#7 fix: Restore WooCommerce integration functionality

Problem Description

Following the removal of the Vercel backend (see #4), the WooCommerce OAuth integration and data synchronization features were completely removed. This makes it impossible for merchants to connect their WooCommerce stores to ShopCall.ai.

Impact

• ❌ Merchants cannot authenticate with WooCommerce
• ❌ Cannot connect new WooCommerce stores
• ❌ Cannot sync products, orders, or customer data from WooCommerce
• ❌ Webhooks page shows only hardcoded mock data
• ⚠️ WooCommerce REST API integration non-functional

Missing Functionality

1. OAuth Authentication Flow

Removed endpoints:

• GET /auth/woocommerce - Initiates OAuth flow
• GET /auth/woocommerce/callback - Handles OAuth callback

Features:

• WooCommerce REST API OAuth 1.0a implementation
• Consumer key and secret generation
• Store credentials encryption in database
• API connection validation

2. Store Management

Missing capabilities:

• Store credential storage in Supabase
• WooCommerce REST API connection testing
• Store disconnection handling
• API version compatibility checking

Technical Specifications

Required Supabase Edge Functions

1. supabase/functions/oauth-woocommerce/index.ts

Purpose: Handle WooCommerce OAuth flow (initiation + callback)

Endpoints:

• GET /oauth-woocommerce?action=init&user_id={userId}&store_url={storeUrl} - Start OAuth
• GET /oauth-woocommerce?action=callback&success={1|0}&user_id={userId}&... - Handle callback

Key Features:

• Generate WooCommerce OAuth authorization URL
• Implement OAuth 1.0a signature generation
• Handle callback with consumer key and secret
• Validate store URL and API endpoint
• Store credentials securely in stores table
• Test API connection before saving
• Handle errors (invalid credentials, unreachable store, etc.)

WooCommerce OAuth Flow:

1. User provides store URL
2. Generate authorization URL with callback
3. Redirect to WooCommerce admin
4. User approves app
5. WooCommerce redirects back with credentials
6. Store consumer key + secret
7. Test API connection
8. Save to database

Required Permissions:

const WC_PERMISSIONS = {
  read: true,
  write: false, // Only read access needed
};

const WC_SCOPES = [
  'read_products',
  'read_orders', 
  'read_customers',
  'read_coupons',
  'read_reports'
];

Security:

• OAuth 1.0a signature validation
• Store URL validation (https:// required)
• API endpoint reachability check
• Consumer secret encryption

API Testing: After OAuth, verify connection with:

// Test endpoint: GET /wp-json/wc/v3/system_status
const testConnection = async (storeUrl: string, consumerKey: string, consumerSecret: string) => {
  const url = `${storeUrl}/wp-json/wc/v3/system_status`;
  // Add OAuth 1.0a signature
  const response = await fetch(url, { headers: oauthHeaders });
  return response.ok;
};

2. supabase/functions/woocommerce-sync/index.ts (Optional - Future Enhancement)

Purpose: Sync WooCommerce data (products, orders, customers)

Endpoints:

• POST /woocommerce-sync?store_id={storeId}&type={products|orders|customers}
• GET /woocommerce-sync?store_id={storeId}&status=true - Check sync status

Features:

• Pull products from WooCommerce REST API
• Pull orders with customer details
• Pull customer data
• Batch processing for large datasets
• Rate limiting compliance
• Webhook integration for real-time updates

Database Schema

stores Table Structure

CREATE TABLE stores (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE,
  platform_name TEXT NOT NULL, -- 'woocommerce'
  store_name TEXT,
  store_url TEXT NOT NULL,
  api_key TEXT, -- Consumer key (encrypted)
  api_secret TEXT, -- Consumer secret (encrypted)
  scopes TEXT[],
  alt_data JSONB, -- { wcVersion: string, wpVersion: string }
  phone_number TEXT,
  package TEXT,
  created_at TIMESTAMPTZ DEFAULT NOW(),
  updated_at TIMESTAMPTZ DEFAULT NOW()
);

WooCommerce-Specific Fields in alt_data:

{
  wcVersion: "9.0.0",        // WooCommerce version
  wpVersion: "6.5",          // WordPress version
  apiVersion: "wc/v3",       // API version
  lastSync: "2025-01-15T10:30:00Z",
  syncStatus: "completed",
  webhookSecret: "wh_secret_..."
}

Environment Variables

# WooCommerce Configuration
WC_CALLBACK_URL=https://ztklqodcdjeqpsvhlpud.supabase.co/functions/v1/oauth-woocommerce?action=callback

# Frontend URL
FRONTEND_URL=https://shopcall.ai

# App Name (shown in WooCommerce)
WC_APP_NAME=ShopCall.ai

Development Plan

Phase 1: OAuth Flow Implementation (3-4 days)

Tasks:

1. Create supabase/functions/oauth-woocommerce/index.ts
2. Implement OAuth 1.0a signature generation
   • HMAC-SHA256 signing
   • Parameter normalization
   • Signature base string generation
3. Implement OAuth initiation endpoint
   • Validate store URL format
   • Check store reachability
   • Generate authorization URL
4. Implement OAuth callback endpoint
   • Extract consumer key + secret
   • Validate callback parameters
   • Test API connection
   • Store credentials in stores table
5. Add error handling
   • Invalid store URL
   • Unreachable store
   • OAuth rejection
   • API connection failures
6. Test OAuth flow end-to-end

Deliverables:

• ✅ Functional WooCommerce OAuth flow
• ✅ Secure credential storage
• ✅ API connection validation
• ✅ Error handling for edge cases

Phase 2: Frontend Integration (2-3 days)

Tasks:

1. Update shopcall.ai-main/src/pages/Webshops.tsx
   • Add "Connect WooCommerce" button
   • Add store URL input field
   • Implement OAuth initiation flow
   • Handle OAuth callback redirect
   • Display connected WooCommerce stores
2. Update store management UI
   • Show WooCommerce store details
   • Display WooCommerce + WordPress versions
   • Add disconnect functionality
   • Show connection status (connected/error)
3. Update environment configuration
   • Configure OAuth callback URLs
4. Remove mock data for WooCommerce
5. Add validation for store URL input
   • Must start with https://
   • Valid domain format
   • Reachability check

Deliverables:

• ✅ Working "Connect WooCommerce" flow in UI
• ✅ Store URL validation
• ✅ Store management interface
• ✅ Real-time connection status

Phase 3: API Integration & Data Sync (4-5 days) - Optional

Tasks:

1. Create supabase/functions/woocommerce-sync/index.ts
2. Implement WooCommerce REST API client
   • OAuth 1.0a authentication
   • Rate limiting (avoid 429 errors)
   • Pagination handling
3. Implement product sync
   • Pull products from /wp-json/wc/v3/products
   • Store in local database
   • Handle variations and attributes
4. Implement order sync
   • Pull orders from /wp-json/wc/v3/orders
   • Include customer information
   • Handle order statuses
5. Implement customer sync
   • Pull customers from /wp-json/wc/v3/customers
   • Store customer details
6. Add webhook support (real-time updates)
   • Register webhooks on connection
   • Handle product.created, order.created events
7. Test data synchronization

Deliverables:

• ✅ Product data synchronization
• ✅ Order data synchronization
• ✅ Customer data synchronization
• ✅ Webhook integration for real-time updates

Phase 4: Testing & Validation (2 days)

Tasks:

1. End-to-end testing
   • Test OAuth flow with real WooCommerce store
   • Test various WooCommerce versions
   • Test with different hosting providers
2. Security audit
   • Verify OAuth signature generation
   • Test credential encryption
   • Review API request authentication
3. Error handling validation
   • Test unreachable stores
   • Test invalid credentials
   • Test API errors (rate limiting, permissions)
4. Performance testing
   • Test with large product catalogs
   • Test pagination handling
   • Test sync speed
5. Documentation updates
   • Update CLAUDE.md with WooCommerce integration
   • Document OAuth setup process
   • Add troubleshooting guide

Deliverables:

• ✅ Tested and validated integration
• ✅ Security review passed
• ✅ Performance benchmarks met
• ✅ Documentation complete

Success Criteria

• Merchants can enter WooCommerce store URL
• OAuth flow initiates and redirects to WooCommerce admin
• Merchants can approve app connection
• Consumer key + secret stored securely
• API connection validated before saving
• WooCommerce stores appear in connected integrations list
• Store details show WooCommerce/WordPress versions
• Users can disconnect WooCommerce stores
• Error messages clear and helpful
• Frontend UI shows real connection status
• Product/order data syncs successfully
• Webhooks registered and working

Timeline Estimate

Minimum Viable Product (OAuth Only)

Total Duration: 5-7 days

Full Implementation (OAuth + Data Sync)

Total Duration: 11-14 days

Technical Notes

WooCommerce OAuth 1.0a vs REST API Authentication

WooCommerce supports two authentication methods:

1. OAuth 1.0a (Recommended for user-facing apps)

   • User approves app in WooCommerce admin
   • Generates consumer key + secret automatically
   • More secure, better UX
   • Implementation: OAuth flow

2. Manual API Keys (Simpler, less secure)

   • User manually creates keys in WooCommerce settings
   • Copies keys to our app
   • Less secure, worse UX
   • Implementation: Direct input

Recommendation: Implement OAuth 1.0a for better user experience.

WooCommerce API Versions

• WC v3 API (/wp-json/wc/v3/): Recommended, most stable
• WC v2 API (/wp-json/wc/v2/): Legacy, still supported
• WC v1 API (/wc-api/v3/): Deprecated

Use v3 API for new implementation.

Rate Limiting

WooCommerce API typically allows:

• 10 requests per second (configurable by store)
• Implement exponential backoff on 429 errors
• Use batch endpoints where possible

Related Issues

• #4 - Backend removal (parent issue)
• #5 - ShopRenter integration restoration
• TBD - Shopify integration restoration

Priority

🟡 HIGH - Required for WooCommerce merchants to use the platform. Not as critical as Shopify GDPR compliance, but essential for market coverage.

create a step - by - step implementation plan in a new issue then close this issue.

create a step - by - step implementation plan in a new issue then close this issue.

MCP tools works now fine. Please remove these docs which committed because mcp tools errors. Create the new issues to implement the missing integrations WooCommerce. Because the removed vercel features #4, use supabase edge functions as required backend.

You can close this issue if you created the correct new issues. Always use the best labels when creating new issues.

Issue Resolution Summary

I've completed the requested tasks:

✅ Removed Documentation Files

Removed the following files that were created due to MCP tool errors:

• ISSUE_7_COMPLETION_GUIDE.md
• ISSUE_7_RESOLUTION.md
• ISSUE_7_COMPLETION_NOTES.md
• README_ISSUE_7.md
• WOOCOMMERCE_RESTORATION_PLAN.md
• ISSUE_TEMPLATE_WOOCOMMERCE.md

Commit: d926d27 - "docs: remove MCP error-related documentation files #7"

✅ Created New Implementation Issues

Created three detailed implementation issues for WooCommerce integration:

1️⃣ Issue #11 - feat: Implement WooCommerce OAuth 1.0a authentication flow

• Priority: 🔴 HIGH
• Effort: 3-4 days
• Label: enhancement
• Description: Backend implementation of OAuth 1.0a flow using Supabase Edge Functions
• Key deliverables:
  • supabase/functions/oauth-woocommerce/index.ts edge function
  • OAuth signature generation (HMAC-SHA256)
  • Store credential validation and storage
  • API connection testing
  • Shared WooCommerce client library

2️⃣ Issue #12 - feat: Add WooCommerce integration UI to frontend

• Priority: 🟡 MEDIUM-HIGH
• Effort: 2-3 days
• Dependencies: Requires #11
• Label: enhancement
• Description: Frontend UI for connecting and managing WooCommerce stores
• Key deliverables:
  • Store URL input with validation
  • OAuth flow initiation
  • Connected stores display
  • Store management (disconnect, status)
  • Remove mock data

3️⃣ Issue #13 - feat: Implement WooCommerce data synchronization

• Priority: 🟢 MEDIUM (Optional)
• Effort: 4-5 days
• Dependencies: Requires #11
• Label: enhancement
• Description: Data sync for products, orders, and customers
• Key deliverables:
  • supabase/functions/woocommerce-sync/index.ts edge function
  • Database tables for cached data
  • Pagination handling
  • Rate limiting
  • Manual and scheduled sync options

📋 Implementation Order

Minimum Viable Product (MVP):

1. Start with #11 (OAuth) - 3-4 days
2. Then #12 (Frontend) - 2-3 days
3. Total MVP: 5-7 days

Full Implementation (with data sync):

1. #11 (OAuth) - 3-4 days
2. #12 (Frontend) - 2-3 days
3. #13 (Data sync) - 4-5 days
4. Total Full: 9-12 days

🏗️ Architecture Notes

All issues follow the new architecture:

• ✅ Backend: Supabase Edge Functions (not Vercel)
• ✅ Authentication: Using existing Supabase auth
• ✅ Database: Supabase PostgreSQL
• ✅ Patterns: Following ShopRenter integration patterns (#5)

🔄 Next Steps

This parent issue (#7) can now be closed. Work can proceed on the newly created issues in order of priority.

All new issues include:

• Detailed technical specifications
• Code examples and patterns
• Testing checklists
• Success criteria
• Proper labels (enhancement)
• Clear dependencies

✅ Issue #7 has been successfully closed.

All tasks completed:

• Removed MCP error documentation files (committed: d926d27)
• Created 3 new implementation issues (#11, #12, #13) with proper labels
• All issues follow Supabase Edge Functions architecture
• Clear dependencies and priorities defined

Work can now proceed on the new issues starting with #11 (OAuth implementation).

Analysis Complete

I've reviewed the full issue history and understand the context:

Current Status:

• ✅ Issue #7 is already CLOSED (closed on 2025-10-30)
• ✅ All requested tasks were already completed by the previous work:
  • Documentation files removed (commit d926d27)
  • Three new implementation issues created (#11, #12, #13)
  • All issues use proper labels (enhancement)
  • Architecture follows Supabase Edge Functions (not Vercel)

New Issues Created:

1. Issue #11 - WooCommerce OAuth 1.0a authentication (HIGH priority)
2. Issue #12 - WooCommerce frontend UI integration (MEDIUM-HIGH priority)
3. Issue #13 - WooCommerce data synchronization (MEDIUM priority, optional)

Resolution: This issue (#7) was successfully resolved and closed. The work has been properly broken down into actionable implementation issues. No further action is needed on this issue.

If you need work done on the WooCommerce integration, the next steps are to work on issues #11, #12, and #13 in order of priority.