Automated digital delivery for WooCommerce stores
YourSender connects to your WooCommerce store via REST API key, listens for paid orders in real time, and emails each buyer their licence key or downloadable file the moment checkout completes. No plugin install, no theme changes, no developer time.
Five steps, fully automatic
- 1
The seller generates a WooCommerce REST API key
Inside WooCommerce: Settings → Advanced → REST API → Add Key. Read/Write permissions for the seller's own store. The seller copies the consumer key and consumer secret into YourSender; we store both encrypted at rest with AES-256-GCM.
- 2
The seller maps a product to a digital good
In the YourSender dashboard, the seller picks a WooCommerce product and points it at a digital product they have already uploaded — a file, a license-key pool, or both. The seller controls which products are managed by YourSender.
- 3
YourSender registers a webhook on the store
On connection, YourSender registers a single order.created webhook on the store using the WooCommerce REST API. The webhook is HMAC-signed with a secret YourSender generates and never leaves our infrastructure unencrypted.
- 4
The buyer pays on your store
The buyer checks out as normal. WooCommerce captures payment, creates the order, and fires the order.created webhook to YourSender. We verify the HMAC-SHA256 signature against the stored secret before doing anything else.
- 5
The buyer receives delivery
YourSender matches each line item to a configured digital product, generates the licence key or download link, and emails the buyer the seller's branded delivery template. The seller can resend or replace the delivery from the dashboard at any time.
Read-only on listings, write only for the webhook
The REST API key the seller provides has Read/Write permission because that is what WooCommerce requires to register a webhook. We use the write capability for one operation only: creating the single order.created webhook on connection.
Read access (orders)
We read each new order's line items, billing email, billing name, and order total to match products and email the buyer. We do not read customer profiles, store settings, payment-method data, refund history, or other orders.
Read access (products)
When the seller is configuring a SKU mapping in our dashboard, we read the seller's product list and SKUs so they can map a WooCommerce product to a YourSender digital product. We do not read images, inventory totals, or sales statistics.
Write access (one webhook)
At connection time we create one webhook on the store (order.created) so we can deliver in real time. We do not create or modify products, orders, customers, settings, themes, or any other writable resource.
How buyer information is handled
What we store
The buyer's billing name, email, the line items they purchased, the quantity, the order total, and a record of the delivery email we sent. Nothing else.
How long
For as long as the seller's account remains active, plus up to 24 months after closure. After that, buyer records are deleted or anonymised.
Encryption
The WooCommerce consumer key, consumer secret, and webhook secret are encrypted at rest with AES-256-GCM. All traffic to and from your store uses TLS 1.2 or higher.
Deletion path
A buyer who wants their record removed can write to the seller (the data controller) or directly to [email protected]. We respond within 30 days.
Full details in our Privacy Policy.
What hosts and configurations are supported
- Any WordPress host with HTTPS. WP Engine, Kinsta, Bluehost, SiteGround, self-hosted — if WooCommerce REST API is reachable from the public internet, it works.
- WooCommerce 7.0 or later. Earlier versions had webhook signature differences we no longer support.
- Custom checkout plugins are fine. We hook into
order.created, which fires regardless of which checkout experience is in use. - Subscriptions and pre-orders are processed when the first paid order is created. Renewal orders deliver automatically as they come in.