Welcome to the Agentic Checkout setup guide!
This comprehensive guide will walk you through every step of setting up and configuring the WPMR Agentic Checkout plugin for WooCommerce. Enable your store to participate in OpenAI’s revolutionary “Buy it in ChatGPT” feature and reach over 700 million weekly ChatGPT users.
This plugin implements the Agentic Commerce Protocol (ACP), the open standard co-developed by OpenAI and Stripe that powers AI-driven commerce.
What is the Agentic Commerce Protocol?
The Agentic Commerce Protocol (ACP) is an open standard developed by OpenAI and Stripe that defines how AI agents communicate with e-commerce platforms. Think of ACP as the language that allows AI and e-commerce to speak to each other.
ACP enables:
- Product Discovery: AI agents can browse your product catalog
- Checkout Sessions: Creating and managing secure checkout sessions
- Payment Processing: Processing payments securely via Stripe
- Order Fulfillment: Handling shipping and order updates
How It Works:
- Discovery: Your products are indexed from your WooCommerce site via WP Product Feed Manager
- Buy Click: User clicks “Buy” in ChatGPT (your site must be approved by OpenAI)
- Instant Checkout: Payment is confirmed in ChatGPT via Stripe (PCI-compliant)
- Order Handoff: ChatGPT sends the order via Agentic Commerce Protocol
- Plugin Validation: This plugin receives, validates inventory and shipping address
- Accept/Decline: Plugin confirms or rejects the order to ChatGPT in real-time
- Order Creation: If accepted, the order is created in WooCommerce as paid (status: Processing)
- Fulfillment: You ship the product and provide customer support as normal
Requirements & Prerequisites
| Requirements & Prerequisites | Minimum Version |
|---|---|
| Wordpress | 5.0 or Higher |
| WooCommerce | 5.0 or Higher |
| Product Feed Manager | 3.22.0 or Higher |
| PHP | 7.4 or higher |
External Services Required
- OpenAI ACP Approval: OpenAI must approve your store
- Stripe Account: Required for payment processing (OpenAI ACP works exclusively with Stripe’s delegated payment system)
- SSL Certificate: HTTPS is mandatory for production use
- NTP Time Synchronization: Server clock must be synchronized to prevent timestamp validation failures
Installation Steps
Step 1: Install WP Product Feed Manager
Before installing WPMR Agentic Checkout, ensure you have WP Product Feed Manager installed and activated:
- Go to Plugins > Add New in your WordPress admin
- Upload the plugin file you have received
- Click Install Now, then Activate
Step 2: Install WPMR Agentic Checkout
Option A: Install from WordPress.org (Recommended)
- Go to Plugins > Add New in your WordPress admin
- Search for “WPMR Agentic Checkout for WooCommerce”
- Click Install Now, then Activate
- You’ll be redirected to the settings page at Feed Manager > AI Checkout
Option B: Manual Installation
- Download the plugin ZIP file from WordPress.org
- Go to Plugins > Add New > Upload Plugin
- Choose the downloaded ZIP file and click Install Now
- Click Activate Plugin
Step 3: Apply for OpenAI ACP Approval
Before you can start receiving orders from ChatGPT, you must apply for and receive approval from OpenAI:
- Visit OpenAI’s Buy it in ChatGPT page
- Complete the application form with your store details
- Wait for approval (this can take several days to weeks)
- Once approved, you’ll receive access to the OpenAI ACP dashboard
Step 4: Set Up Your Stripe Account
If you don’t already have a Stripe account, create one:
- Visit Stripe Registration
- Complete your business profile
- Verify your identity and bank account
- Navigate to API Keys to retrieve your keys
Configuration Overview
After installation, navigate to Feed Manager > AI Checkout in your WordPress admin. The settings page is organized into several sections, each controlling a different aspect of the ACP integration.
Configuration Workflow: The settings page guides you through 5 main steps:
- Apply for OpenAI ACP Approval
- Obtain API Keys (OpenAI and Stripe)
- Configure Plugin Settings
- Set Up Product Feed
- Test Your Integration
ACP API Settings
Enable ACP API
| Settings | Type | Default |
|---|---|---|
| Enable ACP API endpoints | Checkbox | On |
What it does: This setting enables the REST API routes (/wp-json/wpmrac/v1/) that ChatGPT uses to communicate with your store. If this is disabled, ChatGPT will receive a 404 Not Found error when attempting to create checkout sessions.
Test Mode
| Settings | Type | Default |
|---|---|---|
| Enable test mode | Checkbox | Off |
What it does: When enabled, all orders created through ChatGPT will be marked as test orders. These orders receive special order meta (_acp_is_test_order) and a clear order note indicating they are test orders.
When to use:
- During initial setup and configuration
- When testing the integration with OpenAI’s sandbox environment
- Before going live to ensure everything works correctly
OpenAI API Key
| Settings | Type | Format |
|---|---|---|
| OpenAI API Key | Password | sk-… |
What it does: This is the Bearer token that OpenAI sends in the Authorization header of their ACP requests. The plugin uses this as the first line of defense for authentication.
Where to find it: After receiving OpenAI ACP approval, you’ll find your API key in the OpenAI ACP dashboard.
Stripe Payment Settings
According to the ACP Delegated Payment Specification, ChatGPT processes the payment intent at Stripe and sends a payment token to your shop. Your plugin then redeems this token to complete the payment.
Stripe Publishable Key
| Settings | Type | Format |
|---|---|---|
| Stripe Publishable Key | Text | pk_live_… or pk_test_… |
What it does: The publishable key is used for client-side operations. While primarily used by Stripe’s frontend libraries, it’s required for complete Stripe integration.
Stripe Secret Key
| Settings | Type | Format |
|---|---|---|
| Stripe Publishable Key | Password | sk_live_… or sk_test_… |
What it does: The plugin uses the Secret Key (backend) to redeem the delegated payment token from OpenAI for an actual payment (payment_intent) on your Stripe account.
Stripe Webhook Secret
| Settings | Type | Format |
|---|---|---|
| Stripe Webhook Secret | Password | whsec_… |
To capture asynchronous status updates from Stripe (e.g., a payment that succeeds later), the plugin listens for Stripe webhooks via the endpoint /wp-json/wpmrac/v1/webhooks/stripe. This secret cryptographically verifies the Stripe-Signature header, ensuring the event originates from Stripe.
How to set up Stripe webhooks:
- Go to your Stripe Webhooks Dashboard
- Click Add endpoint
- Enter your webhook URL:
https://yoursite.com/wp-json/wpmrac/v1/webhooks/stripe - Select events to listen for:
payment_intent.succeededpayment_intent.payment_failed
- Copy the webhook signing secret and paste it in the plugin settings
Product Feed Settings
| Settings | Type |
|---|---|
| Product Feed | Dropdown |
This setting links to the product feed created via WP Product Feed Manager. Without this feed, OpenAI won’t know which products are available in your store.
Creating a ChatGPT Product Feed
- Go to Feed Manager > Manage Feeds
- Click Add New Feed
- Select ChatGPT / OpenAI as the channel
- Configure your feed settings (products to include, attributes, etc.)
- Save and generate the feed
- Return to Feed Manager > AI Checkout and select your feed from the dropdown
Security Settings
These settings are mandatory for OpenAI ACP certification and production environments. The plugin strictly follows OpenAI’s guidelines for request authentication, validation, and idempotency.
Enable Signature Verification
| Settings | Type | Default |
|---|---|---|
| Enable request signature verification | Checkbox | Off |
How it works technically: The plugin validates the detached JWS (JSON Web Signature) in the Signature or X-OpenAI-Signature header. It checks the payload (the raw request body) against the OpenAI Public Key using RSA (RS256/384/512). This ensures the payload has not been tampered with in transit.
OpenAI Public Key
| Settings | Format |
|---|---|
| OpenAI Public Key | PEM format (—–BEGIN PUBLIC KEY—–…) |
Where to find it: In your OpenAI ACP dashboard after approval. This is a specific key for ACP, not your general OpenAI API key.
Important: Without a valid, correctly formatted PEM key, signature verification will fail and the plugin will reject orders with HTTP 401.
Timestamp Tolerance
| Settings | Default | Range |
|---|---|---|
| Timestamp Tolerance | 300 seconds | 60-600 seconds |
What it does: Prevents Replay Attacks. The plugin reads the X-OpenAI-Timestamp or Timestamp header. If the server time and the timestamp differ by more than this value (default 5 minutes), the request is rejected.
Idempotency Handling
| Settings | Default |
|---|---|
| Enable Idempotency | on |
| Idempotency Expiration | 24 hours |
Why this is crucial: The ACP protocol requires strict idempotency. OpenAI sends an Idempotency-Key header with each request.
- If there’s a network timeout, OpenAI will send the same request again
- If Idempotency is off, the customer would pay twice and you would get duplicate orders
- If Idempotency is on, the plugin recognizes the key in the database and returns the stored HTTP response from the first successful attempt
- On a parameter mismatch (same key, different body), the plugin returns
HTTP 409 Conflict
IP Allowlisting (CIDR Validation)
| Settings | Default |
|---|---|
| Enable IP Allowlisting | Off |
| Fallback Behavior | Allow/Deny |
How it works: The plugin dynamically retrieves authorized CIDR blocks from https://openai.com/chatgpt-connectors.json (the official OpenAI egress IP list) and stores them in the WordPress cache. Each incoming ACP request is checked against these subnets.
Fallback behavior: If OpenAI’s IP list cannot be retrieved temporarily:
- Allow — Requests proceed (less secure, but prevents downtime)
- Deny — Requests are rejected (more secure, but may cause temporary issues)