Order Success Page
Order Success Page (OSP) is the last step in the process of the purchase. When an order is completed, the customer reaches the Order Success Page with the order details if the cbd token is valid.
By default the OSP is valid for 3 minutes after completing the checkout process. After expiration of time the OSP will display an error which will also prevent any further purchase events.
See Order hierarchy and states for details on how to handle orders.
Order Success Page (OSP) flow
Retrieve order from the Checkout to render the Order Success Page
- After an order is placed, the Checkout Frontend calls the configured OSP Page in the frontend and attaches the cbd token.
- Once the shop received and validated the
cbdtoken, it can use the AdminApi getOrder endpoint to fetch all data and render an overview page for the customer. - The function first checks, if the GET parameter cbd is provided.
If not, an exception is thrown and the process stops. - The signature of the
cbdtoken is validated:
For the validation the FE Backend needs to know the so called secret. By using the secret the Frontend Backend can compare the delivered signature in thecbdwith the generated one. If they match it is valid, if not, an exception is thrown. - If the validation of the token passed successfully, the
orderID, which was provided in the first part of the cbd is used, to retrieve the order information from checkout.
The order information are returned in the end to the Frontend. - Based on the retrieved order information, the purchase event on the OSP Page is enriched and pushed to the data layer.
OSP structure
The shop frontend needs to have an Order Success Page (OSP) in place.
Defaults to /order/success but can be changed.\
Check Routes configuration for details how to update default routes.
When the user enters the Checkout (e.g. /checkout ) to make a payment and successfully places the order, they will be redirected to the order success page with a cbd token attached as query parameter to the URL (https://<shopName.domain>/order/success?cbd=<base64EncodedToken>).
| Example/default | |
|---|---|
| Checkout | /checkout |
| Order Success Page (OSP) | /order/success |
| Example URL | https://<shopName.domain>/order/success?cbd=<base64EncodedToken> |
cbd token
The cbd token is generated after completing the checkout process.
Before the shop renders the OSP page, it should decode the cbd token on its backend and validate that the given signature is correct.
- If the
cbd tokenis invalid, then the shop shouldn't display user data, but instead redirect to a 404 error page or show a relevant message on the OSP for this case. - If the
cbd tokenis valid, the shop can proceed, parse the payload and use the included information to render the page.
The Frontend Backend needs authorization to Checkout API and know the Secret which is used to encrypt the CBD.
The CBD token is provided by Checkout and consists of two parts separated by .
The cbd token is encoded in base64 needs to be split into two parts according to its format:${payload}.${signature}.
Example cbd token in encoded format
eyJzdGF0dXMiOiJvcmRlcl9jcmVhdGVkIiwiY2FsbGJhY2tfdHlwZSI6ImNoZWNrb3V0X2ZpbmlzaCIsIm9yZGVyX2lkIjo5NjMwMzgxOCwiY3VzdG9tZXJfaWQiOjUyMTk2LCJjdXN0b21lcl9uYW1lIjoiVGVzdGJlc3RlbGx1bmciLCJjdXN0b21lcl9zYWx1dGF0aW9uIjoibSIsImlzc3VlZF9hdCI6MTYxNTI3NzM3N30%3D.MTBjMmI1ZTcyMGViNDRjZjFlYzg1NmFmNWY2MzdmNDkwYzljYjMwYTViZmVmYTcwODU4ODQ0Y2ZiNDYwM2M2MA%3D%3D&pmm=b2b
Example decoded payload:
{
"status": "order_created",
"callback_type": "checkout_finish",
"order_id": 123456789,
"customer_id": 987654321,
"customer_name": "firstName",
"customer_salutation": "m",
"issued_at": 585439200
}
To verify the signature you need to generate a hash (sha256) of the $payload with the shopSecret.
Learn more about decoding and verifying the cbd token.
