Docs/Merchant Features/Audit Log
```html

Audit Log

The WalletPro audit log records every balance-affecting event in a tamper-evident, HMAC-chained ledger so merchants can trace any wallet transaction back to its origin, detect unauthorized changes, and satisfy compliance or accounting requirements.

Merchant Compliance Security Reporting

Overview

Every operation that modifies a wallet balance, credits, debits, top-ups, refunds, cashback awards, milestone payouts, redemption code applications, admin manual adjustments, and expirations, produces an immutable audit entry. Entries are stored in a dedicated database table (wp_walletpro_audit_log) and linked together with an HMAC chain: each row's hash depends on the hash of the previous row, so any retroactive edit to a record breaks the chain and is detectable.

The audit log is separate from WooCommerce order meta and the standard WordPress activity log. It is the authoritative source of truth for wallet liability reporting and GL reconciliation.

What Gets Recorded

The following event types produce audit entries:

Event Type Trigger Direction
credit_topup Customer completes a wallet top-up checkout Credit
credit_refund Order refund issued to wallet instead of original payment method Credit
credit_cashback Cashback rule fires after order completion Credit
credit_milestone Customer reaches a configured spending milestone Credit
credit_referral Referral reward issued to referrer or referee Credit
credit_gift Admin issues gift credit to a customer Credit
credit_redemption_code Customer applies a redemption code Credit
credit_transfer_in Wallet transfer received from another customer Credit
credit_admin_manual Admin manually credits a wallet from WooCommerce admin Credit
debit_purchase Wallet balance applied toward a WooCommerce order Debit
debit_withdrawal Customer initiates a withdrawal request Debit
debit_transfer_out Wallet transfer sent to another customer Debit
debit_admin_manual Admin manually debits a wallet from WooCommerce admin Debit
debit_expiry Balance expired per the configured expiration policy Debit
step_up_auth Step-up authentication event (pass or fail) on a high-value transaction Meta

How the HMAC Chain Works

When a new audit entry is written, WalletPro computes an HMAC-SHA256 digest over the following fields of that entry:

The key material is derived from the site's AUTH_KEY and SECURE_AUTH_KEY constants defined in wp-config.php, combined with a plugin-specific salt. This means the chain integrity is tied to the WordPress installation, not stored in the database.

⚠️

If you rotate AUTH_KEY or SECURE_AUTH_KEY in wp-config.php, existing chain hashes will no longer verify against the new key material. Run WooCommerce > WalletPro > Audit Log > Re-key Chain immediately after any key rotation to re-sign the chain with the new keys. This operation is logged as a chain_rekey meta event.

Viewing the Audit Log

Full Log (All Wallets)

  1. In your WordPress admin, navigate to WooCommerce > WalletPro > Audit Log.
  2. The table displays all entries across all wallets, sorted by timestamp descending by default.
  3. Use the filter bar at the top to narrow results:
    • User, type a customer name or email to filter to one wallet
    • Event Type, select one or more event type codes from the dropdown
    • Date Range, pick a start and end date; defaults to the last 30 days
    • Direction, filter to Credits, Debits, or Meta events only
    • Order ID, filter entries linked to a specific WooCommerce order
    • Admin User, filter entries where an admin performed the action
  4. Click Apply Filters. The filtered count appears above the table.

Per-Customer Log

  1. Navigate to WooCommerce > Customers and open any customer record.
  2. Click the WalletPro tab.
  3. The Audit History panel shows the last 50 entries for that customer's wallet, with a link to view the full filtered log.

Audit Entry Details

Click the View link on any row to open the entry detail panel. The panel displays:

Field Description
Entry ID Unique integer identifier for this log entry
Event Type Machine-readable event code (e.g., credit_cashback)
Customer Display name, email, and user ID
Amount Credit or debit amount in the wallet's currency
Balance Before Wallet balance immediately before this event
Balance After Wallet balance immediately after this event
Related Object Link to the associated order, redemption code, or transfer record where applicable
Performed By Customer (self-initiated) or the admin user who performed the action
Reason / Note Free-text reason entered by admin for manual adjustments; auto-populated for system events
IP Address IP of the initiating request (customer or admin)
Timestamp UTC timestamp of the event
Entry Hash HMAC-SHA256 digest for this entry
Chain Status Valid or Broken, result of verifying this entry's hash against its predecessor

Chain Integrity Verification

WalletPro can scan the entire audit log and verify every hash in the chain without modifying any data.

From the Admin UI

  1. Navigate to WooCommerce > WalletPro > Audit Log.
  2. Click Verify Chain Integrity in the top-right toolbar.
  3. A background job runs and reports:
    • Total entries scanned
    • Number of valid entries
    • Number of broken entries, with a link to filter the table to only broken rows
  4. Results are saved as a timestamped verification report under WooCommerce > WalletPro > Audit Log > Verification Reports.

Via WP-CLI

# Verify the full chain and output a summary
wp wallet audit verify

# Verify chain for a single user (by user ID or email)
wp wallet audit verify --user=customer@example.com

# Output broken entries as JSON for scripting
wp wallet audit verify --format=json --status=broken

# Run as part of wp wallet doctor (includes chain check)
wp wallet doctor

The wp wallet audit verify command exits with code 0 if all entries are valid, or 1 if any broken entries are found, making it suitable for scheduled monitoring scripts.

ℹ️

A broken chain entry means the stored hash does not match the expected hash computed from the entry's fields. This can happen if a row was edited directly in the database, if wp-config.php keys were rotated without re-keying, or in rare cases due to database corruption. It does not automatically indicate fraud, investigate the specific entries before drawing conclusions.

Exporting the Audit Log

Manual CSV Export

  1. Apply any filters you need (user, date range, event type, etc.).
  2. Click Export CSV. The export respects the active filters, so you can export a single customer's history or a specific date range.
  3. The downloaded file includes all columns visible in the detail panel, plus the entry_hash and chain_status columns for each row.
  4. The filename format is walletpro-audit-YYYY-MM-DD-HHmm.csv.

Scheduled CSV Email

  1. Navigate to WooCommerce > WalletPro > Settings > Reports.
  2. Under Scheduled Audit Log Export, configure:
    • Enable Scheduled Export, checkbox to turn the schedule on or off
    • Frequency, Daily, Weekly (select day), or Monthly (select day of month)
    • Recipient Email Addresses, comma-separated list; defaults to the admin email
    • Include Event Types, optionally restrict the scheduled export to specific event codes
    • Export Period, Last 24 hours, Last 7 days, or Last 30 days; matched to the frequency setting by default
  3. Click Save Changes. The first export runs at the next scheduled window.

Via WP-CLI

# Export all entries from the last 7 days to a file
wp wallet audit export --days=7 --output=/tmp/audit-week.csv

# Export entries for a specific user
wp wallet audit export --user=42 --output=/tmp/user-42-audit.csv

# Export only debit events, output JSON
wp wallet audit export --direction=debit --format=json

# Export a date range
wp wallet audit export \
  --after="2026-01-01" \
  --before="2026-03-31" \
  --output=/tmp/q1-audit.csv

Settings Reference

Audit log settings are found at WooCommerce > WalletPro > Settings > Audit Log.

Setting Default Description
Log Retention Period Unlimited Automatically prune entries older than the selected period (90 days / 1 year / 2 years / Unlimited). Pruning is irreversible.
Log IP Addresses Enabled Store the originating IP address with each entry. Disable if your privacy policy or local law prohibits IP retention.
Log Meta Events Enabled Include non-balance events such as step-up authentication attempts and chain re-key operations.
Show Audit Tab in Customer Profile Enabled Display the WalletPro audit history panel on the WooCommerce customer edit screen.
Require Reason for Manual Adjustments Enabled Force admins to enter a non-empty reason when manually crediting or debiting a wallet. The reason is stored in the audit entry.
Scheduled Export Disabled See Scheduled CSV Email above for configuration details.

REST API Access

The audit log is accessible via the WalletPro REST API for programmatic retrieval and integration with external compliance or BI systems.

List Audit Entries

GET /wp-json/walletpro/v1/audit

Query Parameters

Parameter Type Required Description
user_id integer Optional Filter to a single customer by WordPress user ID
event_type string Optional Comma-separated event type codes (e.g., credit_topup,debit_purchase)
direction string Optional credit, debit, or meta
after string Optional ISO 8601 date-time; return entries at or after this timestamp
before string Optional ISO 8601 date-time; return entries before this timestamp
order_id integer Optional Filter to entries associated with a specific WooCommerce order
chain_status string Optional valid or broken; omit to return all
per_page integer Optional Results per page; max 100, default 20
page integer Optional Page number; default 1

Example Response

{
  "total": 1482,
  "pages": 75,
  "entries": [
    {
      "id": 4821,
      "user_id": 107,
      "event_type": "debit_purchase",
      "direction": "debit",
      "amount": "15.00",
      "currency": "USD",
      "balance_before": "42.50",
      "balance_after": "27.50",
      "related_object_type": "order",
      "related_object_id": 9031,
      "performed_by_user_id": 107,
      "performed_by_role": "customer",
      "reason": null,
      "ip_address": "203.0.113.42",
      "created_at": "2026-06-20T14:33:07Z",
      "entry_hash": "a3f9b2c...",
      "chain_status": "valid"
    }
  ]
}

Get Single Entry

GET /wp-json/walletpro/v1/audit/{id}

Returns the full detail object for a single audit entry, including the entry_hash and chain_status fields.

Trigger Chain Verification

POST /wp-json/walletpro/v1/audit/verify

Enqueues a background chain verification job. Returns a job ID that can be polled via GET /wp-json/walletpro/v1/jobs/{job_id}.

ℹ️

All audit log REST endpoints require authentication with a WordPress user that has the manage_woocommerce capability. They are not accessible to unauthenticated requests or standard customer-level application passwords.

Developer Hooks

You can extend audit log behavior using the following hooks.

Actions

/**
 * Fires after an audit entry is written.
 *
 * @param int   $entry_id   The new entry's ID.
 * @param array $entry_data The full entry data array.
 */
do_action( 'walletpro_audit_entry_created', $entry_id, $entry_data );

/**
 * Fires after a chain verification completes.
 *
 * @param int   $scanned  Total entries scanned.
 * @param int   $broken   Number of broken entries found.
 * @param array $broken_ids  Array of broken entry IDs.
 */
do_action( 'walletpro_audit_chain_verified', $scanned, $broken, $broken_ids );

Filters

/**
 * Filter the data written to an audit entry before it is saved.
 * Use to append custom meta fields to the entry's JSON blob.
 *
 * @param array  $entry_data  Entry data about to be persisted.
 * @param string $event_type  The event type code.
 * @param int    $user_id     The wallet owner's user ID.
 * @return array Modified entry data.
 */
add_filter( 'walletpro_audit_entry_data', function( $entry_data, $event_type, $user_id ) {
    if ( $event_type === 'credit_admin_manual' ) {
        $entry_data['meta']['ticket_id'] = get_user_meta( $user_id, '_support_ticket_id', true );
    }
    return $entry_data;
}, 10, 3 );

/**
 * Filter the columns included in a CSV export.
 *
 * @param array $columns  Associative array of column_key => Column Label.
 * @return array Modified columns array.
 */
add_filter( 'walletpro_audit_export_columns', function( $columns ) {
    $columns['meta.ticket_id'] = 'Support Ticket';
    return $columns;
} );

Retention and Pruning

By default, audit entries are kept indefinitely. If you configure a retention period, WalletPro runs a daily background job (via WordPress cron) that permanently deletes entries older than the threshold. The deletion itself is recorded as a audit_prune meta event containing the count and date range of removed entries.

⚠️

Audit log pruning is irreversible. Before enabling automatic pruning, confirm your retention period satisfies any applicable financial record-keeping requirements for your jurisdiction. Many jurisdictions require transaction records to be kept for at least 5 to 7 years.

To delete entries manually before the scheduled prune runs:

# Prune entries older than 90 days (dry run, shows count only)
wp wallet audit prune --days=90 --dry-run

# Execute the prune
wp wallet audit prune --days=90
```