Unlock deeper control over your post-purchase experience with ThriveCart Query String Parameters. When customers complete an order and are sent to your ThriveCart Success URL, their full purchase details—name, email, contact info, address, and product data—are automatically passed through the query string. This makes it easy to access order information on your custom pages, personalize fulfillment, trigger external workflows, or deliver tailored confirmation experiences with zero guesswork.
When customers visit your custom success page, or click their fulfillment link on the ThriveCart-Hosted success page, we pass along information about the order via query string in the URL.
You’ll want to make sure you are using the “Send them to a URL” or “Add them to my membership Site” fulfillment methods. If adding customers to a course, query string data will be passed through the login URL set.
This is an advanced setup, as you would need to work with a developer to build a script on your website to read details from the query string and then action accordingly.
Example Use Cases
The most common use case for utilizing the query string would be to write a script on your website side to pull in order data in order to show customers content based on what they purchased.
1. Personalized Thank-You Pages
Display the customer’s name, purchased product, or order value directly on the page for a tailored confirmation experience.
2. Dynamic Product Fulfillment & Multi-Product Success Pages
Show product-specific download buttons, login URLs, or activation steps based on what the customer purchased—especially helpful if multiple products direct to the same thank you page or you have multiple items available in your funnel.
You could also utilize the query string to show different content for one-time vs. subscription purchases and tailor instructions accordingly.
3. Custom Fulfillment Workflows
Trigger scripts on your success page to deliver lead magnets, unlock gated content, or initiate third-party automations.
4. Tailored Upsell or Cross-Sell Suggestions
Use product IDs from the query string to recommend related offers or next steps.
5. Tracking & Attribution Logic
Pass order details into analytics tools, tracking pixels, or external CRMs when deeper customization is needed.
6. Pre-Populating Additional Forms
If customers must complete an additional form (e.g., onboarding, customization, or intake), you can utilize the query string to auto-fill key fields like name or email.
7. Prevent multiple website sign-ups based on a distinct order ID
We also provide an ‘order ID’, which can be used to uniquely verify each order. Though, bear in mind that a customer could press the ‘back’ button to return to ThriveCart’s success page, and then click the link again. We advise that you use some business logic to handle duplicate clicks like this, perhaps by only locking down the URL after their account has been successfully made.
Verifying the hash
We pass along a hash of the information. This hash can be used to verify that the order details have not been tampered with or modified so that you know you are always dealing with a valid order that came from ThriveCart.
To verify the hash, you’ll need to collect the data included in the ‘thrivecart’ query string variable, order it while maintaining index association, and then create an MD5 hash of your secret word, followed by an underscore (__), followed by an upper-case JSON-encoded version of the array from the query string.
If the hash that you generate matches the one provided by ThriveCart, you can be assured that it has come from us and that the order details have not been modified in transit. Without checking this, someone could add an additional product ID into the array that they did not purchase!
Important: Your secret word can be found by going to the Settings page, then choosing the API section. You can also generate a new secret word from this page at any time, but if you do, you will need to update it in your custom code!
Here is some example code demonstrating how the process works:
[php]
<?php
$my_thrivecart_secret = 'VPHTQE3TU8Q0'; // @todo Change this value to your ThriveCart secret word
$hash = trim($_GET['thrivecart_hash']); // This is the hash as provided by ThriveCart
// Check if the hash exists, and is 32 characters long
if(empty($hash) || strlen($hash) !== 32) {
die('You cannot access this page without a valid order hash.');
}
// Check that some order data has been passed along too
if(empty($_GET['thrivecart']) || !is_array($_GET['thrivecart'])) {
die('You cannot access this page without valid order info from ThriveCart.');
}
// Verify the hash matches the data provided
$thrivecart = $_GET['thrivecart'];
ksort($thrivecart);
array_walk_recursive($thrivecart, function(&$i) { $i =
rawurlencode($i); });
$local_hash = md5(implode('__', array($my_thrivecart_secret, strtoupper(json_encode($thrivecart)))));
if($hash !== $local_hash) {
die('Your hash does not match up; it looks like your order details are invalid.');
}
// If they get this far, the hash is valid and you can provide the products to the customer or run any additional logic that you need to
echo 'Excellent, your hash matches and you are entitled to your products.';
?>
[/php]
Potential query-string parameters
You will receive two query string variables called thrivecart, and thrivecart_hash. Inside the thrivecart array will be the following keys:
- account_id
- account_name
- order_id
- order_total
- product_id (the product ID the order relates to; this does not mean that the product was purchased)
payment_processor - purchases (an array of the product ID, and the string ‘bump’ if the bump offer on that product was purchased)
- customer (an array containing the customer’s email, firstname, lastname, contactno params if they were provided)