WooCommerce
WordPress store revenue, orders and product performance — read-only via REST API.
Why founders connect WooCommerce
Most WooCommerce store owners have no easy way to see yesterday's revenue without logging into WordPress. Fold pulls your daily sales totals, refund rate, and top products into a single view alongside your email, traffic, and ad spend — so you stop living in five separate tabs.
How your data flows
From WooCommerce to your Fold dashboard
This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.
WooCommerce API
Encrypted API key
Your API key is stored encrypted (AES-256) in our database. It is sent only to WooCommerce's API over TLS 1.3 and never logged.
Read-only API requests
5 HTTP GET calls per sync
Fold makes 5 read-only requests to WooCommerce's API — the exact endpoints are documented in the section below. No write requests are ever made.
Filter & aggregate
Personal data stripped before storage
The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.
Stored in your account
AES-256 at rest · row-level isolation
The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.
Shown in your dashboard
Overview · Analytics · AI Digest
The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.
Step 1 — How you connect
The exact connection flow
Here is precisely what happens when you connect WooCommerce to Fold, step by step.
- 1Go to your WordPress admin → WooCommerce → Settings → Advanced → REST API.
- 2Click "Add key". Set Description to "Fold Analytics" and Permissions to "Read".
- 3Click "Generate API key". Copy the Consumer Key and Consumer Secret.
- 4Paste both values into Fold's Settings tab along with your store URL.
- 5Fold validates the credentials and performs an initial sync.
- 6Delete the API key from WooCommerce at any time to revoke access.
Step 2 — Permissions we request
Exactly what access Fold asks for
We request the minimum permissions needed. No more.
- Read-only WooCommerce REST API key — permissions explicitly set to Read only.
- Fold never requests Write or Read/Write permission levels.
Step 3 — API calls Fold makes
Every request we send to WooCommerce
These are the exact API endpoints Fold calls during each sync, and why.
GET /wp-json/wc/v3/orders
Revenue totals, order counts and average order value.
GET /wp-json/wc/v3/reports/sales
Aggregated sales report for the period.
GET /wp-json/wc/v3/products/top_sellers
Top products by units sold and revenue.
GET /wp-json/wc/v3/customers?role=customer
New vs returning customer count.
GET /wp-json/wc/v3/reports/orders/totals
Order status breakdown (completed, refunded, cancelled).
API impact: Fold makes approximately 5 REST API requests per sync, well within WooCommerce's default rate limits. Syncs run once daily and take under 3 seconds.
What we store
Exactly what lands in our database
Every field we persist — with a real example and the reason it exists. Nothing more is stored.
| Field | Example value | Why we store it |
|---|---|---|
| Total sales revenue (period) | $9,200 this month | Revenue KPI tile. |
| Net revenue (after refunds) | $8,760 | Actual income metric. |
| Total order count | 204 orders | Volume metric. |
| Average order value (AOV) | $45.10 | Order quality metric. |
| New customers count | 89 new | Acquisition metric. |
| Top 5 products by revenue | Widget X: $3,200 | Product performance widget. |
| Refund count and total | 7 refunds, $315 | Refund rate metric. |
What a daily sync actually stores
One day's record — verbatim
This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.
{
"date": "2025-04-23",
"revenue": "9240.50",
"order_count": "204",
"avg_order_value": "45.30",
"new_customers": "89",
"refund_count": "7",
"refund_total": "315.00",
}
No customer names. No emails. No transaction IDs. Just numbers.
What we never store
Data Fold never touches
These fields are explicitly excluded. Even if the WooCommerce API returns them, Fold ignores and discards them before any storage step.
- Individual order details or line items beyond the order total
- Customer phone numbers, shipping addresses or billing addresses
- Customer account passwords
- Payment gateway credentials or transaction IDs
- WordPress database credentials
- Your WooCommerce Consumer Secret (used for authentication only, encrypted at rest, never logged)
What Fold never does
Hard limits — enforced at the API level
These aren't just policies — they're technically impossible given the permissions we request. WooCommerce's own API enforces them.
- Create, edit or delete orders, products or customers
- Process refunds or modify order status
- Access your WordPress admin or site configuration
- Write to your WordPress database
- Share your store data with any third party
- Use your store data to train AI models
Privacy note — WooCommerce specific
Your WooCommerce Consumer Key and Consumer Secret are stored encrypted (AES-256) and used only to authenticate API requests. They are never logged or returned via the Fold API. Fold only calls read endpoints to retrieve aggregate sales data.
Data retention
How long we keep it
Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.
Refresh frequency
How often we sync
Automatic sync every 24 hours. Manual refresh available from Settings.
How to revoke access
You are always in control
You can disconnect WooCommerce from Fold at any time — from either side. Both options immediately stop all data access.
From Fold
Settings → WooCommerce → Disconnect. All synced WooCommerce data is deleted immediately.
From WooCommerce directly
WordPress Admin → WooCommerce → Settings → Advanced → REST API → Delete the Fold Analytics key.
Open WooCommerce settingsSecurity standards
How your credentials are protected
AES-256 encryption at rest
Your API key is encrypted with AES-256 before being written to our database. It is never stored, logged, or returned in plaintext.
TLS 1.3 in transit
All API calls from Fold to WooCommerce use TLS 1.3. Your credentials cannot be intercepted in transit.
Read-only enforcement
WooCommerce's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.
Row-level security
Your synced data is isolated in our database with row-level security. No other Fold user can query your data.
FAQ
Questions about the WooCommerce integration
Can Fold see my customers' names or email addresses?
No. We only store aggregate counts and totals. Individual customer records, contact details and order notes are never accessed or stored.
Is my WooCommerce Consumer Secret stored securely?
Yes. It is encrypted with AES-256 before storage and never logged, exposed via our API, or transmitted in plaintext.
My store is self-hosted. Does Fold need access to my server?
No. Fold communicates with your store exclusively through the WooCommerce REST API over HTTPS. We never access your server directly, your WordPress admin, or your database.
Can Fold modify my products or prices?
No. The WooCommerce API key you create must be set to Read Only — this is a hard permission enforced by WooCommerce. Fold cannot perform any write operations.
Other live integrations
See how other connections work
Ready to connect WooCommerce?
Start your free trial — no credit card
7 days full access. Connect WooCommerce and every other live integration. Cancel anytime. Your data deleted on request, immediately.