Payment Flow and API

Payment Flow

The GP webpay plugin uses a redirect-based payment flow with cryptographic signature verification.

How It Works

Customer places an order — selects GP webpay as the payment method and submits the order
Plugin generates a signed payment URL — the order amount, merchant number and other parameters are signed with the private key
Customer is redirected to GP webpay — the payment is processed on GP webpay’s secure page (including 3D Secure verification)
GP webpay redirects back — after payment, the customer is redirected to the callback URL on your site
Plugin verifies the response signature — the response from GP webpay is verified using the public key
Order is marked as paid — if verification succeeds, the plugin calls WooCommerce’s payment_complete() method and the order status is updated

Deposit vs. Authorization

Deposit immediately — the payment is charged right away. The order is marked as paid after successful verification.
Authorize — only a hold is placed on the customer’s card. The actual charge must be captured later through the GP webpay merchant admin portal.

REST API Endpoint

The plugin registers a REST API endpoint for handling the payment callback from GP webpay:

Endpoint	Method	Description
`/wpify-woo/v1/gpwebpay`	GET	Payment verification callback from GP webpay. Receives the `orderKey` parameter to identify the order.

This endpoint is used internally by the payment flow and should not be called manually.

Order Metadata

This plugin does not store custom order metadata. Payment completion is handled via WooCommerce’s standard payment_complete() method, which records the transaction ID and updates the order status.

Where to Place Your Code

You can add custom functions either in your child theme’s functions.php or use the Code Snippets plugin.