# Updated encryption mode for payment API requests

#### What's new

Backend processing of any online payment in Ecwid store starts with receiving a <mark style="color:blue;">`POST`</mark> request from Ecwid API to your `paymentUrl` endpoint. The incoming request contains an encrypted JSON with the order data.

From now on, the order data is encrypted with the `aes-128-gcm` mechanism instead of `aes-128-cbc`, and the encrypted data is stored in the `enc_data` JSON object instead of the `data`.

{% hint style="warning" %}
**Breaking changes!**

This change will become backwards incompatible in the future. It's best to update payment applications now to ensure they continue working without any issues.&#x20;
{% endhint %}

#### Changes in API

<mark style="color:blue;">`POST`</mark> requests coming to the `paymentUrl` endpoint now have two JSON objects with the order data:

* The new `enc_data` object encrypted with the `aes-128-gcm` mechanism.&#x20;

Documentation now includes parse examples for this method: [Broken mention](broken://spaces/bMnrDOrph8biE23TpY18/pages/LhHI1LK21XqlqOudlTFV)<br>

* Old `data` object that uses `aes-128-cbc` for encryption.&#x20;

{% hint style="danger" %}
The `data` object that uses `aes-128-cbc` encryption will become deprecated in the future.\
You can still find code example using the [Sample payment app](/guides/payments/sample-payment-app.md).
{% endhint %}

#### Documentation links

{% content-ref url="/spaces/bMnrDOrph8biE23TpY18/pages/fkhtJxsOdYxW2SuJGLTJ" %}
[Broken mention](broken://spaces/bMnrDOrph8biE23TpY18/pages/fkhtJxsOdYxW2SuJGLTJ)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ecwid.com/changelog/may-2025/may-16/updated-encryption-mode-for-payment-api-requests.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.