View Encrypted String
view_encrypted_string encrypts a string and returns a URL-safe encoded token.
Use this when you need to pass a value through URLs (for example order/invoice IDs) without exposing the plain value.
See also:
Parameters
string
Required. Plain text value to encrypt.
If this parameter is missing, the tag returns an empty string.
string="hide me"
key
Optional encryption key.
If provided, use the same key in view_decrypted_string when decrypting.
key="10asl15bajkls8bb"
Output
Returns a URL-safe encrypted token generated as:
Encrypt::encode(string, key)rawurlencode(...)base64_encode(...)
This output is designed to be safely passed in URL segments/query values.
Behavior and Constraints
stringis required; missingstringreturns empty output.keyis optional, but encryption/decryption keys must match when a custom key is used.- The tag returns a transformed token (not raw cipher text), intended for URL transport.
- This is obfuscation/encryption for transport; still treat resulting links as sensitive application data.
Examples
Basic usage:
{exp:cartthrob:view_encrypted_string string="hello world" key="10asl15bajkls8bb"}
Invoice link pattern used in store templates:
<a href="{path=store/invoice}/{exp:cartthrob:view_encrypted_string string='{order_id}'}">View invoice</a>
Twig pattern from installer templates:
{% set hashed_id = exp.cartthrob.view_encrypted_string({string:order.order_id}) %}