Klarna Checkout - Callbacks
During a purchase with an embedded checkout solution like Klarna Checkout, there are a number of http requests back and forth to keep WooCommerce and Klarna in sync. It's important that these requests can be executed without being blocked, otherwise the customer will not be able to create an order in WooCommerce.
Requirements for getting callbacks to work
- The website needs to have a publicly queryable URL (use a service like ngrok.com if you want to use KCO in a local development environment).
- The website needs to have https configured correctly (not only in checkout, but for the entire website).
- Pretty permalinks must be enabled in your WordPress installation.
- Multilingual plugins must not alter the URL structure for WooCommerce API Callbacks (e.g. change http://yoursite.com/wc-api/CALLBACK/ to http://yoursite.com/en/wc-api/CALLBACK/).
Be aware of firewalls and security plugins
Even if you fulfill all of the requirements mentioned above, you might still experience issues. If you have a firewall solution or a security plugin installed those could block access to the WC-API endpoints and by that making the callbacks to fail.
We recommend (if possible) to whitelist:
https://domain.topdomain/wc-api/*
But if you want to specify what urls to whitelist you can use these:
https://domain.topdomain/wc-api/KCO_WC_Push/*
https://domain.topdomain/wc-api/KCO_WC_Notification/*
https://domain.topdomain/wc-api/KCO_WC_Shipping_Option_Update/*
This example is from a Cloudflare account: 
Retrieve more info in Klarna Merchant Portal
To troubleshoot this you have the possibility to look closer in the logs that are available in your Klarna Merchant Portal. Here is a screenshot displaying the response from a validation callback, where the request is blocked (with a 503 HTTP response) by the security plugin Wordfence:
Another common response header if the request is being blocked by a security/firewall application is 403 (forbidden). See a list of http status codes here.