Clover's webhook system is how real-time sync actually happens. When it works, a sale on the POS updates WooCommerce within seconds. When it silently stops, sync falls back to scheduled polling (hourly at best) and your online catalog starts drifting. This guide walks through the seven root causes we see most often, ordered by frequency.
Symptoms: how you know webhooks aren't firing
- Changes made on Clover POS don't appear in WooCommerce until the hourly cron runs.
- Inventory counts lag the POS by 15+ minutes consistently.
- The CloverWoo (or your integration plugin) activity log shows only scheduled-sync entries, no webhook-triggered events.
- Clover Developer Dashboard shows webhook delivery failures or the subscription in a paused state.
1. Webhook subscription URL typo
The single most common cause. In the Clover Developer Dashboard, the webhook URL has to match your WordPress site exactly, including trailing slash behavior and the correct REST endpoint path. A stray /wp-admin/ or missing /v1/ is enough to silently 404 every event.
Fix: copy the webhook URL from the CloverWoo (or your plugin) settings page and paste it verbatim into the Clover Developer Dashboard webhook subscription. Save, then use Clover's built-in 'Send Test Event' to verify you get a 200 back.
2. Firewall or WAF blocking Clover IPs
Cloudflare, Sucuri, Wordfence, and host-level WAFs often block POST requests without a human User-Agent as suspicious. Clover's webhook delivery agent has its own UA string that can get blocked by default rules.
Fix: allowlist Clover's webhook delivery IPs (Clover publishes the list in their developer docs) at your WAF. If you use Cloudflare, create a firewall rule that whitelists requests whose source IP matches those ranges and path matches your webhook URL. Then confirm by re-running Clover's test event.
3. HTTPS certificate problems
Clover only posts to HTTPS endpoints and validates the certificate. If your cert is expired, uses a weak cipher, or doesn't chain to a trusted root, delivery fails silently from the Clover side.
Fix: run your webhook URL through SSL Labs' test. Any grade below A- is a risk. Renew, enable a modern cipher suite, and make sure the intermediate cert is installed.
4. Signature verification mismatch
Clover signs every webhook payload. If your plugin's signature check rejects events (wrong secret, wrong algorithm), you'll get a 401 or 403 back to Clover, and after enough consecutive failures Clover pauses the subscription.
Fix: in the Clover Developer Dashboard, re-copy the webhook signing secret and paste it into the plugin settings. Save. Then check the plugin log for signature-related errors. If the subscription is paused, resume it from Clover's dashboard.
5. Event types not subscribed
Webhooks are event-scoped. You have to subscribe to each event type you care about: items (I), inventory (IC), orders (O), customers (C), payments (P). Missing a subscription means that category of change won't fire.
Fix: in the Clover Developer Dashboard's webhook subscription, ensure all of I, IC, O, C, P are checked. If you only want a subset (e.g. sync is Clover-to-Woo only for products), match the subscriptions to what your plugin expects.
6. Hosting agent dropping long requests
Some budget WordPress hosts drop POST requests that take longer than a few seconds to respond. If your plugin processes the webhook synchronously and hits a slow code path (a massive product fetch, for instance), the host terminates the request, and Clover treats that as a delivery failure.
Fix: verify your plugin processes webhooks asynchronously — enqueues the event and returns 200 immediately. CloverWoo does this by default. If you're on a shared host that can't handle moderate burst traffic, move to managed WordPress hosting.
7. OAuth token revoked or expired
If the Clover merchant's OAuth token is revoked (for any reason — admin user disconnected the app, token rotation, etc.), webhooks keep being sent but your plugin can't act on them because follow-up API calls fail.
Fix: from the plugin settings, click 'Reconnect to Clover' and complete the OAuth flow. Confirm the 'Connected' status. This re-issues the tokens without breaking the webhook subscription.
5-minute triage checklist
- Send a test event from the Clover Developer Dashboard. Response code?
- Check your plugin's webhook log — any inbound events in the last hour?
- If test event 200s but nothing in log → signature or routing issue (causes 1, 4).
- If test event fails with network error → WAF, HTTPS, or URL (causes 1, 2, 3).
- If test event 200s and log shows receipt but nothing writes to Woo → OAuth token (cause 7).
Frequently asked questions
How often does Clover retry a failed webhook?
Clover retries failed webhook deliveries with exponential backoff. After enough consecutive failures (typically 24 hours of retries) the subscription is automatically paused.
Can I see Clover's webhook delivery history?
Yes. The Clover Developer Dashboard shows delivery attempts, response codes, and timing for each webhook subscription — use it as your first diagnostic tool.
Does CloverWoo verify webhook signatures?
Yes. CloverWoo validates the HMAC signature on every inbound webhook using the subscription's signing secret. Misconfigured secrets show up as 403 responses in the Clover dashboard.
What if my host is blocking webhooks at the IP level?
Talk to your host about allowlisting Clover's published webhook-delivery IP ranges. Most managed WordPress hosts have a path to allowlist specific inbound traffic.