Webhooks : Send all successful orders to a PHP script endpoint

I am in the process of migrating my website from Drupal 6 (done before 2008) to WordPress 5.1 on WPEngine which is almost done.

I want to keep all product pages on my new WordPress website.
So when someone goes to the product page, it’ll link them to the InfusionSoft app payment page and once the payment is finalized it’ll take them to a series of upsell products on my WordPress site or on other sub-domain also powered by WordPress (WPEngine).

Is there a way to get all orders on successful payment to be sent to a script on another of my servers so that I can track down all these and save to my MySQL database and finally send a single email containing all the products+upsells the customer purchased ?

I can see that InfusionSoft supports webhooks : https://developer.infusionsoft.com/docs/rest/#!/REST_Hooks/verify_a_hook_subscription

Can I achieve what I want via the above ? The server to which will have the endpoint is another subdomain on DigitalOcean with the latest LAMP stack.


Yes, you can setup a webhook for the invoice.payment.add trigger and it will tell you the payment id. With that, you can read the order/invoice id and then finally the invoice items table and add that to your database.

In this code,

do I replace http://infusionsoft.app/verifyRestHook.php with https://mydomain.com/is-hook.php ?

$resthook = $resthooks->create([
		'eventKey' => 'invoice.payment.add',
		'hookUrl' => 'https://mydomain.com/is-hook.php'

where https://mydomain.com/is-hook.php is

<?php $data = file_get_contents('php://input'); $to = 'me@gmail.com'; $subject = 'InfusionSoft Hook'; $message = $data; @mail($to, $subject, $message); ?>

Yes, wherever you placed the code to establish the endpoint is where you have to point it to so IS can verify that it returns the X-HOOK-SECRET that it sends (that’s how IS verifies the endpoint as valid)

Oh I see , so my is-hook.php should be this ?

 * IMPORTANT!  The following code MUST be at the top and at code root level
 * before namespacing or any other code.  While it is not necessary to keep
 * this code it is necessary that it is present whenever endpoint validation
 * is registered as this is how Infusionsoft confirms the endpoint as valid.
$headers = array();
foreach ($_SERVER as $key => $value) {
	if (substr($key, 0, 5) <> 'HTTP_') {
	$header           = str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))));
	$headers[$header] = $value;
$notification = json_decode(file_get_contents('php://input'));
if (isset($headers['X-Hook-Secret'])){header('X-Hook-Secret: ' .
$headers['X-Hook-Secret'] . '');}
 * End required code root

$data = file_get_contents('php://input');
$to = 'me@gmail.com';
$subject = 'InfusionSoft Hook';
$message = $data;
@mail($to, $subject, $message);