POSSAT – Bitcoin Payment Gateway

POSSAT is a non-custodial Bitcoin payment gateway for WooCommerce. Customers pay directly to your own wallet — POSSAT never touches your funds.

Unlike traditional payment processors, POSSAT uses your extended public key (xpub) to generate unique Bitcoin addresses for each order. This means you maintain full control of your funds at all times.

This plugin requires a free POSSAT account and connects to the POSSAT API as a third-party service. See the External services section below for full details on what data is sent and when.

Why POSSAT?

• Non-custodial — Payments go directly to your Bitcoin wallet. No intermediary holds your funds.
• Real-time detection — Payments are detected in the Bitcoin mempool within seconds, not minutes.
• Zero fees from POSSAT — No transaction fees, no percentage cuts. Only standard Bitcoin network fees paid by the customer.
• Privacy-friendly — Unique address per order. No address reuse.
• Production & Testnet — Switch between mainnet and testnet with one click. Test your setup before going live.

Features

• Accept Bitcoin payments at WooCommerce checkout
• QR code payment page with countdown timer (15 min expiry)
• Automatic order status updates via secure webhooks
• Bitcoin transaction details shown in admin and customer order pages (with mempool.space links)
• HMAC-SHA256 webhook signature verification
• Compatible with WooCommerce HPOS (High-Performance Order Storage)
• Compatible with WooCommerce Checkout Blocks
• Built-in setup guide with step-by-step instructions
• Multi-language ready (English and Spanish included)

How It Works

1. Customer selects "Pay with Bitcoin" at checkout
2. Customer is redirected to a POSSAT payment page with a QR code
3. Customer scans the QR code and pays from any Bitcoin wallet
4. POSSAT detects the payment on the Bitcoin network and notifies your store via webhook
5. Your WooCommerce order is automatically updated to "Processing"
6. Customer is redirected back to your store

What You Need

1. A free POSSAT account at app.possat.com
2. A Bitcoin wallet that supports extended public keys (xpub/ypub/zpub) — Electrum, Sparrow, BlueWallet, etc.
3. This plugin installed on your WooCommerce store

Links

• POSSAT Website
• Create Account
• Demo Environment (testnet)

External services

This plugin relies on the POSSAT API, a third-party service operated by BEWTOC CORBI SL. POSSAT is a non-custodial Bitcoin payment terminal that monitors the Bitcoin blockchain on your behalf to detect and confirm payments made to addresses derived from your own extended public key (xpub). Customer funds always go directly to your wallet — POSSAT never holds any funds.

The plugin connects to one of two POSSAT environments depending on the Environment setting in the plugin configuration:

• Production (mainnet) — https://app.possat.com/api/v1
• Test / Demo (testnet) — https://demo.possat.com/api/v1

What data is sent and when

• When a customer places an order using the POSSAT payment method: the plugin sends the order total in EUR (amount_eur), an internal order reference (external_reference, e.g. WC-123), and the WooCommerce order-received URL (callback_url) to POST /payments. This is required to create a Bitcoin payment request and obtain a payment page URL and a unique Bitcoin address for that order. No customer personal data (name, email, address, IP) is sent.
• When an admin saves the plugin settings or loads the setup screen: the plugin may send a request to GET /business/me to validate the API token and retrieve the merchant's business information. No customer data is involved.
• Authentication: every request includes the merchant's POSSAT API token (configured in the plugin settings) as a Bearer token in the Authorization header.

After payment, the POSSAT service contacts the store back via an inbound webhook (signed with HMAC-SHA256) to update the order status. No additional outbound requests are made by the plugin during this step.

Service provider, terms and privacy

• Service provider: BEWTOC CORBI SL (operator of POSSAT)
• POSSAT website: https://possat.com
• Terms of Service: https://possat.com/terms/
• Privacy Policy: https://possat.com/privacy/
• Legal notice: https://possat.com/legal/