Skip to content
Santosh Gautam

SANTOSH GAUTAM

Full Stack Developer
WooCommerce WC_Payment_Gateway class diagram

WooCommerce Payment Gateway Development — Complete 2026 Technical Guide

Deep technical guide to building a production-ready WooCommerce custom payment gateway with WC_Payment_Gateway, REST APIs, Blocks compatibility, secure hashing and webhook validation.

1. Understanding WooCommerce Payment Gateway Architecture 

Customer → Checkout
    ↓
WC_Payment_Gateway::process_payment()
    ↓
Redirect / API Request
    ↓
Payment Provider
    ↓
Webhook Callback
    ↓
Order Status Update
  • WooCommerce expects a structured response from process_payment().
  • Order state management is critical (Pending → Processing → Completed).
  • Session integrity must be maintained during redirection.
  • Webhooks guarantee asynchronous confirmation.
  • Security validation must occur before order completion.

2. Extending WC_Payment_Gateway Class

class WC_Custom_Gateway extends WC_Payment_Gateway {

  public function __construct() {
    $this->id = 'custom_gateway';
    $this->method_title = 'Custom Gateway';
    $this->has_fields = true;
  }

  public function process_payment($order_id) {
    $order = wc_get_order($order_id);

    return [
      'result'   => 'success',
      'redirect' => $this->get_return_url($order)
    ];
  }
}
  • Extend WC_Payment_Gateway base class.
  • Define unique gateway ID.
  • Register admin settings fields.
  • Implement process_payment() method.
  • Return proper redirect array.

3. Secure Hashing & Checksum Validation (SHA-512) 

$hash_string = $merchant_key . "|" . $txn_id . "|" . $amount . "|" . $secret;
$secure_hash = hash("sha512", $hash_string);
  • Prevents request tampering.
  • Validates integrity between merchant and gateway.
  • Mandatory for PayU / Razorpay integrations.
  • Secret key must never be exposed in frontend.

4. Handling Webhooks (IPN)

add_action('rest_api_init', function () {
  register_rest_route('custom/v1', '/webhook', [
    'methods'  => 'POST',
    'callback' => 'handle_webhook'
  ]);
});
  • Registers custom REST endpoint.
  • Processes asynchronous payment confirmations.
  • Updates WooCommerce order status.
  • Logs transaction for debugging.
  • Ensures payment success even if user closes browser.

5. WooCommerce Blocks Compatibility

registerPaymentMethod({
  name: 'custom_gateway',
  label: 'Custom Gateway',
  content: ,
});
  • Required for new React-based Checkout.
  • Legacy PHP templates won't render in Blocks.
  • Ensures future WooCommerce compatibility.

6. Deployment & Production Checklist

  • Test in Sandbox Mode.
  • Validate checksum logic.
  • Whitelist webhook IPs.
  • Enable logging during testing.
  • Disable debug logs in production.
  • Confirm refund callback handling.

7. Frequently Asked Questions

Is this compatible with PHP 8.3+?

Yes. Modern WooCommerce gateways must follow strict typing and PHP 8+ compatibility.

Can I integrate UPI or Indian gateways?

Yes. PayU and Razorpay support webhook-driven confirmation and SHA-512 hashing.