LogoLogo
MerchantsHelpSign in
  • Overview
    • Countries & Currencies
    • Glopal Solutions Portfolio
  • Getting started
    • Shopify
      • Glopal Duty & Tax for Shopify
      • Shopify Collaborator Access
    • BigCommerce
    • Magento (Adobe Commerce)
      • Magento 1
      • Magento 2
        • Magento Activation
        • Magento Configuration
        • Magento Database Model
    • Visualsoft
    • PrestaShop
  • Marketing Solutions
    • Acquisition channels
      • Integrate Google Ads
      • Integrate Facebook Ads
    • Feed localization
      • Read domestic items
      • Localize the items
      • Upload the localized items
    • Features / Customization
      • Google Shopping countries coverage
      • Filters
      • Free listings
      • Comparison Shopping Services (CSS)
    • Google Ads
      • Conversion tracking
      • Standard accounts structure
      • Launching and monitoring Google Ads campaigns
    • Facebook
      • Facebook & Instagram Shops
      • Catalog Based Campaigns
      • Conversion and Brand awareness campaigns
      • Facebook conversion tracking
    • Email marketing
  • Localization
    • Site localization
      • Content localization
      • Price localization
      • Site search
      • Checkout
      • User account
    • Site discovery
      • Domains and Routing
      • Search engine optimization
      • Geo-localization
      • Country selector
    • Content distribution
      • Site security
      • Domains (DNS)
      • Traffic Splitting
        • Akamai
        • Cloudflare
        • Nginx
        • Microsoft IIS
        • AWS CloudFront
        • Magento Cloud
      • Third-party CDN
        • Cloudflare
      • Site speed
    • Integrations
      • CSS customizations
      • JavaScript customizations
      • Server-side customizations
      • Exclude from localization
      • Integration examples
        • Hiding Products
        • Newsletter Signup
        • Custom Price Logic
  • Checkout
    • Localized checkout
      • Overview
      • Styling
      • Integration
        • Callback Functions
        • Confirmation Page
        • Checkout Analytics
        • Allowlisting Glopal IPs
      • Price localization
    • Order processing
      • Order creation
        • Plug & Play integration
        • Order API
        • Event webhook
        • Custom Integration
      • Cancellation & refund
      • Returns
      • Buyer's communication
      • Customer account
    • Financials
      • EU VAT
  • DUTY & TAXES
    • Product Classification
    • Duty & Tax Calculation
      • Product Pricing
      • Supported Countries
    • Compliance Checks
      • Prohibited Goods
      • Denied Party Screening
  • SHIPPING
    • Order Creation
    • Label Generation
    • Manifest
    • Tracking
  • Translations
    • Translation Editor
  • MERCHANT ACCOUNT
    • Dashboards
      • SEO dashboard
  • What's New
    • Release Notes
Powered by GitBook
On this page
  1. Checkout
  2. Localized checkout
  3. Integration

Confirmation Page

PreviousCallback FunctionsNextCheckout Analytics

Last updated 2 years ago

Glopal Checkout shows a confirmation page to the buyer after a successful purchase.

Page can be styled and customized with an additional message that is either configured for the store or passed dynamically in the Create Checkout API call (checkout.success_message). This message will be displayed under the Glopal Order Id.

Custom Page

If Glopal confirmation page does not meet your needs, a custom page can be configured for the store, or passed dynamically via API (checkout.success_url). With the custom confirmation page, Glopal will redirect buyers to your confirmation page after the successful purchase.

Success URL can be configured with optional placeholders:

  • ${COUNTRY} - order shipping address country (ISO 3166-1 alpha-2 eg. DE)

  • ${LANGUAGE} - visitor language tag (BCP 47, eg. de-DE)

  • ${CURRENCY} - visitor currency code (ISO 4217, eg. EUR)

  • ${CHECKOUT_ID} - Glopal Checkout ID

  • ${ORDER_ID} - Glopal Order ID

For example, having https://example.com/${COUNTRY}/${ORDER_ID}?lang=${LANGUAGE} as the success URL, a buyer completing the order in Germany will be redirected to a page like https://example.com/DE/912-4232?lang=de-DE

Localized versions

By default, buyers will be redirected to the of your confirmation page. To send buyers directly to the given page set checkout.success_url_autoredirect: false.

Signature verification

To protect your server from unauthorized access, we recommend enabling Hash-based message authentication code (HMAC) signatures. To enable HMAC signature

  • contact your Glopal Account Manager to generate a new secret key

  • pass checkout.success_url_enable_hmac: true in the Create checkout API call

When enabled, Glopal Checkout will append the HMAC signature calculated over the URL with the shared secret key. By verifying the signature, you can ensure that the URL with all parameters was generated by Glopal.

Eg. having https://example.com/${COUNTRY}/${ORDER_ID}?lang=${LANGUAGE} as the success URL, with HMAC signature enabled, a buyer will be redirected to the URL with sig parameter like https://example.com/DE/912-4232?lang=de-DE&sig=3ecf...511ee622

Following code snippets ilutrate how to implement signature verification in different languages.

const crypto = require('crypto');

function verifyHmacSig(url, secret) {
    // extract expected "sig" and sort query params
    const parsedUrl = new URL(url);
    const sig = parsedUrl.searchParams.get('sig');
    parsedUrl.searchParams.delete('sig');
    parsedUrl.searchParams.sort();

    // calculate over url with sorted params 
    const urlToSign = parsedUrl.toString();
    const calculatedSig = crypto.createHmac('sha256', secret)
        .update(urlToSign)
        .digest();

    // verify
    const expectedSig = Buffer.from(sig, 'hex');
    return (
        calculatedSig.length === expectedSig.length &&
        crypto.timingSafeEqual(calculatedSig, expectedSig)
    );
}
import hashlib
import hmac
from urllib.parse import parse_qs, urlencode, urlparse


def verify_hmac_sig(url: str, secret: str):
    # extract expected "sig" and sort query params
    parsed_url = urlparse(url)
    query = parse_qs(parsed_url.query)
    expected_sig = query.pop('sig')[0]
    sorted_query = sorted(
        [(k, v) for k, v in query.items()],
        key=lambda x: x[0]
    )

    # calculate over url with sorted params 
    url_to_sign = parsed_url._replace(
        query=urlencode(sorted_query, doseq=True)
    ).geturl()
    calculated_sig = hmac.new(
        key=secret.encode('utf-8'),
        msg=url_to_sign.encode('utf-8'),
        digestmod=hashlib.sha256
    ).hexdigest()

    # verify
    return hmac.compare_digest(expected_sig, calculated_sig)
/**
 * @param string $url  Current url, eg. $_SERVER['REQUEST_URI']
 * @param string $secret  Shared secret key
 */
function verifyHmacSig(string $url, string $secret): bool {
    // extract expected "sig" and sort query params
    $parsedUrl = parse_url($url);
    parse_str($parsedUrl['query'], $queryParams);
    $sig = $queryParams['sig'];
    unset($queryParams['sig']);
    ksort($queryParams);

    $expectedSig = @hex2bin($sig);
    if ($expectedSig === false) {
        return false;
    }

    // calculate over url with sorted params 
    $urlToSign = sprintf('%s://%s%s', $parsedUrl['scheme'], $parsedUrl['host'], $parsedUrl['path']);
    if (!empty($queryParams)) {
        $urlToSign .= '?' . http_build_query($queryParams);
    }
    $calculatedSig = hash_hmac('sha256', $urlToSign, $secret, true);

    // verify
    return hash_equals($calculatedSig, $expectedSig);
}
localized version