Updated encryption mode for payment API requests

What's new

Backend processing of any online payment in Ecwid store starts with receiving a POST request from Ecwid API to your paymentUrl endpoint. The incoming request contains an encrypted JSON with the order data.

From now on, the order data is encrypted with the aes-128-gcm mechanism instead of aes-128-cbc, and the encrypted data is stored in the enc_data JSON object instead of the data.

Breaking changes!

This change will become backwards incompatible in the future. It's best to update payment applications now to ensure they continue working without any issues.

Changes in API

POST requests coming to the paymentUrl endpoint now have two JSON objects with the order data:

The new enc_data object encrypted with the aes-128-gcm mechanism.

Documentation now includes parse examples for this method:

Old data object that uses aes-128-cbc for encryption.

The data object that uses aes-128-cbc encryption will become deprecated in the future. You can still find code example using the Sample payment app.

Documentation links

Last updated 1 month ago

Was this helpful?