Title: FlxWoo Author: rickey29 Published: Nobyembre 17, 2024 Last modified: Mayo 16, 2026 --- Search plugins ![](https://ps.w.org/flx-woo/assets/banner-772x250.png?rev=3395059) ![](https://ps.w.org/flx-woo/assets/icon-128x128.png?rev=3395061) # FlxWoo By [rickey29](https://profiles.wordpress.org/rickey29/) [Download](https://downloads.wordpress.org/plugin/flx-woo.3.0.0.zip) * [Details](https://ceb.wordpress.org/plugins/flx-woo/#description) * [Reviews](https://ceb.wordpress.org/plugins/flx-woo/#reviews) * [Installation](https://ceb.wordpress.org/plugins/flx-woo/#installation) * [Development](https://ceb.wordpress.org/plugins/flx-woo/#developers) [Support](https://wordpress.org/support/plugin/flx-woo/) ## Description FlxWoo is a WooCommerce infrastructure plugin. It adds a REST API layer, server- side checkout rendering, and Stripe Checkout integration on top of standard WooCommerce— without replacing WooCommerce’s core order, payment, or inventory systems. It is designed for agencies and developers who need full control over checkout presentation while continuing to rely on WooCommerce for order management, tax calculation, coupon handling, and payment record-keeping. #### What FlxWoo Is * A REST API layer for WooCommerce checkout state (namespace: `flxwoo/v1`) * A server-side rendering layer for checkout templates * A Stripe Checkout integration with server-side session management and webhook handling * An infrastructure layer that extends WooCommerce without replacing it #### What FlxWoo Is Not * Not a WooCommerce fork or replacement * Not a page builder or visual checkout designer * Not a payment processor — payment remains in WooCommerce and Stripe * Not a headless CMS * Not a replacement for WooCommerce’s admin, order management, or product system #### Who FlxWoo Is For * Agencies building custom checkout experiences on WooCommerce * Developers who need REST access to WooCommerce checkout state * Projects requiring server-side rendered checkout templates * Teams integrating Stripe Checkout while keeping WooCommerce as the order system #### Architecture FlxWoo registers a REST namespace (`flxwoo/v1`) and operates exclusively in REST context. Its endpoints return server-side rendered HTML — not JSON UI fragments — keeping template logic server-side and reducing frontend coupling. WooCommerce remains authoritative for all order, cart, tax, and payment data. FlxWoo reads and writes through WooCommerce’s standard APIs without modifying its data structures or core behavior. #### Features * REST API under the `flxwoo/v1` namespace * Cart and checkout state endpoints * Stripe Checkout integration — server-side session creation and webhook handling * Duplicate order prevention at the checkout session level * Concurrent submission guard * Session-independent Stripe return flow (order identity carried via URL, not session state) * Server-side HTML rendering for checkout templates * Structured logging for checkout and payment events * Health endpoint at `GET /wp-json/flxwoo/v1/health` for uptime monitoring ### Cache and CDN Configuration FlxWoo endpoints are session-sensitive and stateful. They must not be served from a cache layer under any circumstances. #### Why This Matters FlxWoo checkout endpoints read and write live session, cart, and payment state on every request. If a caching layer returns a stale or shared response, the result is incorrect behavior — not a gracefully degraded experience. Common symptoms include stale cart totals, duplicate checkout attempts, broken Stripe sessions, and session data surfacing to the wrong customer. Any FlxWoo endpoint returning a cache `HIT` response header is a production defect. #### What Must Bypass Cache All routes under `/wp-json/flxwoo/v1/*` must bypass cache at every layer: page cache, CDN, reverse proxy, and any optimization plugin that operates on HTTP responses. This includes cart, checkout, payment, webhook, and health endpoints. #### Common Systems That Require Configuration **WP Rocket** — Add `/wp-json/flxwoo/v1/(.*)` to “Never Cache URL(s)” in the Cache settings tab. **LiteSpeed Cache** — Add FlxWoo REST routes to the cache exclusion list under Cache > Excludes. **Cloudflare** — Use Cache Rules to bypass cache for requests matching `/wp-json/ flxwoo/v1/*`. If using Automatic Platform Optimization (APO), verify that checkout routes are excluded. Cloudflare’s “Cache Everything” page rule must not apply to these paths. **Nginx / FastCGI** — Add a no-cache bypass condition for the FlxWoo REST namespace at the server or location block level. **Varnish** — Add a pass condition for `/wp-json/flxwoo/v1/` in your VCL configuration. **Aggressive optimization plugins** — Verify that no plugin is buffering, combining, or caching REST API responses for FlxWoo routes. #### What Is Safe to Cache Static assets (CSS, JS, images), non-dynamic pages, and REST endpoints that explicitly return `Cache-Control: public`. FlxWoo’s own endpoints never set public cache headers. #### Full Configuration Reference Detailed per-system instructions, verification commands, and symptom diagnostics are in `docs/cache-configuration.md`. ### Requirements * WordPress 6.0 or later * PHP 8.0 or later * WooCommerce (active; declared as a required plugin) * Stripe account with Checkout enabled (for payment features) * MySQL 5.7+ or MariaDB 10.3+ ### Operational Notes * **Health endpoint:** `GET /wp-json/flxwoo/v1/health` always returns HTTP 200 when the plugin is active. Suitable for uptime monitoring and deployment verification. * **Logging:** Structured logging for checkout and payment events. Useful for incident response and debugging in production environments. * **Database setup:** Required tables are created automatically on activation. Schema migrations run silently on upgrade — no manual steps required. * **Idempotency:** Checkout idempotency is database-backed, making the system safe for concurrent requests and browser retries. * **Stripe return flow:** Order identity is carried via URL parameters after Stripe redirect, not session state. This makes the return path resilient to session loss between payment and confirmation. ### Security * All REST endpoints enforce WordPress capability checks before processing requests. * Input is validated and sanitized at the API boundary and within the service layer. * All PHP files include an ABSPATH guard to prevent direct execution. * Database queries use prepared statements throughout. * PHP CodeSniffer with WordPress Coding Standards and security sniffs is enforced as a release gate. ### Limitations * Requires WooCommerce to be active. FlxWoo will not initialize without it. * Stripe integration requires an active Stripe account with Checkout enabled. * Server-side rendering requires a live PHP execution environment. Fully static deployments are not supported. * All FlxWoo REST endpoints must not be behind a full-page or CDN cache layer. ## Installation 1. Upload the plugin to `/wp-content/plugins/`, or install it from the WordPress admin plugin installer. 2. Activate the plugin. Required database tables are created automatically on activation. 3. Configure your Stripe API keys in the FlxWoo settings page. 4. Before going to production, configure cache bypass rules for all routes under `/ wp-json/flxwoo/v1/*`. See the Cache and CDN Configuration section above. 5. Verify the installation by requesting the health endpoint: `GET /wp-json/flxwoo/ v1/health` should return HTTP 200. ## FAQ ### Does FlxWoo replace WooCommerce checkout? No. FlxWoo adds a REST and rendering layer on top of WooCommerce’s checkout system. WooCommerce remains responsible for cart calculation, order creation, tax, coupons, and inventory. ### Does FlxWoo replace WooCommerce payment processing? No. Payment is handled by WooCommerce and Stripe. FlxWoo creates Stripe Checkout sessions server-side and handles webhook callbacks — the order record and payment status are managed by WooCommerce as normal. ### Is this a headless WooCommerce solution? It is headless-friendly. FlxWoo provides the REST API and server-side rendering infrastructure needed for decoupled checkout workflows. A fully headless setup is possible but not required — FlxWoo can also be used within a standard WordPress/ WooCommerce installation. ### Why do I need to configure my cache? FlxWoo endpoints carry live checkout and session state. Caching them produces incorrect behavior — stale carts, duplicate orders, and broken payment sessions. See the Cache and CDN Configuration section for specific instructions, or `docs/cache-configuration. md` for full per-system details. ### Does FlxWoo modify WooCommerce orders or products? No. FlxWoo creates and reads orders through WooCommerce’s standard APIs. It does not modify product data, order structure, or WooCommerce core settings. ### Is FlxWoo compatible with WooCommerce’s built-in checkout? FlxWoo operates independently of WooCommerce’s default checkout. It provides its own checkout flow via REST, leaving WooCommerce’s built-in checkout pages intact. Running both simultaneously is technically possible but is not a tested configuration. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “FlxWoo” is open source software. The following people have contributed to this plugin. Contributors * [ rickey29 ](https://profiles.wordpress.org/rickey29/) [Translate “FlxWoo” into your language.](https://translate.wordpress.org/projects/wp-plugins/flx-woo) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/flx-woo/), check out the [SVN repository](https://plugins.svn.wordpress.org/flx-woo/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/flx-woo/) by [RSS](https://plugins.trac.wordpress.org/log/flx-woo/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 3.0.0 * Initial stable release * REST API infrastructure under the `flxwoo/v1` namespace * Stripe Checkout integration: server-side session creation and webhook handling * Duplicate order prevention and concurrent submission guard * Server-side HTML rendering layer for checkout templates * Structured logging and a health endpoint for uptime monitoring * Security hardening: ABSPATH guards, input sanitization, PHPCS release gate * Internationalization baseline with text domain support ## Meta * Version **3.0.0** * Last updated **2 days ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **6.9.4** * PHP version ** 8.0 or higher ** * Language * [English (US)](https://wordpress.org/plugins/flx-woo/) * Tags * [checkout](https://ceb.wordpress.org/plugins/tags/checkout/)[headless](https://ceb.wordpress.org/plugins/tags/headless/) [rest-api](https://ceb.wordpress.org/plugins/tags/rest-api/)[stripe](https://ceb.wordpress.org/plugins/tags/stripe/) [woocommerce](https://ceb.wordpress.org/plugins/tags/woocommerce/) * [Advanced View](https://ceb.wordpress.org/plugins/flx-woo/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/flx-woo/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/flx-woo/reviews/) ## Contributors * [ rickey29 ](https://profiles.wordpress.org/rickey29/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/flx-woo/)