Step 1. Decode and parse payment request from Ecwid
Last updated
Was this helpful?
Last updated
Was this helpful?
When a customer proceeds to payment from the Ecwid checkout, Ecwid API sends a unique payment request to the endpoint of an app assigned to the chosen payment method.
After receiving a new payment request from Ecwid on your paymentUrl endpoint, the first step is to decode and parse it. All payment requests are encoded and contain all the order data, which is essential for further steps.
Upon clicking the “Go to Payment” button, a customer is redirected to your app paymentUrl. For now, you can’t do anything with the storefront, so we recommend showing a loading placeholder until further steps.
The paymentUrl endpoint of your app receives a POST request with encoded data in the request body.
<form action="https://mycoolapp.com/integration" method="POST" accept-charset='utf-8'>
<input type='hidden' name='data' value='UMhJd9tXqUPchsvgzb7w2zpheysaEpZH6Ia7lwgSl0jOoQFcq8QlrMCjEfNcf-j0SW-WEvmmsIfBquI0a2VsqgsIIfY_hJ7fyUqOKRkrgsTfXt2U8QXKPMfWVDaDGlLtxnVfklOcmX3qfswRf6VL20dbibUGFaWUl62k-_uL6zJAAzRnbM_c63Etx3wgdN2B3S0Hz6Ps1shROVCmpAT9lNBQw2g0ER1xzur8rBCNAfc7ajvAjj5h8tfCxL7LloAjWzEYH795R88vwuDRCrwGJNzNQFkL78wNu3H45K_6nKAG-Q1bHWYn2YoyIchO94HOaoPN2EDzDURGeNSz6n_377ZoAyS5Rb3ofJ09KJ2pbA-UieTmEWylQVeFaaNiRJnj3YNzBi1pKkQ1_RIva0RHTXrGemjg8Yj_HPrUfsg6rhfiV45-0eew63t1x6Fw7J18eE-DmjU3JUa5Dgp03gchxo4Wy4N9ukqevHut8isLMdiBabyYDlf7szawAW5xL5MAxHr2u8tUlTWeqlZYetvZQ2oZH2wwhXYcqZV_L_nejv2vaO85bAAnLBfKP_XR7D9VGQxL1u1uAv5Rqusr1SMgQfTrUyWLhaH53gLZRfuc24pszoKS18q5fcSEXgSsteRB5vRtm4o7RiEcb9rLoHCz1DDBfIy5LOUDfwQf6igHMY699tUPl-QPxb8f5dtkf5MLtlaBvTWWZMXs0LatbNGADSAc168M7Mc1LsTstRMzSyBsLVr21TS6GAwYmQtIr7B5u0gcDhF9XoDWDetokHCZyR8M8aU1w8Xg4rIF5UuqubyKyLkEc7hTp8R-V_k3PUALT_Yc4lpvM2wFBiiDjj9riuHwyHHvnfP12GlxFJw1RRmfQYHqevSHFzL51KESP2q7jmjgzG0pRxe0NITe29YvAHQioNnjGgQCvr3aRlpbW0TCaw3XrPI3o09BwOt09Bh1d4n8Zpmj2rxiOdjyABRrSPYt3cBc6uPUKE_0x72mmWhbDYZ4H5czUFLF0xJRpN2p63mUzyql0RCBNOYKeB7kUIuymu4yxAzWD6aa-b0R_yqKHJJB0Hjcljl_VeWaDx7U4K7Simqi91NvlO61NLmlybfgCxu_21j0u2beD1kCNuP9CuTwP0muEAUz_o9hZC3m-EePaw5LHQv9qvY0qJcgtKB0mJlZebQQMKTAJ0TGgxVhoof7I2qEfjJW0FqSy27ItSUkobasQFeLDWKOe4fgeIx4hdnxGnfQJizZAQ5LOso9Dxrwoqq_smwq_18N0xnrQ-yqUWpZ5F87_61IuHLOcSOx7bnqIgWzKEEGjxlXKLHTcCzQpwMdblELpSa_hfNwFWCzvRnulB-Ef2IDFtTWQL3KdhWrFAu2OQ-YT297LCo7_E5Wx7srqVbx5xd_3JTpxuUr3E32TXYYYSD_iMUWrB9A9m48f9cbJv9vXUUlwQL1T4n-c1ZRaF8XnF5oAjj-asHbY85CIVoT7EvqxbqFEc1c3Rk8iyVDC87wfA3q87RiG35F0WDSJn4nMfntkb855AqoOevqxiXfRaAhehHxKs3LCWjGr4uhBJCFo3yqV4Lr6Qy2hVEpZj6WlfiWIJzkzmIycjFlccZhGoBw6BgUI1sPum44b7tcGT9HCSdhLFm_Ju_UnvpkkyAuBvUvr3-vq-XDs0IVAcdZBo2kQbuqWywJ0FO3N-wq0zsS_mTnYmw0NQyQMhPs8Yi0skD_qoUFoaYhfQzbPoZr3ZCdJDoVgUhP-8LSrmp2uqcEoUkGbtazY58lcBvfygqHrfJIw9NgHfemV4KX1zcLWOl_g-MCKGPZIO0DQA8Buj93AN9C9JFdRQ2FOGOC4wAGqFb1ZAPLaJaXwq20g682FarJxui2UJWso3KkYuy2WGl9Z0Kgb3SHf_ECpQqgtYN2OQrTVrBHRw61oTQDXoaIMaris2Q_WK9Wryx9XotL4UUUEl1j6oEjTPPzxjtpDTHLFDtJlNh4QMmExsiaOxQYHn6LlEljewsLn4j458bG5se-f1dDJAT9gh0V4ShMUSaegp-d6qfLzTl22C2QMO0HjwqVHE_f3bDtyfy5uCXG2L2Nhq_x4CtJ4CSBkzBJ9_OlX9AhyLT-5tRkRqujLGM6LsMz9k4RymA3r62DyzpXG761j5q6or0DN09KmC_-ZbhM4qMB9GC8SSOMX82b5iay3kgZLpTe8D3s9YQU_w7fzHd1NwyO1-BzUEjnD7JC9_6ClG4pRVQcp096dysbH-6prIFBp43eUaaPrqbqn3XvU1u0WLjZIVyDu5n4-d7dfgaZx2YUaEr8-BaO377kosWWYposqndmDPbpEVleqs4mdKA40MQydP7jZKiqKTBe4Obtg8STOSEUODw6f6VCjpMkvMyEBlfy-vfWYKx0yYYoZfGmjtLGKVGwPfQ0dZ95rEgl2-z216wvAoxY7gwD2Sx8XxPSyur2B8Shwf1w2UiQlx67jre3afwu_tT-Qkct2b375HTfGDExoZLmoUgn0-b2j7uXQxiDxQdwLmUa11YPENa-kdiIrr1gXjVlusHcYK0UC-9_tb-Mvau9sEtBxaicGjnDqYOlonrI_XofDBqF9Bn2F70ziWbNg9qT-pzK0_7MYFwBAowXM9Ls9ADqvTIItfbFNZq6Ana-k8e1MRZvao6PWQDCU0n0kGiHi_sOj_RSxI2KmLPIWQ33vdVcD6BqaQXV_JTc-siVnrrk_1vbNsgLyQ0RhLkTLcqxhEmsCNbTKXE7ByHaXB8056ZZCzPrMzUX1kPj0h7x2i5bioYgkOBeftZpTDPPexPVg3U6aNMKcX4TYAp4csPD-0eCUaBjnLB2uOrQi4mzIYXa96ZlQCxCjObqYOUnIEVgn23xQPFdF9nB9LMx9hbkPOCtN5nsNRJKEvAUH8wDUPbCYXzsa1YLB9oRid6m_sZvZXBwDnBnjA1vfJoQaQm6w4Wn15zrThJcQ1vgKDFQJnfc_GPlUoTrBp8aEhawwdqYMG-4_0XwKSs0wiGhf2QLyZ_RDGjAKv9AWcIswEj6XW7m9Gpk65fZpIbodbmGYBqdBtFJwnGnDZzcat4Y9Uh9hC_32nwpatZTcs1RDxB5NUTGROAHqFDhT-LLlE-mI_IfOF40bvFg1JxFD4WLhvpFIa8RDrFQ538AsbKZGdSukvYpQAbrQ69jdlJFK7J8yGlVA1atDNYj64HPxzPHenQ04WY50eKW8-8hh4KBFweLqq8FRNitBzqL19jM-3vLyqE2GQoIXj9k3YkWO3t3FgHHYhQM-WX5QJa-cHvxCmWic3M6nrQs2-GGiJdBvu7JXF5Q6oFSWXd1ganas8XhpP_d5GwBWfC_Qp7wvCHs0fmJ6xDb6WlDQQIqrvCYCcHWrKyBgxJCFfpXMf9ET3PgYHNHicmbRmrscYtcq1qprecg05REAzq-sol3C_3-wVjAnp0axtttNQuYsKSm1bLT1u1-5coW33wdYq0h8qvlQkp_oWc_ubLFJSiEfcWqI3nHMANAsSElbeV2xgJcpVLezUVhGfOjbENEDRPVsXkLwUZoscZrXi_HXE6WGDHiw2dDgV9nasoPxgn9t2yTDpkMbywYE3cnPKp6RygLqoW3YpbV2oMXtr1fPPH16x2RWK9SuFfRpt7EjX7VcKkdBOon1InNeMSPe1W_F5iLGRGFki5ZnRd1CmZS8u114vp7bnzBoBcQNnXCmZ3nxYg-deRzc16SmuhpGA9sdwG14hAskRtCvPSYU_loLZO57tw0IAPK2MoSctebkt0Oc5H6aBP7aR4RYsMILfK6tm6u2rELNENZR6rGeszefZfQJuftu0O1TvMzmo_ki82KTTp_PXMzUL91Ief70tJbMn1ZMRPmJdCfq0QnVwzbxocT7Ij0hj3wy7Opx1fxh65NtSj2MU85A7xRhI3LkfL3yIb-4oEsZTrGZMjf6-H9raJQpbIB1W6ClfPxjZXET79NnoWTuojjfF1LFTiMeU6bCr3LzyE3WDjgtCOLZ3c2hyhV9yPZDntAcIQJVD6Q9BzyhS-FzUxsIhJKRoZvT3dNwNKgQthp5pszRdMvN8sLS8cjiHaCxyZDoESCRATSmpxq-DNp9hFWyoWRfMcUYvHcCsM5Qe-4a5VumaKKJvFjm9byx0ECobGjiYM0hHNI_s9Uy8C_JNbWNvs1JXejxJn5buTHI5P-qzhRWkuTg5CrdoJ9GmoMqLTu3HCuX7ClgmsS3qJxj_vdH5ffnwHnHFdjh8pltIwGH_wShlGBWV1yl7unqKldJOLf84btlpRZ16P7lPXO1py9FqO6ZbviMF8VNmXcXYZcnBNjyN3YQO_7EEB9INgG_ZwScWVqIyfDG6OeX5W4qRU0QlYcCK3bWMaIyqsgI2BzGzX9XyC-N4UvGJ_dI80jBhaOiWfTZIyVnvIdMur0GDgiCiGLxQkzmdbK7yVUozZWnjoBg5rfPvMI5PKHgSX0Vw862teClg6sDjc1DOKzC1khe6-8WIRQ0XjfFYncMozDx8mKSKq7LY1ZH3aJq-0e-03NQMljj2V_XqEaRjkc-GMMEOIcYmLYqrdA43nOcLFWpajxJ2XagXoPXhc8WyWhL-5FbFXwu8UaJOUxIaSP69eiumobI6Nz07hFDvbxOFqgU3YmdnIvor-ftISXsGQe1jZR2HSa6D7nsLBVHCvHZCLI4izCCRb-aNP_FxT4tchDYU1aBOLb03UuMjSo6Q1XRJym5LX3QmQwHzQH-I-Fjmeb7G5NrLx7QhS-fiEq_dZUXek6tTUPNMgZF9BTHqpqzoT9nJt8oYxLPIAY0EwbpwxY-JEc2fDFH6ggYUsO-2YLCiP30dBj_zwZcGfW8Un-LfiUGLiHqZxxfSD_h0UyYFcqY2DEiu4omDRhuaEhzj9HzAaAw9BAX7nQbYCc_HVI5ZynLcmVp8ccWlI7iPF-TeM1y_Hpucm7EUgSEut55KxWjYnFyuGKM5cGz_uYGryzMgPIA_6D4EruhgWz4XU7pRfkMLZ6O9H4nerYm9t6DwSo3ihkH_xt4z4eLPHsDWWqQjdGzvC9ynoFpdZRHxMpCz9Q3PEfzwKu6EXxWK3wrix0eO2Tss30LDBUvTIyRHbrl_gFQZhdSHATQR73pBB_f4SBxi8y5wonfmFxfmhbEAl59nXE8ceGug8jlLZh_hPcI6ToVTuEOjqLyANDFjqhKSezZrqZGmwqeN0KvrAX3yszIrGw6cERfIMGeIt7srXhCPnafD04rfsH5npvsXXfrT3FNi50jzmnpDD0ZT9qW__cnpAgYegCfc-ZNIIauz2HRQMJ94Ex_6Q5XTKomjpWw-0M'/>
<input type='hidden' name='enc_data' value='pKLotjKsnRaGoJ2fPdnQ_9XkmENVF8dx0AC-0RLl7hrRTwvPCEkgFqlzEFcvX6pCaPLSL4jnIE_DpVXfiaf5GV92TsyRFLtmG1GSJ2rL2x4_sfdTrE0gW5uCwxKbShZUccuJxLjKSfGYxvPrH095nadtObRsQ8CE-pk-Zrc4FLklinUrzVgqUUbOsgg42K1QiflcpJgFJsT7hYaS7FUFTbldLy7Hg5nM-a0srl5pgUauaeNSlSF0gFCBVdvAOU-pTc1z9uq-CQ2wxQPeQj7zEwbjhgcAC8_KCflZpzS-ygSY7exz8i3GGvoxigApchbPUFf5cT6DdVUn2E8R71hsJDjlJ6fM9AcaYlZ3iLHc1JaAqjz42fJ5w5REo7cNhTO0Ul_8bmpFp-IQ6w-vnRLZkYSsYjDtwp_pB2sMnk9Slil1__TaEdz8hxQD2cbC6FsoJWLj_9hnzgVacS-fgGD5Lj1-NXZTjViPAZ1mkhT8yU8QLgIdsBxgMYrYoNcWUV32_k6EktYtRvoNIvOt2-ldRN8bCK690mcyGORmQbb1tRKh3G_mD9DOxyZ6Q3kZaAO3XD4WNl6UbIV7MEzMqLSQrHTiUl5tUjpK0JI-Ie97OcPmXwbNSYf9BBCUFZZnBZYVQAO8kruUgY8SD3pi9JVj09We-_jCRPblNIXFUQeHdArvn3QY_qcDQzC3L2CaQ1BU2fMDNXgvt1yY4oplST2_Y-keYkWxOaz80i8MuLke7qegnPfv5V4EOGcgSb6aasFCL6aC0MjRxlf1lCUKAHWj4aAlOSjKEM350b4B-Ls1HfZ0tu82VLX3BOYNFHLUCiTh4Ol0foeAUuzv5w_uk3NOw96_zPdoOqLAtPH8UY7gbSpxLsSYPJiv2NKYBIZJKP3v9uHii-jFd_aZA54SY2KeucPWdvPY1k_jdsMm8aoqV6kog9X7I3R_4WqrPqHJN-0esPjGtmUUDyQRg3N2JmXpciLEFMvf5ftFvSAv7IVPqatk9y92HNfiYksdr7DkYBfUlifi4Ry6vBlFGLy3HN__U3Oloz5pVuImJURGYbKwvGfSKUt9RCJDP4AADQ8VJ14Rue8g02GNkvod_7lYPUKapApdq3_VFcrLQnUnIQ4pXk-kcmwQLiB_kW-nymh8wGH0MRaCV0fJMW2EUMDzgFj3MLrdLVbFtfuDSlt0ISHahyurGKw787nKEi3rfnKrsBtWpsC_QeleseyrERrOFlNQfr5qF2y2VJ58gvvxGxkXZL8G6cdTm-EKERDV8L2DhGShtHkE-91FPuzJlQHd3Gj7AP4gBUK5-Tlp_xwLch6SadOwipuRPg-Il-w6HjjFjPS7afpAX9IUfXacBR1_7tmpkfnUiYjJRhOJUnwvL5BOytkvfbCEMbRa93HwQuSq9Sa2S2FWfOmRwKhRXVyN0lDbHoG3OBdjMkfqJSrGX9eh3OqFFwVrg9ogKKfAHy6AHoaJtbpbWXLOopTcbAKZ54cweW9Zks2LYhleJD5wA32BVyv0hnkPIyixuUHJ2RtOetkXQk5tUEMNjtyTro2fmrCDdx1s-erbg1RYZUQG2BCviusIR3jbsk1_QSknlLY4i0y02dgtDJMrXERq6cKtOQKifxrMOTo-0K2oTOymTHo970pJ0b6b4clBd8XveSBi0r_Urb7jz94HSCvXU1tPVL0aKOifVFl_RxV2FW-DZl1FTWb8Rc6m-MxSyvLOSUauyxWRX-hSJgv20mJstjA8IQ2Kl8A069LQY092fZOq9kATQSPN7iEK9oahhEPDe0qjdASklEVimF-QfLmKn-LsQ7h6mBx9-4n-uuM-JeHrykbJ6vslZwXfjf1fVl-M-iSt8lXY2P4riOgjC3rdpeFN_zQ_W81BSCp6hY01trIw731e2ta2sfMEuMFVaOD6ana8GvTSf1sxyjjinKynMsHO82a67P1aWyb4LtBFdNKf8_-B0-zvKkQmiio2HLVxnGhNwdykV-nm7Va28B8KolP3EhC9FMM75ElEgDfYzwYbvRHypzrVMiHSkUXloZc78EWwttkk0GB2BQyMBGhCtmhj9domur3YbsB9Wy-vn2-HOcAPxIr2J2kAs72HbB3_WIgg5RsHfLoEHli-lffEPXqYiKHXhqh1-vD_3DM9bbBTABDO4xPSZ-H7-XMgJGNhlJw75oVHshB_Uyw1tH6c6dSJangRq80spbxBSXbvyXG3mXpQ5v0Fbj14mJ2TX82c56DwGhHzW1RmRCNw7od4QhJPMLFlPGAibpk09qC7L268ABaaG8wiuDG1YMkVxk272zJmY1E3XpughQBJ_k0j9gICyZzu3RXI10_OCUZ5jfqup1jLAPvpUsP06L9XNdYayKMDh9BqxYU1_OGRikgSSolZwNoZ6uUd_Ez2zf4QuC0hYBE3SthcaAd9sCIJPLQ_Am45L9SPf0T4bpSaQnZAEkK1Jb2pbc_6RMTQXS5ZzkRqOQ5nt0sumcy8TeHILTJMMrCoYog89jqwl-TPlMZzb90UdwKpq5oBVDjRbKpM2bqHox14zJc8sgwU79gXiy6prXvXESGP5UTh_YUoNPF59ejShcfQtA3W-JV11Eg2ypaMhEgFYEKOFnZume30_FRmcwOYHFjrNNR_PEj6cP4BywsbPo7bpmDlPVyNp9A0uMDEiKYRYjhIQlIVQow8CacVt8LU4sHaFPqgG59xnqE8oj3425FjiSnryQWnBl_5QqgEonawCPDxrF4bCyM_vSZtHTH0iwwuyll7kpsH8M4zK3tQIAal_7HkvBWCTAZQOr0Hg_ZN1dxUMLDqiPt4rFxP5WUh3BibCxHcu_t-jLj2wv0IjQFW_TIntuoUJoMAnU2N3kuWxO8WvPhgEj3o9IjOwY5Mv2WsQwDS4uZROMzOAcWdFB3q84aNWIjmPLStugvAnsgHlsV6BZ4uBz8v3gY567tmiIZGWBstyAxDiHWPYvmZQwSJc77kHye_6768vx54a90B588o4fynz3_9w_3rNtGEwT3jPkb1D3ribb33NLGoUDP_AC9_yH47L7oQLUc2D_UXN6gNSLzr7AOV72-wKloCZCA5yx5ej9FfhpFveK92bSYdmnrWYUJ30HuE9YjOzcVCpow3OceUv99t7nW42a2cZoOqjPtiETNPi-iTbksFEzjOAY8Vy_44ye9Izk68CHQmT-YjmCY1TMbx8UHMBEbPU3fe8QqwltNv5PunTkZq2KGCAhSaXIJG65VDbyPAn7hAVGs3Bb8Im2fmw6VlTS__9RmacPJLecczl11pV39fgNqDpn9pHAcMqpulLY5yLvA6BJGJ7F0YdSEMoVQZ0OVHGBUIK6s4vHLCbWZliO5xaWFhElaJT0kK2K4HZWtU_Kjb5_s94pBQiqIGm-RCSnMDouu6a_mQpawnykYjlkU23cLv7uelPn5g4UWSz27Zgdx3sRVe29mtwPM0OIiccmHPgqG3TfYkZggLRGMymy6_-8_RLXM4n76WaBnjxygiQ7CloksaLvCus_x1LyPn4Iw5yax0t3Bsvl8iGu4Hc2v4CgQqf7XGv1Bc7PQKmYf9Om7YL8GAlcWVCIwreCLu4mYY4cKfLiXkzEZy4HhNivqbYh8RgK073UxbWYdjFqyj7FGYerKofdg4G1a3_wEPPq8Esapv-E45SxWaGtjkZEErJDWrkFZmyOlJAtxypVulpQipCqsC4K2QJPVZUtOBpJ5ygs_pf0L57PCQRE5BOiGrMd1zAz6vTq223bfyNroat333xyUOZPMz5ZVccUacMMW4UXOL1jzEHs-dJnkG9I-LIXBk-lhjQUPnbE68ILE86XHpdOCBFRqNyzEpmOWYEjhPWf9xUpJNpn2XQJ1Dhc6Zs5GrQdNFy4lX8tq0rFl_s7Uvdorf5pP4tKSQG3kRANnB4gzi6VCnHPyUxwRkU4nh2p1xj2dJp0VHNEsz_51OJdPuIM8689plb6n-6ML_x4IBJbsboOjUdwnC_jN0BP0wdhTCBKiO6AaeYIceTeW3Cq7UvlfEStRyYNQcdHgfIjPJPdDfdxaEsTD8lKFLzKHVUSuQx4CiB3jXrgsXG33wCufRCIQLsPPSxy4R6pSMFTDQKa9li_mp-iF5aw_hVM68B0QVgIwCYi_Z7I93ExkBfe6evFX6OZW7vnNZ6HXz0olE-vFD6RCiCuCmDpPx8iO0EdA6Mz1UFrCS6aZxGlFO8-9H83qSEl4VtiCkO2p4vX9Ks-9NSAuoieTpDPvWTvcALVI-xv6g8YLfWylz7CPMEzSBsb7eH96PTzH5B4UD1qvHf22mkuHufeTkKWKLg-loUpFwNp7bm9iJnbFZZpY4wXqqpBIQ3ZpTv0B97rJHvN_KW4b6aD9seUK7ApyjeA_vIOK2AHfhwfkNETDYN116cg2Rr81Gv8FsjrRkdk4A0-N4AVmnA5HDVz_Tq3QNPfUYv2sP1SO_84XJ-38H1PylA5O61nlbSNSGQLVleQFLZDcoXTTVkzm-W13gEKfdlczgCto6P4QxOMoOre7LwdBfPqq6gOL-2P9ypShGcwZqV3tS9uJEUHU0GRaeoI3STmRMm-kNOAjfYCI3vpPWsQhNKKHy4A-mX8lyq6_97kXn9roapgzEqYIVdOdxq8aZ8DZok7kaNfHUAJEivQQRxCOFAPJASlImybHW7d0YYMotO1eQjhs3AaUPOYpBDhxz1-MOftoyHc1jAvb8GcoBEc72D-LPSoUsO0xzHcXwHqwOD-GPFqLLY3AnoH-MdGAlnej2GY4jw5McqBs8KgeW2JdYdMgpsTygdeRjLkT5Z3mI51CUfq1FSqHBtom0XgQ9-Ix7KaHFv5PN484jXNB8lGwBQAXM0d3nQPEicsHlaApW8JbvByA1gN1uwTHeO6gV8UEVWe051cDqzsKcuCXHTaubPpqd-r9DMiQgN2zFoQ__b0owAXfaGsAxoTGKgGxM9hxQKqWMBaUUDakSn6qdjgu2VfQCmjQCSEwsQTG4quTmEFORJ9pwIm0we2L7pUSIrwoXi2h8cWJ5Q3sPcTT6lOSvf1dIvr7TFOW-5rX2qQO4b9OUwQAYgXhXR788S_mD-BPBxaBn3HwTiI8Zu-OZOZpl881rTQqt8EKbsYDMak1_Lap07KnzZ8ynekoE7UTjysJpJc4yfFWoqZSzgrlCHNvyj7BI4UfTcl3l5snc-45uC0b3mlP4LyGROuiR8RdOGAggibv8cMhPKBWlkroefdoRSufDybWF-A64pq5D9AQmHb0dyTDhv9oGVqhRCn8sZ1NXRN3e_VTcpWK6pxQKZawd5K6HKI7Av-2g5i0NgTn-vfd7BIx9VpLPZM0EM4zJ'>
</form>The initial request with the order data coming to your paymentUrl is encrypted with an AES-128 mechanism in GCM mode (aes-128-gcm).
The key for decoding is the first 16 characters of your app’s unique and unchangeable client_secret. Get your clent_secret value from the .
After decoding, you can access order details in the enc_data JSON object.
Request decoding examples in PHP and NodeJS:
<?php
function getEcwidPayload($app_secret_key, $data) {
// Get the encryption key (16 first bytes of the app's client_secret key)
$encryption_key = substr($app_secret_key, 0, 16);
// Decrypt payload
$json_data = aes_128_decrypt($encryption_key, $data);
// Decode json
$json_decoded = json_decode($json_data, true);
return $json_decoded;
}
function aes_128_decrypt($key, $data) {
// Ecwid sends data in url-safe base64. Convert the raw data to the original base64 first
$base64_original = str_replace(array('-', '_'), array('+', '/'), $data);
// Get binary data
$decoded = base64_decode($base64_original);
echo "<div>decoded: $decoded</div>";
// Initialization vector is the first 16 bytes of the received data
$iv = substr($decoded, 0, 16);
// Tag is the last 16 bytes of the received data
$tag = substr($decoded, -16);
// The payload itself is the rest of the received data
$payload = substr($decoded, 16, -16);
// Decrypt raw binary payload
$json = openssl_decrypt($payload, "aes-128-gcm", $key, true, $iv, $tag);
return $json;
}
// Get payload from the POST and process it
$ecwid_payload = $_POST['enc_data'];
$client_secret = "QKJkxLNKSu22POC5UzxTBMoUQolefDPs"; // App's client_secret
// The resulting JSON array will be in $result variable
$result = getEcwidPayload($client_secret, $ecwid_payload);
?>var crypto = require("crypto");
var EncryptionHelper = (function () {
function decryptText(cipher_alg, key, text, encoding) {
const bText = Buffer.from(text, encoding);
const iv = bText.subarray(0, 16);
const tag = bText.subarray(-16)
const payload = bText.subarray(16, -16);
const decipher = crypto.createDecipheriv(cipherAlg, key, iv);
decipher.setAuthTag(tag);
return Buffer.concat([
decipher.update(payload),
decipher.final()
]);
}
return {
decryptText: decryptText
};
})();
module.exports = EncryptionHelper;
let client_secret = 'QKJkxLNKSu22POC5UzxTBMoUQolefDPs'; // App's client_secret
let data = req.body.enc_data;
let encryption_key = client_secret.substr(0, 16);
var originalBase64 = data.replace(/-/g, "+").replace(/_/g, "/");
var decrypted = EncryptionHelper.decryptText("aes-128-gcm", encryption_key, originalBase64, "base64");
var payloadObject = JSON.parse(decrypted);If you are using C# language, create additional padding to make the payload a multiple of 4:
base64 = base64.PadRight(base64.Length + (4 - (base64.Length % 4)), '=');Quickstart with the (outdated).
If you want to use Web Cryptography API / SublteCrypto for decoding payment requests, check out the code example created by our community developers (may be partially outdated due to encryption mechanism changes): .