What is a Return/Redirect URL?

Return and Redirect URLs, are urls that your customer will be redirected to, after a successful payment. They contain important information signed by creem, that you can use to verify the payment and the user. Using these URLs, you can create a seamless experience for your users, by redirecting them back to your website after a successful payment.
You have the optionality to use the information in the URL query parameters, or to use webhooks to receive updates on your application automatically, or both.

How to set a Return/Redirect URL

What is included on the Return URL?

A return URL will always contain the following query parameters, and will look like the following:
https://yourwebsite.com?checkout_id=ch_1QyIQDw9cbFWdA1ry5Qc6I&order_id=ord_4ucZ7Ts3r7EhSrl5yQE4G6&customer_id=cust_2KaCAtu6l3tpjIr8Nr9XOp&subscription_id=sub_ILWMTY6uBim4EB0uxK6WE&product_id=prod_6tW66i0oZM7w1qXReHJrwg&signature=044bd1691d254c4ad4b31b7f246330adf09a9f07781cd639979a288623f4394c?
Query parameterDescription
checkout_idThe ID of the checkout session created for this payment.
order_idThe ID of the order created after successful payment.
customer_idThe customer ID, based on the email that executed the successful payment.
subscription_idThe subscription ID of the product.
product_idThe product ID that the payment is related to.
request_idOptional The request ID you provided when creating this checkout session.
signatureAll previous parameters signed by creem using your API-key, verifiable by you.

How to verify Creem signature?

To verify the signature, you can use the following code snippet: 
export interface RedirectParams {
  request_id?: string | null;
  checkout_id?: string | null;
  order_id?: string | null;
  customer_id?: string | null;
  subscription_id?: string | null;
  product_id?: string | null;
}

  private generateSignature(params: RedirectParams, apiKey: string): string {
    const data = Object.entries(params)
      .map(([key, value]) => `${key}=${value}`)
      .concat(`salt=${apiKey}`)
      .join('|');
    return crypto.createHash('sha256').update(data).digest('hex');
  }
In summary, concatenate all parameters and the salt (your API-key) with a | separator, and hash it using SHA256. This will generate a signature that you can compare with the signature provided in the URL.