Deludente

  • enri90

    (@enri90)


    2 months, 3 weeks ago

    Purtroppo l’esperienza di integrazione con Sendcloud è stata deludente.

    Il processo di installazione è chiaramente legacy e non allineato agli standard moderni di sicurezza e integrazione. Per poter creare i webhook è necessario creare un utente WordPress con ruolo “Gestore negozio”, pratica discutibile e poco sicura, soprattutto in contesti professionali dove l’accesso deve essere minimo e controllato.

    Inoltre, l’integrazione entra facilmente in conflitto con Cloudflare: anche una semplice regola di protezione anti-bot è sufficiente a bloccare le comunicazioni, senza che Sendcloud fornisca indicazioni chiare o soluzioni robuste (ad esempio IP allowlist ufficiali, firme dei webhook, token dedicati, ecc.).

    Il risultato è che si perdono ore a diagnosticare problemi che non dipendono dallo store, ma da un’architettura di integrazione ormai superata.

    Nel 2025 ci si aspetterebbe un collegamento tra store e Sendcloud più semplice, più sicuro e più pratico, senza dover abbassare le difese del sito o creare utenti con privilegi elevati solo per far funzionare un webhook.

    Il servizio in sé può essere valido, ma l’esperienza tecnica di onboarding e integrazione può e deve essere migliorata.

Viewing 1 replies (of 1 total)
  • developmentsendcloud

    (@developmentsendcloud)

    2 months, 3 weeks ago

    Hi @enri90 ,

    Thank you for taking the time to share detailed feedback about Sendcloud integration with WooCommerce. We understand it can be frustrating when the onboarding and setup process takes more time than you hoped for. We also understand concerns over security.

    Why is a Store Manager account required?

    The Shop Manager user is a requirement based on how the WooCommerce REST API is designed. In WooCommerce, API keys do not have permissions on their own. Instead, they inherit the permissions of the WordPress user they are associated with. To access and manage data like orders, the API key must be linked to a user with a role that has sufficient permissions. The minimum required role for managing a store’s orders and products is Shop Manager.

    To ensure our integration can function correctly (e.g., read and write order information), we must create a dedicated Shop Manager user and generate the API keys for that specific account.

    Currently, this is the standard and required method for API-based integrations with WooCommerce. An alternative that doesn’t involve creating a user is not possible because the platform’s architecture is built around user-role-based permissions for its API.

    Creating a dedicated user for a specific application is also a security best practice. It isolates the integration’s permissions and allows you to easily revoke access at any time you wish.

    Cloudflare conflict

    We did have some reports regarding a potential block by Cloudflare. In most case, Bot Fight Mode was causing the issue. We have a dedicated article that helps with resolving Cloudflare issues – here.

    We would like to invite you to reach out to our support to better understand the points you’ve raised and assist you further. We take all feedback into account and make sure that all issues are addressed completely.

    Thank you in advance and have a nice day!

    Best regards,
    Sendcloud Team

Viewing 1 replies (of 1 total)

You must be logged in to reply to this review.