| 开发者 | certnode |
|---|---|
| 更新时间 | 2026年7月11日 09:49 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
certnode-reflex folder to the /wp-content/plugins/ directory, or install directly through the WordPress plugins screen.Yes. Create a free account at certnode.io, then generate an API key from your dashboard.
No. Reflex connects directly to Stripe via OAuth from the plugin settings, so a single install covers dispute detection and evidence submission.
The plugin works with or without the Stripe App. If you have both installed, CertNode automatically deduplicates, so each dispute is only processed once. The plugin adds WooCommerce order data enrichment on top of the Stripe App's existing evidence.
Stripe has the deepest integration with one-click OAuth connection. The plugin also sends order data for any WooCommerce payment gateway, which enriches evidence when disputes arrive through Stripe.
$0 monthly. You only pay a 15% success fee when CertNode wins a dispute for you. If we don't win, you don't pay.
When a defended dispute is won, the 15% fee charges your saved card automatically. If no card is saved, the fee arrives as a Stripe invoice by email instead. You can save a card anytime from the plugin settings; card details are entered on Stripe's checkout page, never on your site.
All data is transmitted over HTTPS. Your API key authenticates every request and is stored server-side only; it is never exposed on your storefront. Stripe OAuth uses industry-standard authorization, and CertNode only accesses dispute-related data. Built on SOC 2 certified infrastructure (Supabase, Vercel, AWS).
Yes. After configuring your API key, click "Sync Last 30 Days" in the CertNode Reflex settings tab to send recent orders for evidence enrichment.
Yes. You can revoke access anytime from your Stripe Dashboard under Settings → Connected accounts.
add_api_key_attribute → add_certnode_script_attributes to reflect the dual-attribute injection.<script> tag injection with wp_enqueue_scriptassets/js/admin.js) loaded via wp_enqueue_script + wp_localize_script.html() calls with safe DOM-construction patterns to prevent DOM-XSS== External services == section to readme documenting all external API calls