If a delivery fails, it retries automatically using exponential backoff (see Step 8 above). This ensures order status updates reach OpenAI even if there is a temporary connectivity issue.
Where do I find my product feed URL? After activating the plugin and selecting a feed in the settings, go to the API Endpoints & Validation sidebar panel on the AI Checkout settings page. The Product Feed URL is listed there. Copy it and submit it to OpenAI for catalog indexing.
Can I test the integration without affecting real orders? Yes. Enable Test Mode in the ACP API Settings section. All orders created in Test Mode are tagged clearly in WooCommerce and excluded from your business statistics. Use the sidebar test tools to verify webhook delivery and signature verification before going live.