How to Encrypt and Decrypt URL Parameter in Magento 2

Magento has the power to create unique, limitless, and engaging shopping experiences while simultaneously offering security, performance, out-of-the-box features, an unlimited ability to customize, and seamless third-party integrations.

Owing to these benefits, Magento 2 is becoming the most used platform in the E-commerce market.

Magento offers a secured platform for online shopping. However, Magento 2 stores also have to be secure against those hacking attacks since eCommerce sites are more likely to become victims of a targeted attack by hackers!

One such way to secure your store is to encrypt and decrypt URL parameter in Magento 2. Encryption is the process of translating plain text data (plaintext) into something that appears to be random and meaningless (ciphertext) that no one can understand. Decryption is the process of converting ciphertext back to plaintext.

For example, if the owner wants to delete any particular product by product ID using URL, he passes the URL as shown below:

Now, what if any unauthorized person found the URL, passes the parameter, delete all the records, products and destroy our business!

We are here to rescue your store. To prevent your store from inauthentic access, use the below solution.

Method to Encrypt and Decrypt URL Parameter in Magento 2:

1. Use the below code in the Helper.php file at app/code/Vendor/Module/Helper.
   
   <?php namespace Vendor\Module\Helper; use Magento\Framework\App\Helper\AbstractHelper; use Magento\Framework\App\Helper\Context; use Magento\Framework\Url\DecoderInterface; use Magento\Framework\Url\EncoderInterface; class Helper extends AbstractHelper { const ENCRYPT = 1; const DECRYPT = 2; /** * @var EncoderInterface */ private $urlEncoder; /** * @var DecoderInterface */ private $urlDecoder; public function __construct( EncoderInterface $urlEncoder, DecoderInterface $urlDecoder, Context $context ) { parent::__construct($context); $this->urlEncoder = $urlEncoder; $this->urlDecoder = $urlDecoder; } /** * @param $url * @return string */ public function encodeUrl($url) { return $this->urlEncoder->encode($url); } /** * @param $url * @return string */ public function decodeUrl($url) { return $this->urlDecoder->decode($url); } /** * @param $action * @param $string * @return bool|string */ public function encryptDecrypt($action, $string) { $output = false; $encrypt_method = "AES-128-ECB"; $secret_key = 'This is my secret key'; $key = hash('sha256', $secret_key); if ($action == self::ENCRYPT) { $output = openssl_encrypt($string, $encrypt_method, $key); } elseif ($action == self::DECRYPT) { $output = openssl_decrypt($string, $encrypt_method, $key); } return $output; } }

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

   <?php   namespace Vendor\Module\Helper;   use Magento\Framework\App\Helper\AbstractHelper; use Magento\Framework\App\Helper\Context; use Magento\Framework\Url\DecoderInterface; use Magento\Framework\Url\EncoderInterface;   class Helper extends AbstractHelper {     const ENCRYPT = 1;     const DECRYPT = 2;     /**      * @var EncoderInterface      */     private $urlEncoder;     /**      * @var DecoderInterface      */     private $urlDecoder;       public function __construct(         EncoderInterface $urlEncoder,         DecoderInterface $urlDecoder,         Context $context     )     {         parent::__construct($context);         $this->urlEncoder = $urlEncoder;         $this->urlDecoder = $urlDecoder;     }       /**      * @param $url      * @return string      */     public function encodeUrl($url)     {         return $this->urlEncoder->encode($url);     }       /**      * @param $url      * @return string      */     public function decodeUrl($url)     {         return $this->urlDecoder->decode($url);     }       /**      * @param $action      * @param $string      * @return bool|string      */     public function encryptDecrypt($action, $string)     {         $output = false;           $encrypt_method = "AES-128-ECB";         $secret_key = 'This is my secret key';           $key = hash('sha256', $secret_key);           if ($action == self::ENCRYPT) {             $output = openssl_encrypt($string, $encrypt_method, $key);         } elseif ($action == self::DECRYPT) {             $output = openssl_decrypt($string, $encrypt_method, $key);         }           return $output;     } }

2. To encrypt data
   
   private $helper; public function __construct(\Meetanshi\Deleteaccount\Helper\Helper $helper) { $this->helper = $helper; } public function encryptData() { $encryptedParam = $this->helper->encryptDecrypt(DATA::ENCRYPT, '<parameter value>'); $encryptedParam = $this->helper->encodeUrl($encryptedParam); $urlWithEncryptedData = $this->helper->url->getUrl('your route path') . 'id/' . $encryptedParam . '/'; }

   1 2 3 4 5 6 7 8 9 10 11 12 13

   private $helper;   public function __construct(\Meetanshi\Deleteaccount\Helper\Helper $helper) {     $this->helper = $helper; }   public function encryptData() {     $encryptedParam = $this->helper->encryptDecrypt(DATA::ENCRYPT, '<parameter value>');     $encryptedParam = $this->helper->encodeUrl($encryptedParam);     $urlWithEncryptedData = $this->helper->url->getUrl('your route path') . 'id/' . $encryptedParam . '/'; }

   After encrypting data, the URL parameter will display as shown below:
   
   http://127.0.0.1/mag242sample/deleteaccount/index/deleteacc/id/RU5YVDdSaWllYnFMbm9zYSsyVEZFQT09

   1	http://127.0.0.1/mag242sample/deleteaccount/index/deleteacc/id/RU5YVDdSaWllYnFMbm9zYSsyVEZFQT09

3. To decrypt data
   
   /** * @var Helper */ private $helper; public function __construct(\Meetanshi\Deleteaccount\Helper\Helper $helper) { $this->helper = $helper; } public function decryptData($encryptedParameterValue) { $decryptedParam = $this->helper->decodeUrl($encryptedParameterValue); $decryptedParam=str_replace(" ", "+", $decryptedParam); $decryptedParam = $this->helper->encryptDecrypt(DATA::DECRYPT, $decryptedParam); }

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

   /** * @var Helper */ private $helper;   public function __construct(\Meetanshi\Deleteaccount\Helper\Helper $helper) {     $this->helper = $helper; }   public function decryptData($encryptedParameterValue) {     $decryptedParam = $this->helper->decodeUrl($encryptedParameterValue);     $decryptedParam=str_replace(" ", "+", $decryptedParam);     $decryptedParam = $this->helper->encryptDecrypt(DATA::DECRYPT, $decryptedParam); }

That’s it.

Any doubts in the above solution can be mentioned in the Comments section below. I’d be glad to help.

Also, do not forget to share the post with Magento Community via social media.

Thank You.