WooCommerce stores are unusually exposed to agentic commerce, because the Store API that powers modern carts is also the cleanest way for an AI agent to transact. That is an opportunity, not just a risk: it means you can accept authorized agent purchases without rebuilding your shop. Here is the path.
Before you start
You need a WooCommerce store with the Store API reachable (the default on current WooCommerce), and the ability to install a plugin and edit its settings. You do not need to touch your theme, your payment gateway, or your human checkout form. Nothing in this guide changes what a human shopper experiences.
-
Find your agent checkout surface
First, see what an agent already sees. The WooCommerce Store API lives at
/wp-json/wc/store/v1. If it returns product and cart data publicly, an agent can build a basket and place an order through it. The fastest way to check is to run a free scan, which reports your platform, whether the surface is exposed, and whether agent purchases are currently verified. -
Add a verification layer at checkout
Install the Agent Gateway WooCommerce plugin. It hooks into the checkout flow but only acts when an agent identifies itself with Web Bot Auth headers (an HTTP message signature per RFC 9421). If those headers are absent, as they always are for a human, the hooks return immediately. The plugin is dependency-free PHP, so it runs on ordinary shared hosting.
-
Verify the mandate against the real cart
When an agent is present, the layer verifies its signed AP2 spending mandate. The mandate is not trusted on its word: its signature must be valid, and the amount and cart hash it carries must match the basket your server actually built. A mandate authorizing one item for one price cannot be replayed against a fuller cart. In standard mode, the gateway also confirms that the checkout terms were signed by the merchant, not invented by the agent.
-
Roll out in monitor mode first
Set the plugin to monitor mode. In monitor mode it inspects and logs every agent decision but denies nothing. This is a zero-risk rollout: you watch real agent traffic, confirm the layer behaves, and build a record, all without any chance of blocking a sale. Leave it here until you trust what you see.
-
Promote to standard mode to enforce
When you are ready, switch to standard mode. Now an unverified agent is turned away with a specific reason code, while an agent presenting a valid, cart-bound mandate completes checkout normally. Every decision, allow or deny, is written to a tamper-evident audit chain you can review. A strict mode is available when you want the tightest posture.
Why human checkout stays safe
The single most important property of this rollout is that it is invisible to humans. Detection keys on the presence of the Web Bot Auth signature triple. A human browser never sends those headers, so the verification code path is never entered for a human order. Combined with a fail-open default, where an outage of the verification service lets checkout proceed rather than block it, the worst case for a human shopper is no change at all.
Monitor mode denies nothing. Fail-open never blocks a human. You can deploy first and decide to enforce later, on your own evidence.
What you end up with
After these steps your store can tell an agent from a human, tell an authorized agent from an unverified one, and keep a signed record of every decision, while every human checkout works exactly as it did before. That is the whole point of Agent Gateway: agent traffic becomes revenue you can trust, not a request you have to guess about.