How to Set Up Prescription Verification on WooCommerce (Step-by-Step Tutorial)

If you sell prescription medical devices on WooCommerce, adding a prescription verification gate to your checkout is not optional — it is a legal requirement. CPAP machines, certain hearing aids, powered mobility devices, and other FDA-regulated products cannot be sold without collecting and verifying a valid prescription.

This step-by-step tutorial walks you through setting up RxCompliant prescription verification on WooCommerce, from installing the widget to configuring auto-approval rules and customizing the checkout flow. Whether you use the no-code widget, the JavaScript SDK, or the full REST API, we have you covered.

Prerequisites

Before you start, make sure you have:

• A WooCommerce store running WordPress 6.0+ with WooCommerce 8.0+
• An RxCompliant account (free tier works for up to 50 verifications per month)
• Your RxCompliant API key (found in your dashboard under Settings → API Keys)
• Products that require prescription verification properly identified in your catalog

Method 1: No-Code Widget Installation (Recommended)

The fastest way to add prescription verification to WooCommerce is the RxCompliant embeddable widget. No coding required.

Step 1: Get Your Widget Embed Code

Log into your RxCompliant dashboard, navigate to Integrations → WooCommerce, and copy the widget embed code. It will look something like this:

<script src="https://widget.rxcompliant.com/v2/verify.js"
  data-store-id="your-store-id"
  data-position="product-page"
  data-theme="auto"></script>

Step 2: Add the Widget to Your Product Pages

In your WordPress admin, go to Appearance → Theme Editor (or use your child theme). Open your single-product.php template or use the WooCommerce hook system. The recommended approach is to add the widget via a hook in your theme's functions.php:

// Add RxCompliant prescription verification to product pages
add_action('woocommerce_before_add_to_cart_button', function() {
    global $product;

    // Only show on products tagged as prescription-required
    if (!has_term('prescription-required', 'product_tag', $product->get_id())) {
        return;
    }

    echo '<div id="rx-verification-widget"></div>';
    echo '<script src="https://widget.rxcompliant.com/v2/verify.js"
        data-store-id="your-store-id"
        data-product-id="' . esc_attr($product->get_id()) . '"
        data-target="#rx-verification-widget"
        data-block-cart="true"
        data-theme="auto"></script>';
});

The data-block-cart="true" attribute prevents the customer from adding the product to their cart until a valid prescription is uploaded and verified. This is the core compliance mechanism.

Step 3: Tag Your Prescription-Required Products

In WooCommerce, add a product tag called prescription-required to every product that requires prescription verification. This ensures the widget only appears on the relevant product pages and does not interfere with your accessory or supply product pages.

Step 4: Configure Widget Settings

In your RxCompliant dashboard, configure the widget behavior:

• Accepted document types: PDF, JPG, PNG, HEIC (enable all for maximum compatibility)
• Auto-approval threshold: Set the AI confidence score above which prescriptions are approved automatically (recommended: 85%)
• Required fields: Patient name, prescriber NPI, device type, prescription date, pressure settings (customize based on your product categories)
• Branding: Upload your logo and set colors to match your store theme
• Notification emails: Configure email templates for approval, rejection, and manual review notifications

Step 5: Test the Integration

Use the RxCompliant test mode (toggle in your dashboard) to submit test prescriptions without triggering real NPI verification. Verify that:

• The widget appears on prescription-required products only
• The add-to-cart button is disabled until verification completes
• Approved prescriptions unlock the add-to-cart button
• Rejected prescriptions display a clear error message with instructions
• Manual review cases show a "pending review" status to the customer

Method 2: JavaScript SDK Integration

For more control over the user experience, use the RxCompliant JavaScript SDK. This gives you full programmatic control over the verification flow.

Step 1: Include the SDK

<script src="https://cdn.rxcompliant.com/sdk/v2/rxcompliant.min.js"></script>

Step 2: Initialize the SDK

<script>
const rx = new RxCompliant({
  storeId: 'your-store-id',
  apiKey: 'your-public-api-key',  // Public key only, never expose secret key
  environment: 'production',       // Use 'sandbox' for testing
  onVerified: function(result) {
    console.log('Prescription verified:', result);
    // Enable add-to-cart button
    document.querySelector('.single_add_to_cart_button')
      .removeAttribute('disabled');
    // Store verification token for checkout
    document.getElementById('rx-token').value = result.verificationToken;
  },
  onRejected: function(result) {
    console.log('Prescription rejected:', result.reason);
    alert('Prescription could not be verified: ' + result.reason);
  },
  onPending: function(result) {
    console.log('Sent for manual review:', result.reviewId);
  }
});

// Open the verification modal
document.getElementById('upload-rx-btn').addEventListener('click', function() {
  rx.openVerification({
    productId: '{{ product_id }}',
    productName: '{{ product_name }}',
    requiredFields: ['patient_name', 'prescriber_npi', 'device_type', 'date']
  });
});
</script>

Step 3: Block Checkout Without Verification

Add a hidden field to your WooCommerce cart form to store the verification token, then validate it during checkout:

// In functions.php: Validate prescription token at checkout
add_action('woocommerce_checkout_process', function() {
    $cart_items = WC()->cart->get_cart();

    foreach ($cart_items as $item) {
        $product_id = $item['product_id'];
        $product = wc_get_product($product_id);

        if (has_term('prescription-required', 'product_tag', $product_id)) {
            $rx_token = WC()->session->get('rx_verification_' . $product_id);

            if (empty($rx_token)) {
                wc_add_notice(
                    'A valid prescription is required for ' .
                    $product->get_name() .
                    '. Please upload your prescription before checkout.',
                    'error'
                );
            }
        }
    }
});

Method 3: REST API Integration

For fully custom implementations or headless WooCommerce setups, use the RxCompliant REST API directly.

Step 1: Create a Verification Request

// Server-side (PHP) - Create verification request
$response = wp_remote_post('https://api.rxcompliant.com/v1/verify', [
    'headers' => [
        'Authorization' => 'Bearer ' . RXCOMPLIANT_SECRET_KEY,
        'Content-Type'  => 'application/json',
    ],
    'body' => json_encode([
        'store_id'    => 'your-store-id',
        'order_ref'   => $order_id,
        'product_id'  => $product_id,
        'patient'     => [
            'first_name' => $customer_first_name,
            'last_name'  => $customer_last_name,
            'email'      => $customer_email,
        ],
        'document'    => base64_encode($prescription_file_contents),
        'document_type' => 'application/pdf',
        'callback_url'  => home_url('/wp-json/rxcompliant/v1/webhook'),
    ]),
]);

$result = json_decode(wp_remote_retrieve_body($response), true);

if ($result['status'] === 'approved') {
    // Prescription verified, proceed with order
} elseif ($result['status'] === 'pending_review') {
    // Hold order until manual review completes
} else {
    // Prescription rejected
}

Step 2: Handle Webhook Callbacks

For asynchronous verifications (manual review cases), set up a webhook endpoint to receive verification results:

// Register webhook endpoint
add_action('rest_api_init', function() {
    register_rest_route('rxcompliant/v1', '/webhook', [
        'methods'  => 'POST',
        'callback' => 'handle_rx_webhook',
        'permission_callback' => function($request) {
            // Verify webhook signature
            $signature = $request->get_header('X-RxCompliant-Signature');
            $payload = $request->get_body();
            $expected = hash_hmac('sha256', $payload, RXCOMPLIANT_WEBHOOK_SECRET);
            return hash_equals($expected, $signature);
        },
    ]);
});

function handle_rx_webhook($request) {
    $data = $request->get_json_params();

    $order_id = $data['order_ref'];
    $status = $data['verification_status'];  // approved, rejected
    $order = wc_get_order($order_id);

    if (!$order) {
        return new WP_REST_Response(['error' => 'Order not found'], 404);
    }

    if ($status === 'approved') {
        $order->update_status('processing', 'Prescription verified by RxCompliant');
        $order->add_meta_data('_rx_verification_id', $data['verification_id']);
        $order->save();
    } else {
        $order->update_status('on-hold', 'Prescription rejected: ' . $data['reason']);
        // Notify customer
        do_action('rxcompliant_prescription_rejected', $order, $data);
    }

    return new WP_REST_Response(['received' => true], 200);
}

Configuring Auto-Approval Rules

RxCompliant's rules engine lets you customize exactly how prescriptions are evaluated. In your dashboard, navigate to Settings → Verification Rules to configure:

Confidence Threshold

Set the minimum AI confidence score for auto-approval. We recommend:

• 85% or higher: Good balance of speed and accuracy for most retailers
• 90% or higher: More conservative, sends more to manual review but reduces false approvals
• 75% or higher: More permissive, faster approvals but requires spot-checking

Required Field Validation

Configure which fields must be present and valid for auto-approval:

• Patient name must match customer name (with fuzzy matching for minor variations)
• Prescriber NPI must be active in NPPES database
• Prescription date must be within validity period (configurable, default 12 months)
• Device type must match ordered product category
• Pressure settings must be within safe ranges

Fraud Detection Rules

Enable built-in fraud detection to flag suspicious prescriptions:

• Duplicate prescription detection (same document submitted for multiple orders)
• Prescriber volume alerts (single prescriber generating unusually high verification volume)
• Document tampering detection (AI analysis for signs of image manipulation)
• Blacklisted prescriber NPIs (if you have identified problematic prescribers)

Learn more about fraud detection in our article on reducing prescription fraud.

Customizing the Verification User Experience

The default RxCompliant widget works well for most stores, but you may want to customize the experience to match your brand and workflow:

Custom Upload Instructions

Add product-specific upload instructions that guide customers on what their prescription should include. For CPAP products, instruct customers to upload a prescription showing pressure settings. For hearing aids, request the audiogram along with the prescription.

Multi-Language Support

The widget supports English, Spanish, French, and Portuguese out of the box. Enable additional languages in your dashboard under Settings → Localization.

Mobile Optimization

The widget automatically adapts to mobile screens, but if you are using the JavaScript SDK, test the upload flow on mobile devices. Many customers will photograph their prescription with their phone camera. Ensure the upload accepts camera capture in addition to file selection.

Handling Edge Cases

Customer Does Not Have Prescription Yet

Some customers will want to purchase a CPAP machine before obtaining their prescription. You can configure the widget to offer two paths:

1. Upload now: Standard flow for customers with a prescription ready
2. Upload later: Customer places the order, which is held in "pending prescription" status. Send automated reminders at 24 hours, 3 days, and 7 days. Cancel the order if no prescription is received within your configured window (typically 14-30 days).

Prescription Requires Manual Review

When the AI confidence falls below your threshold, the prescription goes to manual review. Average manual review time on RxCompliant is 2-4 hours during business hours. The customer receives an email notification that their prescription is being reviewed and another when the decision is made.

Prescription is Expired or Invalid

If the prescription fails verification, the customer receives a clear explanation of what is wrong and what they need to do. Common issues include expired prescriptions, missing NPI numbers, and illegible documents. Your rejection email should include instructions for obtaining a new prescription.

Compliance Monitoring and Reporting

Once your WooCommerce integration is live, use the RxCompliant dashboard to monitor compliance metrics:

• Verification volume: Track how many prescriptions are submitted daily, weekly, and monthly
• Auto-approval rate: The percentage of prescriptions approved automatically (target: 70-85%)
• Manual review queue: Monitor pending reviews and average resolution time
• Rejection reasons: Identify the most common rejection reasons to improve customer guidance
• Audit log: Complete record of every verification decision for regulatory audits

For retailers scaling their operations, tracking these metrics is essential. See our analysis of the cost of non-compliance to understand why investing in proper verification pays for itself.

Troubleshooting Common WooCommerce Integration Issues

Widget Not Appearing

• Verify the product has the prescription-required tag
• Check for JavaScript errors in the browser console
• Ensure your store ID is correct in the embed code
• Confirm your RxCompliant account is active and not in test mode (unless testing)

Add-to-Cart Not Blocking

• Confirm data-block-cart="true" is set in the widget embed code
• Check that no other plugin is interfering with the add-to-cart button state
• Verify the widget JavaScript loads before WooCommerce product scripts

Webhook Not Receiving Callbacks

• Check that your callback URL is publicly accessible (not behind HTTP auth or VPN)
• Verify the webhook secret matches between RxCompliant dashboard and your WordPress configuration
• Check WordPress REST API is enabled and not blocked by a security plugin

Need help with your WooCommerce integration? Our developer documentation has detailed API references, and our support team can assist with custom implementations.

If you run an online store selling prescription medical devices, video content can also boost your conversion rates. Platforms like Byvano help ecommerce stores add shoppable video widgets that showcase products in action, which works especially well for demonstrating medical device setup and usage.

Ready to add prescription verification to your WooCommerce store? Create your free RxCompliant account and follow this tutorial to be up and running in under 30 minutes.