CartThrob 9 documentation for ExpressionEngine commerce teams Visit CartThrob.com
CartThrob.com

View Encrypted String

view_encrypted_string encrypts a string and returns a URL-safe encoded token.

Use this when you need to pass a value through URLs (for example order/invoice IDs) without exposing the plain value.

See also:

Parameters

string

Required. Plain text value to encrypt.

If this parameter is missing, the tag returns an empty string.

string="hide me"

key

Optional encryption key.

If provided, use the same key in view_decrypted_string when decrypting.

key="10asl15bajkls8bb"

Output

Returns a URL-safe encrypted token generated as:

  1. Encrypt::encode(string, key)
  2. rawurlencode(...)
  3. base64_encode(...)

This output is designed to be safely passed in URL segments/query values.

Behavior and Constraints

  1. string is required; missing string returns empty output.
  2. key is optional, but encryption/decryption keys must match when a custom key is used.
  3. The tag returns a transformed token (not raw cipher text), intended for URL transport.
  4. This is obfuscation/encryption for transport; still treat resulting links as sensitive application data.

Examples

Basic usage:

{exp:cartthrob:view_encrypted_string string="hello world" key="10asl15bajkls8bb"}

Invoice link pattern used in store templates:

<a href="{path=store/invoice}/{exp:cartthrob:view_encrypted_string string='{order_id}'}">View invoice</a>

Twig pattern from installer templates:

{% set hashed_id = exp.cartthrob.view_encrypted_string({string:order.order_id}) %}