New returnUrl format in payment API with enhanced security
Last updated
Was this helpful?
Last updated
Was this helpful?
Payment API requests' got enhanced security: for every payment request, the returnUrl now has a unique generated hash param.
The returnUrl defines a specific link where your payment app redirects customers after they complete the transaction.
From now on, any payment requests coming from Ecwid API to payment apps contain a new format for the returnUrl.
Format example: https://mystore.com/01234567?clientId=client_id&hash=ABC01234
where:
https://mystore.com/01234567 - base store URL (link to the main store page on the website).
clientId=client_id - app's client_id value.
hash=ABC01234 - hash value unique for every payment request coming to the app.
You must use the specific returnUrl received in the payment request for redirecting customers back to the storefront.
If the app generates returnUrl using some custom logic or tries to use the same returnUrl without the unique hash, customers won't see a purchase confirmation on the "Thank you for order" page which leads to a worse overall UX on the website.
Check if your app works with payment requests and allows customers to pay for the order online.
In the app code, ensure that the returnUrl value for every payment request is saved and later used to redirect customers back to the storefront without any changes to the returnUrl.
Breaking changes! Сhanges listed below may break some apps' logic.