ChatGPT Checkout Module for PrestaShop (ACP) — Installation & configuration
Expose your catalogue and checkout to AI agents (ChatGPT, Claude, Perplexity) through the Agentic Commerce Protocol.
This module turns your PrestaShop store into an agentic-commerce backend that conforms to the Agentic Commerce Protocol (ACP), the open standard maintained by OpenAI and Stripe. An AI agent (ChatGPT, Claude, Perplexity) can discover your products through an authenticated feed, create a checkout session, then complete the purchase — which creates a real PrestaShop order in your store.
Requirements
- PrestaShop 8.0 to 9.x (multistore-compatible).
- Store served over HTTPS (the protocol requires it; the endpoints force SSL).
- Friendly URLs enabled (SEO & URLs → URL rewriting): the REST paths depend on it.
- A Stripe account if you want to enable delegated payment (optional).
Without Friendly URLs, paths like /acp/checkout_sessions are not resolved. A warning is shown in the module configuration until URL rewriting is active.
Installation
- Back office → Modules → Upload a module, then select the
dfaiagent.ziparchive. - Enable Friendly URLs if not already done.
- Open the module configuration: copy the Base URL and the API key for the agent-platform onboarding.
Configuration
API key (Bearer)
An API key is generated on install. Agents authenticate with the header Authorization: Bearer YOUR_API_KEY. You can regenerate the key any time from the panel; the old one stops working immediately.
Base URL slug
Path segment for the endpoints (default acp). The base URL then looks like https://your-store.com/acp.
Signature verification
When enabled, the module verifies the Signature header: a base64-encoded HMAC-SHA256 of the raw request body, computed with the shared secret provided by the agent platform.
Order webhooks
Set the platform webhook URL and a signing secret. On order creation, an order_created event is pushed, signed via the DataFirefly-Signature header.
Stripe delegated payment (optional)
If “Charge via Stripe” is enabled and a Stripe secret key is set, the shared payment token received on completion is charged through a confirmed Stripe PaymentIntent before the order is created.
Order statuses
Choose the initial status (order created without a module charge) and the “paid” status (successful Stripe charge).
Endpoints
With the default slug acp:
POST /acp/checkout_sessions— create a sessionPOST /acp/checkout_sessions/{id}— update (items, address, fulfillment option)GET /acp/checkout_sessions/{id}— retrieve current statePOST /acp/checkout_sessions/{id}/complete— complete and create the orderPOST /acp/checkout_sessions/{id}/cancel— cancelGET /acp/feed?page=1&limit=200— product feed
Create a session
curl -X POST "https://your-store.com/acp/checkout_sessions" -H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" -d '{ "items": [ { "id": "42", "quantity": 1 } ] }'The response returns the full cart state: line_items, totals, fulfillment_options, currency and status. Amounts are in minor units (cents).
Update (address, shipping)
curl -X POST "https://your-store.com/acp/checkout_sessions/cs_XXXX" -H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" -d '{ "fulfillment_option_id": "ship_2" }'Complete
curl -X POST "https://your-store.com/acp/checkout_sessions/cs_XXXX/complete" -H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" -d '{ "buyer": { "name": "Mary Smith", "email": "mary@example.com" }, "payment_data": { "token": "spt_123", "provider": "stripe" } }'On success, a PrestaShop order is created and the response includes an order object (id + permalink).
Authentication and signature
Every request must carry the Authorization: Bearer header with the API key. When signature verification is enabled, the module recomputes the HMAC-SHA256 of the body and compares it to the Signature header using a constant-time comparison. The Idempotency-Key and Request-Id headers are echoed back in the response.
Item id encoding
The ACP item.id follows the format {product_id} or {product_id}-{combination_id}. Example: 42 for a simple product, 42-7 for combination 7 of product 42. The same encoding is used in the product feed.
Product feed
The GET /acp/feed endpoint (authenticated) exposes your active products and their combinations, with price, availability, inventory_quantity and enable_checkout. Use page and limit for pagination.
Stripe delegated payment
Before going live, verify the Stripe “agentic payments” field names against your account configuration (the chargeStripe method in classes/DfAiAgentOrder). Payment stays optional: without a module charge, the order is created in the initial status and captured by your PSP.
Order webhooks
On order creation, the module sends an order_created event to the configured URL, with an ACP status derived from the PrestaShop order state (created, confirmed, shipped, fulfilled, canceled). The payload is HMAC-signed.
Connecting an agent platform
Provide the platform (e.g. the ChatGPT Instant Checkout onboarding) with: the Base URL, the API key, and if needed the signing secret and the webhook URL/secret. Since the module stays the merchant of record, you keep control over stock, prices, taxes and payment.
Troubleshooting
Endpoints return a 404 / HTML page
Enable Friendly URLs and clear the PrestaShop cache. Check that the base slug matches the URL passed to the platform.
401 response
The API key is missing or wrong in the Authorization header, or the signature does not match the configured secret.
The order is not created
Make sure a valid fulfillment address and a fulfillment option are provided, that stock is sufficient, and — if the Stripe charge is enabled — that the Stripe secret key is correct.