Step 1. Decode and parse payment request from Ecwid

When a customer proceeds to payment from the Ecwid checkout, Ecwid API sends a unique payment request to the endpoint of an app assigned to the chosen payment method.

After receiving a new payment request from Ecwid on your paymentUrl endpoint, the first step is to decode and parse it. All payment requests are encoded and contain all the order data, which is essential for further steps.

What happens on the storefront

Upon clicking the “Go to Payment” button, a customer is redirected to your app paymentUrl. For now, you can’t do anything with the storefront, so we recommend showing a loading placeholder until further steps.

What happens on the backend

The paymentUrl endpoint of your app receives a POST request with encoded data in the request body.

Encoded request example

<form action="https://mycoolapp.com/integration" method="POST" accept-charset='utf-8'>
<input type='hidden' name='data' value='UMhJd9tXqUPchsvgzb7w2zpheysaEpZH6Ia7lwgSl0jOoQFcq8QlrMCjEfNcf-j0SW-WEvmmsIfBquI0a2VsqgsIIfY_hJ7fyUqOKRkrgsTfXt2U8QXKPMfWVDaDGlLtxnVfklOcmX3qfswRf6VL20dbibUGFaWUl62k-_uL6zJAAzRnbM_c63Etx3wgdN2B3S0Hz6Ps1shROVCmpAT9lNBQw2g0ER1xzur8rBCNAfc7ajvAjj5h8tfCxL7LloAjWzEYH795R88vwuDRCrwGJNzNQFkL78wNu3H45K_6nKAG-Q1bHWYn2YoyIchO94HOaoPN2EDzDURGeNSz6n_377ZoAyS5Rb3ofJ09KJ2pbA-UieTmEWylQVeFaaNiRJnj3YNzBi1pKkQ1_RIva0RHTXrGemjg8Yj_HPrUfsg6rhfiV45-0eew63t1x6Fw7J18eE-DmjU3JUa5Dgp03gchxo4Wy4N9ukqevHut8isLMdiBabyYDlf7szawAW5xL5MAxHr2u8tUlTWeqlZYetvZQ2oZH2wwhXYcqZV_L_nejv2vaO85bAAnLBfKP_XR7D9VGQxL1u1uAv5Rqusr1SMgQfTrUyWLhaH53gLZRfuc24pszoKS18q5fcSEXgSsteRB5vRtm4o7RiEcb9rLoHCz1DDBfIy5LOUDfwQf6igHMY699tUPl-QPxb8f5dtkf5MLtlaBvTWWZMXs0LatbNGADSAc168M7Mc1LsTstRMzSyBsLVr21TS6GAwYmQtIr7B5u0gcDhF9XoDWDetokHCZyR8M8aU1w8Xg4rIF5UuqubyKyLkEc7hTp8R-V_k3PUALT_Yc4lpvM2wFBiiDjj9riuHwyHHvnfP12GlxFJw1RRmfQYHqevSHFzL51KESP2q7jmjgzG0pRxe0NITe29YvAHQioNnjGgQCvr3aRlpbW0TCaw3XrPI3o09BwOt09Bh1d4n8Zpmj2rxiOdjyABRrSPYt3cBc6uPUKE_0x72mmWhbDYZ4H5czUFLF0xJRpN2p63mUzyql0RCBNOYKeB7kUIuymu4yxAzWD6aa-b0R_yqKHJJB0Hjcljl_VeWaDx7U4K7Simqi91NvlO61NLmlybfgCxu_21j0u2beD1kCNuP9CuTwP0muEAUz_o9hZC3m-EePaw5LHQv9qvY0qJcgtKB0mJlZebQQMKTAJ0TGgxVhoof7I2qEfjJW0FqSy27ItSUkobasQFeLDWKOe4fgeIx4hdnxGnfQJizZAQ5LOso9Dxrwoqq_smwq_18N0xnrQ-yqUWpZ5F87_61IuHLOcSOx7bnqIgWzKEEGjxlXKLHTcCzQpwMdblELpSa_hfNwFWCzvRnulB-Ef2IDFtTWQL3KdhWrFAu2OQ-YT297LCo7_E5Wx7srqVbx5xd_3JTpxuUr3E32TXYYYSD_iMUWrB9A9m48f9cbJv9vXUUlwQL1T4n-c1ZRaF8XnF5oAjj-asHbY85CIVoT7EvqxbqFEc1c3Rk8iyVDC87wfA3q87RiG35F0WDSJn4nMfntkb855AqoOevqxiXfRaAhehHxKs3LCWjGr4uhBJCFo3yqV4Lr6Qy2hVEpZj6WlfiWIJzkzmIycjFlccZhGoBw6BgUI1sPum44b7tcGT9HCSdhLFm_Ju_UnvpkkyAuBvUvr3-vq-XDs0IVAcdZBo2kQbuqWywJ0FO3N-wq0zsS_mTnYmw0NQyQMhPs8Yi0skD_qoUFoaYhfQzbPoZr3ZCdJDoVgUhP-8LSrmp2uqcEoUkGbtazY58lcBvfygqHrfJIw9NgHfemV4KX1zcLWOl_g-MCKGPZIO0DQA8Buj93AN9C9JFdRQ2FOGOC4wAGqFb1ZAPLaJaXwq20g682FarJxui2UJWso3KkYuy2WGl9Z0Kgb3SHf_ECpQqgtYN2OQrTVrBHRw61oTQDXoaIMaris2Q_WK9Wryx9XotL4UUUEl1j6oEjTPPzxjtpDTHLFDtJlNh4QMmExsiaOxQYHn6LlEljewsLn4j458bG5se-f1dDJAT9gh0V4ShMUSaegp-d6qfLzTl22C2QMO0HjwqVHE_f3bDtyfy5uCXG2L2Nhq_x4CtJ4CSBkzBJ9_OlX9AhyLT-5tRkRqujLGM6LsMz9k4RymA3r62DyzpXG761j5q6or0DN09KmC_-ZbhM4qMB9GC8SSOMX82b5iay3kgZLpTe8D3s9YQU_w7fzHd1NwyO1-BzUEjnD7JC9_6ClG4pRVQcp096dysbH-6prIFBp43eUaaPrqbqn3XvU1u0WLjZIVyDu5n4-d7dfgaZx2YUaEr8-BaO377kosWWYposqndmDPbpEVleqs4mdKA40MQydP7jZKiqKTBe4Obtg8STOSEUODw6f6VCjpMkvMyEBlfy-vfWYKx0yYYoZfGmjtLGKVGwPfQ0dZ95rEgl2-z216wvAoxY7gwD2Sx8XxPSyur2B8Shwf1w2UiQlx67jre3afwu_tT-Qkct2b375HTfGDExoZLmoUgn0-b2j7uXQxiDxQdwLmUa11YPENa-kdiIrr1gXjVlusHcYK0UC-9_tb-Mvau9sEtBxaicGjnDqYOlonrI_XofDBqF9Bn2F70ziWbNg9qT-pzK0_7MYFwBAowXM9Ls9ADqvTIItfbFNZq6Ana-k8e1MRZvao6PWQDCU0n0kGiHi_sOj_RSxI2KmLPIWQ33vdVcD6BqaQXV_JTc-siVnrrk_1vbNsgLyQ0RhLkTLcqxhEmsCNbTKXE7ByHaXB8056ZZCzPrMzUX1kPj0h7x2i5bioYgkOBeftZpTDPPexPVg3U6aNMKcX4TYAp4csPD-0eCUaBjnLB2uOrQi4mzIYXa96ZlQCxCjObqYOUnIEVgn23xQPFdF9nB9LMx9hbkPOCtN5nsNRJKEvAUH8wDUPbCYXzsa1YLB9oRid6m_sZvZXBwDnBnjA1vfJoQaQm6w4Wn15zrThJcQ1vgKDFQJnfc_GPlUoTrBp8aEhawwdqYMG-4_0XwKSs0wiGhf2QLyZ_RDGjAKv9AWcIswEj6XW7m9Gpk65fZpIbodbmGYBqdBtFJwnGnDZzcat4Y9Uh9hC_32nwpatZTcs1RDxB5NUTGROAHqFDhT-LLlE-mI_IfOF40bvFg1JxFD4WLhvpFIa8RDrFQ538AsbKZGdSukvYpQAbrQ69jdlJFK7J8yGlVA1atDNYj64HPxzPHenQ04WY50eKW8-8hh4KBFweLqq8FRNitBzqL19jM-3vLyqE2GQoIXj9k3YkWO3t3FgHHYhQM-WX5QJa-cHvxCmWic3M6nrQs2-GGiJdBvu7JXF5Q6oFSWXd1ganas8XhpP_d5GwBWfC_Qp7wvCHs0fmJ6xDb6WlDQQIqrvCYCcHWrKyBgxJCFfpXMf9ET3PgYHNHicmbRmrscYtcq1qprecg05REAzq-sol3C_3-wVjAnp0axtttNQuYsKSm1bLT1u1-5coW33wdYq0h8qvlQkp_oWc_ubLFJSiEfcWqI3nHMANAsSElbeV2xgJcpVLezUVhGfOjbENEDRPVsXkLwUZoscZrXi_HXE6WGDHiw2dDgV9nasoPxgn9t2yTDpkMbywYE3cnPKp6RygLqoW3YpbV2oMXtr1fPPH16x2RWK9SuFfRpt7EjX7VcKkdBOon1InNeMSPe1W_F5iLGRGFki5ZnRd1CmZS8u114vp7bnzBoBcQNnXCmZ3nxYg-deRzc16SmuhpGA9sdwG14hAskRtCvPSYU_loLZO57tw0IAPK2MoSctebkt0Oc5H6aBP7aR4RYsMILfK6tm6u2rELNENZR6rGeszefZfQJuftu0O1TvMzmo_ki82KTTp_PXMzUL91Ief70tJbMn1ZMRPmJdCfq0QnVwzbxocT7Ij0hj3wy7Opx1fxh65NtSj2MU85A7xRhI3LkfL3yIb-4oEsZTrGZMjf6-H9raJQpbIB1W6ClfPxjZXET79NnoWTuojjfF1LFTiMeU6bCr3LzyE3WDjgtCOLZ3c2hyhV9yPZDntAcIQJVD6Q9BzyhS-FzUxsIhJKRoZvT3dNwNKgQthp5pszRdMvN8sLS8cjiHaCxyZDoESCRATSmpxq-DNp9hFWyoWRfMcUYvHcCsM5Qe-4a5VumaKKJvFjm9byx0ECobGjiYM0hHNI_s9Uy8C_JNbWNvs1JXejxJn5buTHI5P-qzhRWkuTg5CrdoJ9GmoMqLTu3HCuX7ClgmsS3qJxj_vdH5ffnwHnHFdjh8pltIwGH_wShlGBWV1yl7unqKldJOLf84btlpRZ16P7lPXO1py9FqO6ZbviMF8VNmXcXYZcnBNjyN3YQO_7EEB9INgG_ZwScWVqIyfDG6OeX5W4qRU0QlYcCK3bWMaIyqsgI2BzGzX9XyC-N4UvGJ_dI80jBhaOiWfTZIyVnvIdMur0GDgiCiGLxQkzmdbK7yVUozZWnjoBg5rfPvMI5PKHgSX0Vw862teClg6sDjc1DOKzC1khe6-8WIRQ0XjfFYncMozDx8mKSKq7LY1ZH3aJq-0e-03NQMljj2V_XqEaRjkc-GMMEOIcYmLYqrdA43nOcLFWpajxJ2XagXoPXhc8WyWhL-5FbFXwu8UaJOUxIaSP69eiumobI6Nz07hFDvbxOFqgU3YmdnIvor-ftISXsGQe1jZR2HSa6D7nsLBVHCvHZCLI4izCCRb-aNP_FxT4tchDYU1aBOLb03UuMjSo6Q1XRJym5LX3QmQwHzQH-I-Fjmeb7G5NrLx7QhS-fiEq_dZUXek6tTUPNMgZF9BTHqpqzoT9nJt8oYxLPIAY0EwbpwxY-JEc2fDFH6ggYUsO-2YLCiP30dBj_zwZcGfW8Un-LfiUGLiHqZxxfSD_h0UyYFcqY2DEiu4omDRhuaEhzj9HzAaAw9BAX7nQbYCc_HVI5ZynLcmVp8ccWlI7iPF-TeM1y_Hpucm7EUgSEut55KxWjYnFyuGKM5cGz_uYGryzMgPIA_6D4EruhgWz4XU7pRfkMLZ6O9H4nerYm9t6DwSo3ihkH_xt4z4eLPHsDWWqQjdGzvC9ynoFpdZRHxMpCz9Q3PEfzwKu6EXxWK3wrix0eO2Tss30LDBUvTIyRHbrl_gFQZhdSHATQR73pBB_f4SBxi8y5wonfmFxfmhbEAl59nXE8ceGug8jlLZh_hPcI6ToVTuEOjqLyANDFjqhKSezZrqZGmwqeN0KvrAX3yszIrGw6cERfIMGeIt7srXhCPnafD04rfsH5npvsXXfrT3FNi50jzmnpDD0ZT9qW__cnpAgYegCfc-ZNIIauz2HRQMJ94Ex_6Q5XTKomjpWw-0M'/>
<input type='hidden' name='enc_data' value='pKLotjKsnRaGoJ2fPdnQ_9XkmENVF8dx0AC-0RLl7hrRTwvPCEkgFqlzEFcvX6pCaPLSL4jnIE_DpVXfiaf5GV92TsyRFLtmG1GSJ2rL2x4_sfdTrE0gW5uCwxKbShZUccuJxLjKSfGYxvPrH095nadtObRsQ8CE-pk-Zrc4FLklinUrzVgqUUbOsgg42K1QiflcpJgFJsT7hYaS7FUFTbldLy7Hg5nM-a0srl5pgUauaeNSlSF0gFCBVdvAOU-pTc1z9uq-CQ2wxQPeQj7zEwbjhgcAC8_KCflZpzS-ygSY7exz8i3GGvoxigApchbPUFf5cT6DdVUn2E8R71hsJDjlJ6fM9AcaYlZ3iLHc1JaAqjz42fJ5w5REo7cNhTO0Ul_8bmpFp-IQ6w-vnRLZkYSsYjDtwp_pB2sMnk9Slil1__TaEdz8hxQD2cbC6FsoJWLj_9hnzgVacS-fgGD5Lj1-NXZTjViPAZ1mkhT8yU8QLgIdsBxgMYrYoNcWUV32_k6EktYtRvoNIvOt2-ldRN8bCK690mcyGORmQbb1tRKh3G_mD9DOxyZ6Q3kZaAO3XD4WNl6UbIV7MEzMqLSQrHTiUl5tUjpK0JI-Ie97OcPmXwbNSYf9BBCUFZZnBZYVQAO8kruUgY8SD3pi9JVj09We-_jCRPblNIXFUQeHdArvn3QY_qcDQzC3L2CaQ1BU2fMDNXgvt1yY4oplST2_Y-keYkWxOaz80i8MuLke7qegnPfv5V4EOGcgSb6aasFCL6aC0MjRxlf1lCUKAHWj4aAlOSjKEM350b4B-Ls1HfZ0tu82VLX3BOYNFHLUCiTh4Ol0foeAUuzv5w_uk3NOw96_zPdoOqLAtPH8UY7gbSpxLsSYPJiv2NKYBIZJKP3v9uHii-jFd_aZA54SY2KeucPWdvPY1k_jdsMm8aoqV6kog9X7I3R_4WqrPqHJN-0esPjGtmUUDyQRg3N2JmXpciLEFMvf5ftFvSAv7IVPqatk9y92HNfiYksdr7DkYBfUlifi4Ry6vBlFGLy3HN__U3Oloz5pVuImJURGYbKwvGfSKUt9RCJDP4AADQ8VJ14Rue8g02GNkvod_7lYPUKapApdq3_VFcrLQnUnIQ4pXk-kcmwQLiB_kW-nymh8wGH0MRaCV0fJMW2EUMDzgFj3MLrdLVbFtfuDSlt0ISHahyurGKw787nKEi3rfnKrsBtWpsC_QeleseyrERrOFlNQfr5qF2y2VJ58gvvxGxkXZL8G6cdTm-EKERDV8L2DhGShtHkE-91FPuzJlQHd3Gj7AP4gBUK5-Tlp_xwLch6SadOwipuRPg-Il-w6HjjFjPS7afpAX9IUfXacBR1_7tmpkfnUiYjJRhOJUnwvL5BOytkvfbCEMbRa93HwQuSq9Sa2S2FWfOmRwKhRXVyN0lDbHoG3OBdjMkfqJSrGX9eh3OqFFwVrg9ogKKfAHy6AHoaJtbpbWXLOopTcbAKZ54cweW9Zks2LYhleJD5wA32BVyv0hnkPIyixuUHJ2RtOetkXQk5tUEMNjtyTro2fmrCDdx1s-erbg1RYZUQG2BCviusIR3jbsk1_QSknlLY4i0y02dgtDJMrXERq6cKtOQKifxrMOTo-0K2oTOymTHo970pJ0b6b4clBd8XveSBi0r_Urb7jz94HSCvXU1tPVL0aKOifVFl_RxV2FW-DZl1FTWb8Rc6m-MxSyvLOSUauyxWRX-hSJgv20mJstjA8IQ2Kl8A069LQY092fZOq9kATQSPN7iEK9oahhEPDe0qjdASklEVimF-QfLmKn-LsQ7h6mBx9-4n-uuM-JeHrykbJ6vslZwXfjf1fVl-M-iSt8lXY2P4riOgjC3rdpeFN_zQ_W81BSCp6hY01trIw731e2ta2sfMEuMFVaOD6ana8GvTSf1sxyjjinKynMsHO82a67P1aWyb4LtBFdNKf8_-B0-zvKkQmiio2HLVxnGhNwdykV-nm7Va28B8KolP3EhC9FMM75ElEgDfYzwYbvRHypzrVMiHSkUXloZc78EWwttkk0GB2BQyMBGhCtmhj9domur3YbsB9Wy-vn2-HOcAPxIr2J2kAs72HbB3_WIgg5RsHfLoEHli-lffEPXqYiKHXhqh1-vD_3DM9bbBTABDO4xPSZ-H7-XMgJGNhlJw75oVHshB_Uyw1tH6c6dSJangRq80spbxBSXbvyXG3mXpQ5v0Fbj14mJ2TX82c56DwGhHzW1RmRCNw7od4QhJPMLFlPGAibpk09qC7L268ABaaG8wiuDG1YMkVxk272zJmY1E3XpughQBJ_k0j9gICyZzu3RXI10_OCUZ5jfqup1jLAPvpUsP06L9XNdYayKMDh9BqxYU1_OGRikgSSolZwNoZ6uUd_Ez2zf4QuC0hYBE3SthcaAd9sCIJPLQ_Am45L9SPf0T4bpSaQnZAEkK1Jb2pbc_6RMTQXS5ZzkRqOQ5nt0sumcy8TeHILTJMMrCoYog89jqwl-TPlMZzb90UdwKpq5oBVDjRbKpM2bqHox14zJc8sgwU79gXiy6prXvXESGP5UTh_YUoNPF59ejShcfQtA3W-JV11Eg2ypaMhEgFYEKOFnZume30_FRmcwOYHFjrNNR_PEj6cP4BywsbPo7bpmDlPVyNp9A0uMDEiKYRYjhIQlIVQow8CacVt8LU4sHaFPqgG59xnqE8oj3425FjiSnryQWnBl_5QqgEonawCPDxrF4bCyM_vSZtHTH0iwwuyll7kpsH8M4zK3tQIAal_7HkvBWCTAZQOr0Hg_ZN1dxUMLDqiPt4rFxP5WUh3BibCxHcu_t-jLj2wv0IjQFW_TIntuoUJoMAnU2N3kuWxO8WvPhgEj3o9IjOwY5Mv2WsQwDS4uZROMzOAcWdFB3q84aNWIjmPLStugvAnsgHlsV6BZ4uBz8v3gY567tmiIZGWBstyAxDiHWPYvmZQwSJc77kHye_6768vx54a90B588o4fynz3_9w_3rNtGEwT3jPkb1D3ribb33NLGoUDP_AC9_yH47L7oQLUc2D_UXN6gNSLzr7AOV72-wKloCZCA5yx5ej9FfhpFveK92bSYdmnrWYUJ30HuE9YjOzcVCpow3OceUv99t7nW42a2cZoOqjPtiETNPi-iTbksFEzjOAY8Vy_44ye9Izk68CHQmT-YjmCY1TMbx8UHMBEbPU3fe8QqwltNv5PunTkZq2KGCAhSaXIJG65VDbyPAn7hAVGs3Bb8Im2fmw6VlTS__9RmacPJLecczl11pV39fgNqDpn9pHAcMqpulLY5yLvA6BJGJ7F0YdSEMoVQZ0OVHGBUIK6s4vHLCbWZliO5xaWFhElaJT0kK2K4HZWtU_Kjb5_s94pBQiqIGm-RCSnMDouu6a_mQpawnykYjlkU23cLv7uelPn5g4UWSz27Zgdx3sRVe29mtwPM0OIiccmHPgqG3TfYkZggLRGMymy6_-8_RLXM4n76WaBnjxygiQ7CloksaLvCus_x1LyPn4Iw5yax0t3Bsvl8iGu4Hc2v4CgQqf7XGv1Bc7PQKmYf9Om7YL8GAlcWVCIwreCLu4mYY4cKfLiXkzEZy4HhNivqbYh8RgK073UxbWYdjFqyj7FGYerKofdg4G1a3_wEPPq8Esapv-E45SxWaGtjkZEErJDWrkFZmyOlJAtxypVulpQipCqsC4K2QJPVZUtOBpJ5ygs_pf0L57PCQRE5BOiGrMd1zAz6vTq223bfyNroat333xyUOZPMz5ZVccUacMMW4UXOL1jzEHs-dJnkG9I-LIXBk-lhjQUPnbE68ILE86XHpdOCBFRqNyzEpmOWYEjhPWf9xUpJNpn2XQJ1Dhc6Zs5GrQdNFy4lX8tq0rFl_s7Uvdorf5pP4tKSQG3kRANnB4gzi6VCnHPyUxwRkU4nh2p1xj2dJp0VHNEsz_51OJdPuIM8689plb6n-6ML_x4IBJbsboOjUdwnC_jN0BP0wdhTCBKiO6AaeYIceTeW3Cq7UvlfEStRyYNQcdHgfIjPJPdDfdxaEsTD8lKFLzKHVUSuQx4CiB3jXrgsXG33wCufRCIQLsPPSxy4R6pSMFTDQKa9li_mp-iF5aw_hVM68B0QVgIwCYi_Z7I93ExkBfe6evFX6OZW7vnNZ6HXz0olE-vFD6RCiCuCmDpPx8iO0EdA6Mz1UFrCS6aZxGlFO8-9H83qSEl4VtiCkO2p4vX9Ks-9NSAuoieTpDPvWTvcALVI-xv6g8YLfWylz7CPMEzSBsb7eH96PTzH5B4UD1qvHf22mkuHufeTkKWKLg-loUpFwNp7bm9iJnbFZZpY4wXqqpBIQ3ZpTv0B97rJHvN_KW4b6aD9seUK7ApyjeA_vIOK2AHfhwfkNETDYN116cg2Rr81Gv8FsjrRkdk4A0-N4AVmnA5HDVz_Tq3QNPfUYv2sP1SO_84XJ-38H1PylA5O61nlbSNSGQLVleQFLZDcoXTTVkzm-W13gEKfdlczgCto6P4QxOMoOre7LwdBfPqq6gOL-2P9ypShGcwZqV3tS9uJEUHU0GRaeoI3STmRMm-kNOAjfYCI3vpPWsQhNKKHy4A-mX8lyq6_97kXn9roapgzEqYIVdOdxq8aZ8DZok7kaNfHUAJEivQQRxCOFAPJASlImybHW7d0YYMotO1eQjhs3AaUPOYpBDhxz1-MOftoyHc1jAvb8GcoBEc72D-LPSoUsO0xzHcXwHqwOD-GPFqLLY3AnoH-MdGAlnej2GY4jw5McqBs8KgeW2JdYdMgpsTygdeRjLkT5Z3mI51CUfq1FSqHBtom0XgQ9-Ix7KaHFv5PN484jXNB8lGwBQAXM0d3nQPEicsHlaApW8JbvByA1gN1uwTHeO6gV8UEVWe051cDqzsKcuCXHTaubPpqd-r9DMiQgN2zFoQ__b0owAXfaGsAxoTGKgGxM9hxQKqWMBaUUDakSn6qdjgu2VfQCmjQCSEwsQTG4quTmEFORJ9pwIm0we2L7pUSIrwoXi2h8cWJ5Q3sPcTT6lOSvf1dIvr7TFOW-5rX2qQO4b9OUwQAYgXhXR788S_mD-BPBxaBn3HwTiI8Zu-OZOZpl881rTQqt8EKbsYDMak1_Lap07KnzZ8ynekoE7UTjysJpJc4yfFWoqZSzgrlCHNvyj7BI4UfTcl3l5snc-45uC0b3mlP4LyGROuiR8RdOGAggibv8cMhPKBWlkroefdoRSufDybWF-A64pq5D9AQmHb0dyTDhv9oGVqhRCn8sZ1NXRN3e_VTcpWK6pxQKZawd5K6HKI7Av-2g5i0NgTn-vfd7BIx9VpLPZM0EM4zJ'>
</form>

The initial request with the order data coming to your paymentUrl is encrypted with an AES-128 mechanism in GCM mode (aes-128-gcm). The key for decoding is the first 16 characters of your app’s unique and unchangeable client_secret. Get your clent_secret value from the app dashboard page.

After decoding, you can access order details in the enc_data JSON object.

Request decoding examples in PHP and NodeJS:

<?php
function getEcwidPayload($app_secret_key, $data) {
  // Get the encryption key (16 first bytes of the app's client_secret key)
  $encryption_key = substr($app_secret_key, 0, 16);

  // Decrypt payload
  $json_data = aes_128_decrypt($encryption_key, $data);

  // Decode json
  $json_decoded = json_decode($json_data, true);
  return $json_decoded;
}

function aes_128_decrypt($key, $data) {
  // Ecwid sends data in url-safe base64. Convert the raw data to the original base64 first
  $base64_original = str_replace(array('-', '_'), array('+', '/'), $data);

  // Get binary data
  $decoded = base64_decode($base64_original);

  echo "<div>decoded: $decoded</div>";

  // Initialization vector is the first 16 bytes of the received data
  $iv = substr($decoded, 0, 16);

  // Tag is the last 16 bytes of the received data
  $tag = substr($decoded, -16);

  // The payload itself is the rest of the received data
  $payload = substr($decoded, 16, -16);

  // Decrypt raw binary payload
  $json = openssl_decrypt($payload, "aes-128-gcm", $key, true, $iv, $tag);

  return $json;
}

// Get payload from the POST and process it
$ecwid_payload = $_POST['enc_data'];
$client_secret = "QKJkxLNKSu22POC5UzxTBMoUQolefDPs"; // App's client_secret

// The resulting JSON array will be in $result variable
$result = getEcwidPayload($client_secret, $ecwid_payload);
?>

var crypto = require("crypto");
var EncryptionHelper = (function () {
    function decryptText(cipher_alg, key, text, encoding) {
        const bText = Buffer.from(text, encoding);
        const iv = bText.subarray(0, 16);
        const tag = bText.subarray(-16)
        const payload = bText.subarray(16, -16);
        const decipher = crypto.createDecipheriv(cipherAlg, key, iv);
        decipher.setAuthTag(tag);
        return Buffer.concat([
            decipher.update(payload),
            decipher.final()
        ]);
    }
    return {
        decryptText: decryptText
    };
})();
module.exports = EncryptionHelper;

let client_secret = 'QKJkxLNKSu22POC5UzxTBMoUQolefDPs'; // App's client_secret
let data = req.body.enc_data;
let encryption_key = client_secret.substr(0, 16);
var originalBase64 = data.replace(/-/g, "+").replace(/_/g, "/");
var decrypted = EncryptionHelper.decryptText("aes-128-gcm", encryption_key, originalBase64, "base64");
var payloadObject = JSON.parse(decrypted);

If you are using C# language, create additional padding to make the payload a multiple of 4:

base64 = base64.PadRight(base64.Length + (4 - (base64.Length % 4)), '=');

Decoded request example

{
  storeId: 42722912,
  returnUrl: 'https://app.ecwid.com/custompaymentapps/42722912?orderId=5***6&clientId=custom-app-***-2&timestamp=1752226448902&key=4***a',
  merchantAppSettings: {},
  cart: {
    currency: 'USD',
    order: {
      id: 'Q7WML',
      orderNumber: 5***6,
      vendorOrderNumber: 'Q7WML',
      email: '[email protected]',
      ipAddress: '188.169.99.36',
      hidden: false,
      createDate: '2025-07-11 09:33:40 +0000',
      createTimestamp: 1752226420,
      updateDate: '2025-07-11 09:34:08 +0000',
      updateTimestamp: 1752226448,
      refererUrl: 'https://milterstore.company.site/products/',
      globalReferer: 'https://milterstore.company.site/',
      additionalInfo: {
        ga4_client_id: '1987434357.1751162187',
        ga4_session_id: '1752226323',
        google_customer_id: '1987434357.1751162187'
      },
      extraFields: {
        ecwid_order_delivery_time_display_format: 'DATETIME',
        ecwid_order_delivery_time_interval_end: '2025-07-30 22:30:00 +0000',
        ecwid_order_delivery_time_interval_start: '2025-07-30 22:00:00 +0000',
        wdzklbo: '16:00 - 16:30'
      },
      orderExtraFields: [
        {
          customerInputType: 'DATETIME',
          title: '',
          id: 'ecwid_order_delivery_time_interval_end',
          value: '2025-07-30 22:30:00 +0000',
          orderDetailsDisplaySection: '',
          orderBy: '0'
        },
        {
          customerInputType: 'TEXT',
          title: '',
          id: 'ecwid_order_delivery_time_display_format',
          value: 'DATETIME',
          orderDetailsDisplaySection: '',
          orderBy: '0'
        },
        {
          customerInputType: 'SELECT',
          title: 'Time selection',
          id: 'wdzklbo',
          value: '16:00 - 16:30',
          orderDetailsDisplaySection: 'shipping_info',
          orderBy: '1'
        },
        {
          customerInputType: 'DATETIME',
          title: 'Delivery date and time',
          id: 'ecwid_order_delivery_time_interval_start',
          value: '2025-07-30 22:00:00 +0000',
          orderDetailsDisplaySection: 'shipping_info',
          orderBy: '2'
        }
      ],
      orderComments: '',
      fulfillmentStatus: 'AWAITING_PROCESSING',
      externalFulfillment: false,
      paymentStatus: 'INCOMPLETE',
      paymentMethod: 'Test Payment Method',
      paymentModule: 'CUSTOM_PAYMENT_APP-custom-app-***-2',
      paymentParams: {},
      referenceTransactionId: 'transaction_571937036',
      ticket: 2062523945,
      acceptMarketing: false,
      giftCardRedemption: 0,
      totalBeforeGiftCardRedemption: 265.3,
      giftCardDoubleSpending: false,
      total: 265.3,
      totalWithoutTax: 236.87,
      subtotal: 240.3,
      subtotalWithoutTax: 214.55,
      usdTotal: 265.3,
      tax: 28.43,
      customerTaxExempt: false,
      customerTaxId: '',
      customerTaxIdValid: false,
      reversedTaxApplied: false,
      couponDiscount: 0,
      volumeDiscount: 0,
      membershipBasedDiscount: 0,
      totalAndMembershipBasedDiscount: 0,
      discount: 0,
      discountInfo: [],
      items: [
        {
          id: 2034647007,
          productId: 591363296,
          categoryId: 0,
          price: 80.1,
          productPrice: 80.1,
          isCustomerSetPrice: false,
          priceWithoutTax: 71.52,
          shipping: 25,
          tax: 28.43,
          fixedShippingRate: 0,
          sku: '00010',
          name: 'testProduct91',
          nameTranslated: { de: '', en: 'testProduct91' },
          shortDescription: '',
          shortDescriptionTranslated: { de: '', en: '' },
          quantity: 3,
          quantityInStock: 31,
          weight: 0,
          imageUrl: 'https://d2j6dbq0eux0bg.cloudfront.net/images/42722912/4082575898.png',
          smallThumbnailUrl: 'https://d2j6dbq0eux0bg.cloudfront.net/images/42722912/4082575900.png',
          hdThumbnailUrl: 'https://d2j6dbq0eux0bg.cloudfront.net/images/42722912/4082575901.png',
          isShippingRequired: true,
          trackQuantity: true,
          fixedShippingRateOnly: false,
          digital: false,
          productAvailable: true,
          couponApplied: false,
          giftCard: false,
          selectedOptions: [
            {
              name: 'Color',
              nameTranslated: { de: 'Farbe', en: 'Color' },
              type: 'SWATCH_CHOICE',
              value: 'Red',
              valueTranslated: { de: '', en: 'Red' },
              valuesArray: [ 'Red' ],
              selections: [
                {
                  selectionTitle: 'Red',
                  selectionModifier: 0,
                  selectionModifierType: 'ABSOLUTE'
                }
              ]
            }
          ],
          taxable: true,
          taxes: [
            {
              name: 'test tax',
              value: 12,
              total: 28.43,
              taxOnDiscountedSubtotal: 25.75,
              taxOnShipping: 2.68,
              includeInPrice: true
            }
          ],
          dimensions: { length: 0, width: 0, height: 0 },
          discountsAllowed: true
        }
      ],
      shippingPerson: {
        name: 'First Last',
        firstName: 'First',
        lastName: 'Last',
        companyName: 'Test',
        street: 'Example st.',
        city: 'San Diego',
        countryCode: 'US',
        countryName: 'United States',
        postalCode: '92007',
        stateOrProvinceCode: 'CA',
        stateOrProvinceName: 'California',
        phone: '0123456789'
      },
      shippingOption: {
        shippingMethodName: 'Local delivery – TEST 20',
        shippingRate: 25,
        shippingRateWithoutTax: 22.32,
        isPickup: false,
        fulfillmentType: 'DELIVERY'
      },
      taxesOnShipping: [ { name: 'test tax', value: 12, total: 2.68 } ],
      handlingFee: {
        name: 'Handling Fee',
        value: 0,
        valueWithoutTax: 0,
        description: '',
        taxes: []
      },
      shipments: [],
      customSurcharges: [],
      refundedAmount: 0,
      refunds: [],
      predictedPackage: [],
      pricesIncludeTax: true,
      disableAllCustomerNotifications: false,
      externalOrderData: {},
      shippingLabelAvailableForShipment: false,
      electronicInvoicePecEmail: '',
      electronicInvoiceSdiCode: '',
      commercialRelationshipScheme: 'b2c'
    }
  },
  token: 'secret_F***c',
  lang: 'en'
}

Quickstart with the payment integration template (outdated).

If you want to use Web Cryptography API / SublteCrypto for decoding payment requests, check out the code example created by our community developers (may be partially outdated due to encryption mechanism changes): https://gist.github.com/manuelfdo/94a14c0314b07e311f07b240921eab86.

PreviousProcess online payment requests NextStep 2. Collect essential data for payment processing

Last updated 12 days ago

Was this helpful?