Skip to main content

Expiring links

Cleverbridge generates links that are invalid after a set amount of time. These expiring links make it difficult for third-party tools to fetch and collect personally identifiable information (PII) or payment data from your customers. They also ensure that your online storefront, email communication, and self-service pages are GDPR-compliant.

note

Since June 2021 all new client accounts automatically receive the new and improved expiring link structure. If you have been using the Cleverbridge platform longer than that and would like to use this new link structure as well, contact Client Experience.

Getting started

note

The expiring links generated by Cleverbridge are valid for 30 days from the creation date. The validity of links in notifications is 30 days upon dispatch of the notification. Contact Client Experience and inform them if you would like to use other option than the default.

When you generate expiring links, you must keep in mind that they cannot remain valid longer than the value of MaxLinkLifeTime specified in the Cleverbridge system. The MaxLinkLifeTime value is set to 99 days from the starttime defined during link generation. Apart from that, you must use the &s=<starttime> , &e=<endtime>, and &c=,HMAC-SHA1 checksum parameters:

ParameterData typeDescription
&s=<starttime>integer

Unix timestamp corresponding with the date and time in which the link should activate. For more information, see Unix time.

note

The &s parameter is mandatory. If the &s parameter is missing, the URL won't work.

Example

&s=1592309816

&e=<endtime>integer

Unix timestamp corresponding with the date and time in which the link should expire. For more information, see Unix time.

note

The &e parameter is mandatory. If the &e parameter is missing or expired, the URL will not work.

Example

&e=1607865416

&c=<HMAC-SHA1 checksum>string

The checksum for link protection is an HMAC-SHA1 hash based on the following string: id:starttime-endtime
In this string, the id corresponds to the purchaseId, subscriptionId, invoice number of the object being tracked.
For the subscription ID, only the numerical value is accepted, without the initial letter "S". For example, for subscriptionId=S12345678, include only the numbers "12345678" into the calculation to obtain a correct checksum: 12345678:1683635441-1684585841 For the purchase ID and invoice number, no modifications are needed.
To calculate the checksum, you must encrypt the string with SHA1 using the seed for static URL protection: SHA1(id:starttime-endtime, SEED)
You can find this seed in Commerce Assistant under Setup > Account Setup > Additional Details.

note

The &c parameter is mandatory. If any of the parameters used for the HMAC calculation are altered in the URL, the URL will not work.

Example

&c=9d1f3806b94ceeac401d98fcb8ad9777caf0f2005dc630039e21d1d45dd547b5

note

This is only for document links. For purchase or subscription-related links, you can use the purchase ID or subscription ID instead of the invoice number: SHA1(<invoice number>:<start time>-<end time>, <seed>)

The following examples present links that use the expiration logic:

Change subscription payment (SCP)

Use the following link to allow a customer to update, change, or manage their payment method preferences for a subscription.

Example
https://www.cleverbridge.com/<client_ID>/scp/S<subscription_ID>?s=<start_time>&e=<end_time>&c=<checksum>

Confirmation page

Use the following link to allow a customer to see the details of their purchase after completing a transaction.

Example
https://www.cleverbridge.com/<client_ID>/p/<purchase_ID>?s=<start_time>&e=<end_time>&c=<checksum>

Invoice

Use the following link to give customers access to their invoice.

Example
https://www.cleverbridge.com/invoice/<invoice_number>.pdf?s=<start_time>&e=<end_time>&c=<checksum>&documentid=<document_ID>
note

For test orders, the invoice number is generally the same as the purchase ID. For actual orders, the invoice number has the following format (Letters-Numbers): ABC-123456789

Update a subscription (USI)

Use the following link to allow a customer to expand the subscription by using one of the available upgrade options.

Example
https://www.cleverbridge.com/<client_ID>/usi/S<subscription_ID>?s=<start_time>&e=<end_time>&c=<hash>&subscriptionrunningno=<subscription_item_running_number>&cart=s<product_selection_ID>:<product_ID>

Update recurring billing (URB)

Use the following link to allow a customer to update their recurring billing.

Example
https://www.cleverbridge.com/<client_ID>/urb/<purchase_ID>?s=<start_time>&e=<end_time>&c=<hash>-<purchase_item_running_number>

Cancel recurring billing (CRB)

Use the following link (available only on Subscription Management 1.0) to allow a customer to cancel their recurring billing. The customer needs to turn off the automatic extension using the toggle button.

Example
https://www.cleverbridge.com/<client_ID>/crb/<purchase_ID>?s=<start_time>&e=<end_time>&c=<hash>&purchaseitemrunningno=<purchase_item_running_number>

If a subscription self-service is activated, any access through CRB, CSI, and RSI links gets automatically redirected to the self-service page. In such a case, within the link, the page identifier is changed to "s".

Change quote (CQ)

Use the following link to allow a customer to see the details of their quote-related purchase and download order documents.

Example
https://www.cleverbridge.com/<client_ID>/cq/<purchase_ID>?s=<start_time>&e=<end_time>&c=<hash>

Customer change payment (CCP)

Use the following link to allow a customer to change the payment option.

Example
https://www.cleverbridge.com/<client_ID>/ccp/c<customer_ID>?s=<start_time>&e=<end_time>&c=<hash>

New cart from purchase (LCP)

Use the following link to allow a customer to request a quote from a purchase or to go directly to the express payment.

Example
https://www.cleverbridge.com/<client_ID>/lcp/<purchase_ID>?s=<start_time>&e=<end_time>&c=<hash>&cart=<product_ID>&purchaseitemrunningno=<purchase_item_running_number>

Within the LCP link, the purchase item running number is optional/situational.

Redo the purchase (REDOP)

Use the following link to allow a customer to redo the purchase by either requesting a quote or going directly to the payment.

Example
https://www.cleverbridge.com/<client_ID>/redop/<purchase_ID>?s=<start_time>&e=<end_time>&c=<hash>

Delivery confirmation (PD)

Use the following link to allow a customer to view the confirmation of their purchase.

Example
https://www.cleverbridge.com/<client_ID>/pd/<purchase_ID>?s=<start_time>&e=<end_time>&c=<hash>

What to keep in mind

When generating expiring links, you can choose any start and end time (as long as it doesn't expire in the past) and calculate the hash based on those times. The two following examples show two expiring links to the same refund document. One link is valid for a year from today, the other for 10 years.

A link valid for 1 year

Start timeEnd timeInvoice numberHashDocument IDLink
16685147481700050748366334488R8644019219032fd5373d70a04aaf873d8519a9497a8da60223681701https://www.cleverbridge.com/invoice/366334488R8644019.pdf?s=1668514748&e=1700050748&c=219032fd5373d70a04aaf873 d8519a9497a8da60&documentid=223681701

A link valid for 10 years

Start timeEnd timeInvoice numberHashDocument IDLink
16685147481984137692366334488R8644019366334488R8644019223681701https://www.cleverbridge.com/invoice/366334488R8644019.pdf?s=1668514748&e=1984137692&c=879958eb637ed6fad9d0dc24 fea7beea68e426d0&documentid=223681701

Keeping purchase document history

Important

Every API response or notification contains these four links:

  • CustomerConfirmationPageUrl
  • CustomerPdfDocumentUrl
  • CancellationUrl
  • ChangePaymentSubscriptionUrl

The confirmation/cancellation/change payment links are the same in every Get Purchase API response per purchase. However, the PDF link in the API responses only shows the latest invoice type (purchase, partial refund, and so on).

To create links for the full document history, you need to activate the following notifications:

  • Awaiting offline payment
  • Paid
  • Purchase order
  • Refunded
  • Partially refunded
  • Chargeback
  • Test order
  • New quote
  • Return direct debit
  • VAT refunded

For further details on how to set up notifications in the Cleverbridge platform, see Set Up Notifications for subscription-metrics.

The description of the invoice type is in the notification, for instance in the Status and StatusID tags:


<?xml version="1.0" encoding="UTF-8"?>
<cbt:Status>Partial Refunded</cbt:Status>
<cbt:StatusId>PPR</cbt:StatusId>

From the available timestamps in the notifications, use the ones that best suit your case, depending on how much granularity you need.

Example

Example of a PaidOrderNotification:

<?xml version="1.0" encoding="UTF-8"?>
<cbt:CreationTime>2022-11-16T12:37:41.429317Z</cbt:CreationTime>
<cbt:PaymentArriveTime>2022-11-16T12:37:41.666145Z</cbt:PaymentArriveTime>
<cbt:LastModificationTime>2022-11-16T12:37:42.081264Z</cbt:LastModificationTime>
Example

Example of a PartialRefundNotification:

<?xml version="1.0" encoding="UTF-8"?>
<cbt:CreationTime>2022-11-16T12:37:41.429317Z</cbt:CreationTime>
<cbt:PaymentArriveTime>2022-11-16T12:37:41.666145Z</cbt:PaymentArriveTime>
<cbt:ReimbursementTime>2022-11-16T12:46:06.349784Z</cbt:ReimbursementTime>
<cbt:LastModificationTime>2022-11-16T12:46:06.417129Z</cbt:LastModificationTime>

The relevant subscription ID and purchase ID will be under the following tags:

<?xml version="1.0" encoding="UTF-8"?>
<cbt:RecurringBilling cbt:SubscriptionId="S49694473" cbt:SubscriptionItemRunningNo="1">
<cbt:OriginalPurchaseId>366332011</cbt:OriginalPurchaseId>

Parse the following data from CustomerPdfDocumentUrl you get with every notification:

  • Invoice number: Number found between /invoice/ and .pdf in the link.
  • Document ID: ID found at the end after documentid=.

Did you find this doc useful?