CertNode Reflex

Descrição

CertNode Reflex is automated chargeback defense for WooCommerce merchants. Connect your Stripe account and Reflex builds the evidence, writes a structured defense narrative, and submits it to Stripe when a chargeback fires.

How It Works:

  1. Install the plugin and enter your CertNode API key
  2. Connect your Stripe account (one-click OAuth from plugin settings)
  3. The plugin syncs your WooCommerce order data to CertNode
  4. When a dispute arrives, Reflex automatically builds evidence from your orders, generates a structured defense narrative, and submits it to Stripe

No other apps required. Reflex does the evidence work for you and submits it before the deadline.

Key Features:

  • Standalone Dispute Defense: connect Stripe directly from the plugin. No other apps required.
  • Evidence Narratives: structured defense narratives tailored to each dispute type.
  • Deadline-driven response: evidence is assembled and submitted well ahead of the dispute deadline.
  • Order Data Enrichment: product details, quantities, pricing, and SKUs strengthen your evidence.
  • Fulfillment Tracking: shipping carrier, tracking numbers, and delivery dates help prove delivery.
  • Customer History: repeat purchase history demonstrates legitimate transactions.
  • Certified Timestamps: RFC 3161 cryptographic proof that evidence existed before the dispute.
  • Historical Sync: sync your last 30 days of orders with one click.

Pricing:

  • $0 monthly fee
  • 15% success fee, only charged when you win a dispute
  • No caps, no minimums

Requirements:

  • WooCommerce 5.0+
  • A CertNode account (free to create at certnode.io)
  • A Stripe account (connected via one-click OAuth in plugin settings)

External services

This plugin relies on external services to deliver automated chargeback defense. The following services are used:

CertNode Reflex API (https://certnode.io/api)

What it is and what it’s used for: CertNode Reflex is the cloud backend that receives WooCommerce order events, generates dispute defense narratives, and submits evidence to Stripe when chargebacks fire. The plugin acts as a thin client that forwards order data and reads back dispute status.

What data is sent and when:

  • On account creation: shop name, shop URL, admin email (only if the merchant uses the auto-provision flow to create a CertNode account by clicking “Activate CertNode Reflex”).
  • On every order completed, processing, or refunded event: order ID, customer email, customer name, customer phone number, billing address, shipping address, line items (product names, SKUs, quantities, prices), gateway transaction ID (Stripe payment intent ID), order total, currency, order timestamp, and the customer order note (free-text the customer entered at checkout, if any).
  • On every fulfillment update: order ID, shipping carrier, tracking number, ship date.
  • On Test Connection click: API key validation request only (no order data).
  • On Sync Last 30 Days click: the same order data as above for orders from the previous 30 days.
  • On Save a Card click: a billing-setup request authenticated by your API key (no order or customer data). CertNode returns a Stripe Checkout link that opens in your browser; card details are entered on Stripe’s own page and never touch your site or CertNode’s servers.

All requests are sent over HTTPS with the merchant’s API key in the Authorization header.

What data is NOT sent: payment card numbers, full card details, customer passwords, or any data not relevant to dispute defense.

Service provider: CertNode (SRB Creative Holdings LLC).

  • Terms of service: https://certnode.io/terms
  • Privacy policy: https://certnode.io/privacy

Stripe (payment-account authorization)

What it is and what it’s used for: To enable automatic dispute detection, the “Connect Stripe Account” button opens an authorization flow. When clicked, the plugin makes a server-to-server request from your WordPress server to https://certnode.io/api/integrations/woocommerce/stripe-connect/start with your CertNode API key in the Authorization header (the key never travels through the browser), and CertNode returns the Stripe authorization URL. Your browser is then sent directly to Stripe so you can grant CertNode access to dispute-related data on your own Stripe account.

What data is sent and when: Only when the merchant clicks “Connect Stripe Account” or “Save a Card” in the plugin settings. The card-save flow opens Stripe Checkout, where card details are entered directly on Stripe’s page. No order or customer data is sent in either flow.

Service provider: Stripe, Inc.

  • Terms of service: https://stripe.com/legal
  • Privacy policy: https://stripe.com/privacy

Ecrãs

Instalação

  1. Upload the certnode-reflex folder to the /wp-content/plugins/ directory, or install directly through the WordPress plugins screen.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress.
  3. Go to WooCommerce Settings CertNode Reflex.
  4. Enter your CertNode API key (generate one at certnode.io/dashboard).
  5. Click “Test Connection” to verify.
  6. Click “Connect Stripe Account” to authorize CertNode to handle disputes on your behalf.
  7. Optionally click “Sync Last 30 Days” to send historical orders.

That’s it. New disputes are picked up and defended for you.

Perguntas frequentes

Do I need a CertNode account?

Yes. Create a free account at certnode.io, then generate an API key from your dashboard.

Do I need to install the CertNode Stripe App separately?

No. Reflex connects directly to Stripe via OAuth from the plugin settings, so a single install covers dispute detection and evidence submission.

I already have the CertNode Stripe App installed. Do I need both?

The plugin works with or without the Stripe App. If you have both installed, CertNode automatically deduplicates, so each dispute is only processed once. The plugin adds WooCommerce order data enrichment on top of the Stripe App’s existing evidence.

What payment gateways are supported?

Stripe has the deepest integration with one-click OAuth connection. The plugin also sends order data for any WooCommerce payment gateway, which enriches evidence when disputes arrive through Stripe.

How much does it cost?

$0 monthly. You only pay a 15% success fee when CertNode wins a dispute for you. If we don’t win, you don’t pay.

How do I pay the success fee?

When a defended dispute is won, the 15% fee charges your saved card automatically. If no card is saved, the fee arrives as a Stripe invoice by email instead. You can save a card anytime from the plugin settings; card details are entered on Stripe’s checkout page, never on your site.

Is my data secure?

All data is transmitted over HTTPS. Your API key authenticates every request and is stored server-side only; it is never exposed on your storefront. Stripe OAuth uses industry-standard authorization, and CertNode only accesses dispute-related data. Built on SOC 2 certified infrastructure (Supabase, Vercel, AWS).

Can I sync historical orders?

Yes. After configuring your API key, click “Sync Last 30 Days” in the CertNode Reflex settings tab to send recent orders for evidence enrichment.

Can I disconnect Stripe later?

Yes. You can revoke access anytime from your Stripe Dashboard under Settings Connected accounts.

Avaliações

Este plugin não tem avaliações.

Contribuidores e programadores

“CertNode Reflex” é software de código aberto. As seguintes pessoas contribuíram para este plugin:

Contribuidores

Registo de alterações

1.4.1

  • New: Save a fee payment card from plugin settings. When a defended dispute is won, the 15 percent success fee charges the saved card automatically instead of arriving as a separate invoice to pay by hand.
  • New: After connecting Stripe, you land directly on a secure card-save page to finish setup in one flow.
  • New: The settings page shows whether a payment card is on file.
  • New: A review prompt appears after Reflex wins a dispute for your store.
  • New: Links to CertNode’s managed dispute services for stores that want hands-on help.

1.4.0

  • Security: the Stripe authorization flow no longer passes the CertNode API key through the browser. The plugin now requests the Stripe authorization URL server-to-server (API key in the Authorization header) and sends the browser directly to Stripe, so the key never appears in browser history or a referrer.
  • Copy: removed time-promise and absolute-automation language (“60 seconds”, “before you know there’s a dispute”, “fully automated”, “handles everything”) in favor of accurate, deadline-framed descriptions of what the plugin does.
  • Fixed malformed table markup in the connected settings view.
  • Corrected the External Services disclosure to describe the new server-to-server Stripe authorization handoff.

1.3.0

  • Removed the optional Device Fingerprinting feature from the WordPress.org distribution. It loaded a script from an external origin, which the plugin directory does not permit for directory-hosted plugins. Device/fraud evidence remains available through CertNode’s hosted Stripe integration.
  • Security: the CertNode API key (a secret) is no longer rendered onto the storefront — it stays server-side only.
  • Cron: the retry-queue event is now cleared on plugin deactivation (previously cleared only on full uninstall), and its handler is always attached while the plugin is active.
  • Documentation: corrected the External Services disclosure to exactly match the data the plugin sends (added customer phone and order note; removed an inaccurate IP-address mention) and documented the Stripe authorization handoff.
  • Internationalization: status messages now use complete, translatable sentences with placeholders.

1.2.0

  • Device Fingerprinting now defaults to enabled on new installs. Existing installs are unaffected — your prior choice (enabled or disabled) is preserved.
  • Fixed device fingerprint submit URL.
  • Renamed add_api_key_attribute add_certnode_script_attributes to reflect the dual-attribute injection.

1.1.1

  • Replaced raw <script> tag injection with wp_enqueue_script
  • Moved admin JavaScript from inline string to separate file (assets/js/admin.js) loaded via wp_enqueue_script + wp_localize_script
  • Replaced jQuery .html() calls with safe DOM-construction patterns to prevent DOM-XSS
  • Added == External services == section to readme documenting all external API calls

1.1.0

  • Standalone Stripe Connect — connect your Stripe account directly from plugin settings
  • Automatic dispute detection via Stripe webhooks (no other apps needed)
  • Evidence submission within 60 seconds
  • Dispute outcome tracking and win rate stats
  • Success fee billing only on won disputes (15%)

1.0.0

  • Initial release
  • Order event sync (payments, fulfillments, refunds)
  • WooCommerce Settings tab with API key configuration
  • Connection test and historical order sync
  • Order metabox showing CertNode receipt status
  • Retry queue for failed API calls
  • HPOS (High-Performance Order Storage) compatibility