This topic aims to foster knowledge in our community, mainly regarding how the Message Center and the Conversation Tracker work.
If your store’s customer emails appear encrypted when orders are queried via API, it’s worth pointing out that this is the expected behavior of our platform for certain queries made by external systems. In these API requests, the email within the “Orders” information is encrypted to protect the buyer from unwanted email marketing services and improper exposure of personal data, as outlined in our documentation:
The API most commonly used by external systems is Get Order. The response sent to the external system (e.g., an ERP) is the same one available on the store’s front end when the buyer completes a purchase, which is why we protect this information against any malicious access on the store’s front end.
That said, there are other ways to retrieve this email. For example, once an order is integrated, the customer’s email is stored unencrypted in Masterdata. There is also an API route that can be used to decrypt the email via the Retrieve order conversation API, as described in the following documentation:
To retrieve it from MasterData, you need to get the customer’s userId from the order and perform a GET request on the CL entity to obtain this data. As described in the MasterData API documentation:
If you still have any questions about this topic, feel free to ask here! ![]()
Karina Mota
Field Software Engineer | VTEX