WordPress Plugin Integration
Overview
The WordPress plugin integration targets non-e-commerce WordPress sites — such as corporate websites, content sites, and service-oriented websites. These sites do not use WooCommerce but still want to be discovered and indexed by AI agents. Implemented throughwordpressPluginRouter.ts, the plugin provides a one-click connection experience, automatically completing merchant account creation and API key generation.
Difference from the WooCommerce Plugin
| Feature | WordPress Plugin | WooCommerce Plugin |
|---|---|---|
| Target users | Non-e-commerce WordPress sites | WooCommerce e-commerce sites |
| Core function | Site identity registration, OTR trust link | Product/order/inventory sync |
| Auto-created resources | Merchant account + API key + OTR link | Data sync channels |
| Data sync | Site metadata | Full product catalog |
API Endpoints
| Endpoint | Method | Function |
|---|---|---|
/api/integrations/wordpress/connect | POST | One-click connection, completes the handshake |
/api/integrations/wordpress/status | POST | Query connection status |
/api/integrations/wordpress/disconnect | POST | Disconnect |
One-Click Connection Flow
Step 1: Install the WordPress Plugin
The merchant installs the ORBEXA plugin from the WordPress admin panel. After activation, click “Connect to ORBEXA” on the settings page.Step 2: One-Click Handshake
The plugin sends a connection request to the/api/integrations/wordpress/connect endpoint. The request must include the following headers:
X-Plugin-Platform— Identifies the platform type (wordpress)X-Plugin-Version— Plugin version number
Step 3: Automatic Resource Creation
Upon receiving the connection request, ORBEXA automatically performs the following:- Creates a merchant account — Automatically registered based on the WordPress site information
- Generates an API key — Creates a dedicated API key for the merchant
- Links OTR — Automatically associates the merchant’s domain with the OTR trust scoring system
Step 4: Connection Confirmation
After a successful connection, the merchant can check connection status at any time via the/api/integrations/wordpress/status endpoint.
Connection Status Management
Querying Status
Calling/api/integrations/wordpress/status returns:
- Whether the connection is active
- Merchant ID
- API key status
- OTR trust score status
Disconnecting
Use the/api/integrations/wordpress/disconnect endpoint to safely disconnect, cleaning up associated merchant data and API keys.
Rate Limiting Policy
The WordPress plugin integration is rate-limited to 3 requests/minute/IP. This is the strictest rate limit among all integration methods, for the following reasons:- WordPress plugin actions are typically triggered by user clicks, so frequency is low
- Prevents malicious IPs from bulk-registering merchant accounts
- Protects the security of the automatic creation process
Security Mechanisms
Required Header Validation
Every request must carry theX-Plugin-Platform and X-Plugin-Version headers. This ensures requests originate from the official plugin rather than third-party scripts.
IP Rate Limiting
The strict 3 requests/minute/IP rate limit prevents brute-force registration.Automatic OTR Linking
After connection, the merchant’s domain is automatically enrolled in the OTR trust scoring process and placed under trust monitoring.Summary
The WordPress plugin provides the simplest integration method for non-e-commerce sites: one-click connection automatically creates a merchant account, API key, and OTR trust link. Security is ensured through required header validation and strict IP-based rate limiting.Next chapter: API and Database Integration — CSV import, ETL pipeline, visual scraping, waterfall data ingestion