ConvertPlus Buy-Links Signature for Dynamic Products
Overview
You can generate links for dynamic products outside the Merchant Control Panel, using the ConvertPlus parameters explained in this article. Some of the ConvertPlus buy-link parameters require a signature, to prevent any interference in the ordering process. Optional parameters also require a signature if they are included in the generated buy-link.
ConvertPlus parameters that require a signature
Parameter | Description |
---|---|
return-url | URL to which customers are redirected after their finalized purchase. Learn more about Redirect URL on this article. |
return-type |
The return method used for redirecting your customers after a successful sale. Possible values:
|
expiration |
Buy link expiry date. The link becomes invalid after the date from this parameter. Send as a UTC timestamp. Example: 1537549421 |
order-ext-ref | Use this parameter to set an external reference to the order. |
item-ext-ref | Set product identifier for your dynamic products. You can send multiple values separated by semicolon ;. |
customer-ref | The 2Checkout system generates default customer numerical (integer) IDs automatically for all orders of products that feature subscriptions. Can be used for new acquisitions aggregating new subscriptions under an existing Customer account. |
customer-ext-ref | The external customer reference. |
currency | Preselected billing currency 2Checkout uses to charge your customers. |
prod |
The name of the dynamic product. For multiple products, send them separated by a semicolon. Example: name1;name2;name3. |
price |
For dynamic products, enter the product price. For multiple dynamic items, send the values separated by a semicolon. Example: price1;price2;price3. |
qty |
The number of units (quantity) for each product in checkout, separated by a semicolon;. Do not use spaces or blanks. Example: qty=2;1. qty works in conjunction with prod, based on their respective order. The first value of the qty parameter controls the number of units for the products whose identifier is in the first position of the prod parameter. Example: https://secure.2checkout.com/checkou...rchant=2COLNC&prod=6FD08E61B5;E2932D0DE2&qty=4;3 |
type |
The type of dynamic product. Possible values:
If type is empty or not send, the default line item is considered product. For multiple dynamic items, send the values separated by a semicolon. |
opt | Defines the product pricing options.
URL formating rules:
":" is considered a pair separator
"," is considered a value separator
";" is considered a parameter separator between products
|
description | For dynamic products, set a description that is displayed in the checkout page. The description field is displayed only for the 'One column with payment buttons' template. The description will not be visible in the default template. |
recurrence |
For dynamic products, set product recurring options. Send multiple dynamic items separated by a semicolon. Example: period1:unit1;period2:unit2;
Possible values for units:
*This parameter is conditioned by two other parameters: duration and renewal-price. |
duration | For dynamic products, set the duration of the recurrence. |
renewal-price | For dynamic products, set the price that should be applied to the renewal order. |
ConvertPlus parameters to be included in the signature - general rules
- General parameters included in the signature, regardless of the type of checkout (catalog products, dynamic products, renewal, unfinished payment): return-url, return-type, expiration, order-ext-ref, customer-ref, customer-ext-ref.
- Parameters to be included in the signature for dynamic products buy-links: currency, prod, price, qty, type, opt, description, recurrence, duration, renewal-price, item-ext-ref.
- Parameters to be included in the signature for manual renewal buy-links: prod, qty, opt.
- Parameters to be included for on-the-fly pricing for catalog products: prod, price, qty, opt, coupon.
- The parameter to be included in order to lock the cart for catalog products: lock.
- Parameters to be included when an approved URL is set: in this case, all parameters will be included in the signature, when redirected after successful completion of a sale.
Build the ConvertPlus signature
To sign a ConvertPlus buy-link, you need to follow these steps:
- Sort the parameters that require a signature alphabetically.
- Serialize the parameters and append to them the length of their values.
- Concatenate the resulting values.
- The serialized value is then encrypted with your Buy Link Secret Word using the HMAC method (algorithm sha256).
- The resulting value is added to the buy link under the signature parameter
Example
Let's consider the following parameters:
- merchant = 'MCODE'
- dynamic = '1'
- prod = 'Software'
- price = 10
- currency = 'USD'
- qty = 1
- type = 'digital'
- expiration = 1893456000
The regular buy-link will have the following structure:
https://www.2checkout.com/checkout/buy?merchant=2COLRNC&dynamic=1&prod=Software&price=10currency=USD&qty=1&type=digital&expiration=1893456000
This link is missing one last parameter, a signature.
Let's take a look at the list of parameters that require a signature:
- merchant = '2COLRNC'
- dynamic = '1'
- prod = 'Software' <-- SIGNATURE REQUIRED
- price = 10 <-- SIGNATURE REQUIRED
- currency = 'USD' <-- SIGNATURE REQUIRED
- qty = 1 <-- SIGNATURE REQUIRED
- type = 'digital' <-- SIGNATURE REQUIRED
- expiration = '1893456000' <-- SIGNATURE REQUIRED
We extract only those parameters:
- prod = 'Software'
- price = 10
- currency = 'USD'
- qty = 1
- type = 'digital'
- expiration = 1893456000
Sort the parameters alphabetically
- currency = 'USD'
- expiration = 1893456000
- price = 10
- prod = 'Software'
- qty = 1
- type = 'digital'
Serialize the values
To serialize a value, you need to prepend to it the number of letters or digits a value has. For example, the currency parameter has the 'USD' value that will be serialized as '3USD', where 3 is the number of letters that make up the value. The value of the price parameter is '10', so the serialized value will be '210', where 2 is the number of digits that make up the value.
In case a value uses special characters, to serialize it, you need to prepend to it the number of bytes in the string, also known as the UTF-8 string length. To count the bytes in the string, you can use an online bytes counter. For example, if the prod parameter has the 'ελληνικά' value, this will be serialized as '16ελληνικά' and not as '8ελληνικά', due to the use of special characters, where '16' is the number of bytes in the string.
- currency = '3USD'
- expiration = 101893456000
- price = 210
- prod = '8Software'
- qty = 11
- type = '7digital'
Concatenate the values
'3USD1018934560002108Software117digital'
Encrypt using your Secret Word
The serialized value is then encrypted using the HMAC method.
- the algorithm used is sha256
- the key used when encrypting is the merchant secret word (in this example, the secret word is 'secret_wordbuylink')
This outputs a 64 character string:
c2225743f22e3b698b2f31052e35ec7602b787c804eaac1e0cd127a9a06b5762
Add the string in the buy-link
https://secure.2checkout.com/checkout/buy?merchant=2COLRNC&dynamic=1&prod=Software&price=10¤cy=USD&qty=1&type=digital&expiration=1893456000&signature=c2225743f22e3b698b2f31052e35ec7602b787c804eaac1e0cd127a9a06b5762