FlowMattic Data Transformer - Complete User Guide
The Data Transformer is a powerful core module in FlowMattic that allows you to modify, encode, decode, hash, and format data as it flows through your workflows. This module is essential for preparing data for different systems, securing sensitive information, and ensuring data compatibility across various platforms and integrations.
Quick Start Guide
Step 1: Add Data Transformer Action
When building your workflow, add the Data Transformer action after your trigger event:
- Click “Add Action” in your workflow builder
- Search for “Data Transformer” in the app selection
- Select Data Transformer from the Core Apps section
- Choose your specific transformation action
Step 2: Configure Your Transformation
Each transformation type has specific configuration options. Simply:
- Enter or map your input data
- Configure any additional parameters (like secret keys for HMAC)
- Test your transformation to verify output
- Use the transformed data in subsequent workflow steps
Available Data Transformation Actions
1. HTML Encode
What it does: Converts special characters in text to their HTML entity equivalents to prevent security issues and display problems.
When to use:
- User-generated content from forms needs to be displayed safely on websites
- Storing content in databases that will later be shown on web pages
- Email templates with dynamic content that might contain HTML
- Any time you need to prevent XSS (Cross-Site Scripting) attacks
Real-World Example:
Your Gravity Forms contact form collects customer feedback that might contain HTML code. Before saving it to your WordPress database or displaying it on your website, you need to make it safe.
Practical Workflow:
Gravity Forms (Form Submission) → Data Transformer (HTML Encode) → WordPress (Create Post/Update Database)
What happens:
- Input from form: Great product! Highly recommend!
- After HTML Encode: Great product! <script>alert('spam')</script> Highly recommend!
- Result: Safe to display on your website without executing malicious code
2. HTML Decode
What it does: Converts HTML entities back to readable characters for editing or processing.
When to use:
- Converting stored HTML entities back to readable text for editing
- Processing content from systems that automatically encode HTML
- Preparing content for platforms that don’t need HTML encoding
- Making encoded text human-readable in notifications
Real-World Example:
You’re running a customer support system where incoming tickets are stored in the database with HTML entities for safety. But when you push those tickets into Slack for team visibility, you don’t want them to look messy with ", <, and >.
Practical Workflow:
Fluent Support (New Ticket Created) → Data Transformer (HTML Decode) → Slack (Post Message to Channel)
What happens:
- Input from WordPress:
Customer says: "I can't access my account <again>" - After HTML Decode:
Customer says: "I can't access my account <again>" - Result: Support team sees a clean, readable message in Slack without confusing HTML entities.
3. Base64 Encode
What it does: Converts plain text or binary data into Base64 encoded format for safe transmission through text-based systems.
When to use:
- APIs require files to be sent as Base64 strings
- Transmitting binary data through JSON APIs
- Sending images or documents through webhooks
- Converting files for storage in text-based databases
- Preparing attachments for email APIs
Real-World Example:
A customer uploads a PDF invoice through your Contact Form 7. You need to send this document to your app for further processing, but the API requires Base64 encoded files.
Practical Workflow:
Contact Form 7 (File Upload) → Data Transformer (Base64 Encode) → your app (Send to Processing Service)
What happens:
- Input: PDF file from form upload
- After Base64 Encode:
JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PAovVHlwZSAvQ2F0YWxvZwo... - Result: File data that can be transmitted through JSON APIs
4. Base64 Decode
What it does: Converts Base64 encoded data back to its original format.
When to use:
- Processing files received from APIs as Base64 strings
- Converting encoded images from mobile applications
- Handling file attachments from email APIs
- Processing encoded documents from external services
- Converting API responses with embedded files
Real-World Example:
Your supplier sends product images via webhook as Base64 encoded data. You want to save these images directly to your WordPress media library for use in WooCommerce products.
Practical Workflow:
Webhook (Supplier Product Data) → Data Transformer (Base64 Decode) → WordPress (Upload to Media Library) → WooCommerce (Update Product Images)
What happens:
- Input:
iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8/5+hHgAHggJ/PchI7wAAAABJRU5ErkJggg== - After Base64 Decode: Actual image file data
- Result: Image files saved to your media library
Best for:
- Processing API responses with encoded files
- Converting encoded images from external systems
- Handling file data from mobile applications
- Processing encoded documents from services
5. SHA256 Hash
What it does: Creates a secure SHA256 hash of your input data for security and integrity verification.
When to use:
- Secure password hashing (though bcrypt is preferred for passwords)
- Creating tamper-proof data signatures
- Generating unique, secure identifiers
- Data integrity verification
- Duplicate detection while maintaining privacy
Real-World Example:
You want to create tamper-proof order references when syncing WooCommerce orders with your inventory management system via webhook. This ensures order data hasn’t been modified during transmission.
Practical Workflow:
WooCommerce (New Order) → Data Transformer (SHA256 Hash of Order Details) → API (Send to Inventory System with Hash)
What happens:
- Input:
order_12345_john_doe_299.99_2024-08-27 - After SHA256:
a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 - Result: Unique, tamper-proof identifier for order verification
6. SHA1 Hash
What it does: Generates SHA1 hash for legacy system compatibility and basic integrity checks.
When to use:
- Legacy payment processors require SHA1 hashes
- Older systems that specifically need SHA1 format
- Git-like versioning systems (though not for security)
- Basic file integrity checking (non-security critical)
Real-World Example:
Your payment processor’s older system requires SHA1 hashes for transaction verification. While not ideal for new security applications, it’s necessary for this specific integration.
Practical Workflow:
WooCommerce (Payment Processing) → Data Transformer (SHA1 Hash Transaction Data) → Legacy Payment Gateway Webhook (Verify Transaction)
What happens:
- Input:
transaction_67890_customer_jane_amount_150.00 - After SHA1:
7d865e959b2466918c9863afca942d0fb89d7c9ac0c99bafc3749504ded97730 - Result: Hash format required by legacy payment system
⚠️ Note: Use SHA256 or higher for new security-critical applications.
7. SHA512 Hash
What it does: Provides maximum security hashing for enterprise and high-security applications.
When to use:
- Enterprise security requirements
- Banking and financial integrations
- Government and healthcare systems
- Maximum security compliance needs
- High-value transaction verification
Real-World Example:
Your enterprise client requires the highest level of security for their Learning Management System integration. User authentication data must be hashed with SHA512 for compliance.
Practical Workflow:
LearnDash (User Enrollment) → Data Transformer (SHA512 Hash User Credentials) → your app (Secure Authentication Setup)
What happens:
- Input:
enterprise_user_jane_doe_department_hr_2024 - After SHA512:
b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 - Result: Maximum security hash for enterprise compliance
8. HMAC SHA256
What it does: Creates authenticated hash using a secret key for secure message verification and API authentication.
When to use:
- Verifying webhook authenticity (Stripe, PayPal, etc.)
- Two-way API authentication
- Secure message verification between systems
- Preventing man-in-the-middle attacks
- Ensuring data hasn’t been tampered with during transmission
Real-World Example:
You receive payment notifications from Stripe webhooks. To ensure these are legitimate Stripe notifications and not malicious fake requests, you verify them using HMAC SHA256 with your Stripe webhook secret.
Practical Workflow:
Stripe (Payment Notification) → Data Transformer (HMAC SHA256 Verification) → Conditional Logic (If Valid) → WooCommerce (Update Order Status)
Configuration:
- Message: Webhook payload data from Stripe
- Secret Key: Your Stripe webhook endpoint secret
- Output: Authentication hash to compare with Stripe’s signature
What happens:
- Input Message:
payment_intent.succeeded - Secret Key:
whsec_your_stripe_secret_key_here - After HMAC SHA256:
4a1c6c10b8ab0b2a5f6d8e3c9d7f2e8a9b5c1d4e7f8a2b3c6d9e0f3a6b9c2d5e8 - Result: Verified authentic webhook from Stripe
9. MD5 Hash
What it does: Generates basic checksums for duplicate detection and legacy compatibility.
When to use:
- Quick duplicate file detection (non-security critical)
- Cache key generation
- Legacy system integration that requires MD5
- Basic file integrity checking (for change detection only)
- Simple content comparison
Real-World Example:
You want to prevent duplicate product images in your WooCommerce store to save storage space. MD5 can help identify identical files quickly.
Practical Workflow:
WooCommerce (Product Image Upload) → Data Transformer (MD5 Hash) → Conditional Logic (Check Against Existing Hashes) → WordPress (Store Only If Unique)
What happens:
- Input: Image file data or filename
- After MD5:
5d41402abc4b2a76b9719d911017c592 - Result: Quick duplicate detection without storing identical images
⚠️ Important: MD5 is cryptographically weak. Never use for passwords or security-critical applications.
10. Strip Tags
What it does: Removes HTML and XML tags from text, leaving clean plain text content.
When to use:
- Sending content to messaging platforms (WhatsApp, SMS, Slack)
- Creating plain text versions of HTML content
- Preparing content for social media platforms
- Data export to text-only systems
- Search engine optimization (extracting readable content)
- Content migration between different systems
Real-World Example:
Your WooCommerce order confirmation emails contain HTML formatting, but you want to send clean, simple WhatsApp messages to customers with just the essential information.
Practical Workflow:
WooCommerce (Order Completed) → Data Transformer (Strip Tags from Order Details) → WhatsApp Cloud API (Send Clean Message)
What happens:
- Input:
<h2>Order Confirmed!</h2><p>Your order <strong>#12345</strong> for <em>$299.99</em> has been processed. <a href="track-link">Track here</a>.</p> - After Strip Tags:
Order Confirmed! Your order #12345 for $299.99 has been processed. Track here. - Result: Clean text perfect for messaging apps
Industry-Specific Workflow Examples
E-Commerce Security & Processing
Secure Payment Processing:
WooCommerce Order → Data Transformer (HMAC SHA256) → Payment Gateway → Verified Processing
Safe Product Reviews:
WooCommerce Review → Data Transformer (HTML Encode) → WordPress Display → Safe Customer Reviews
Inventory Sync with Integrity:
WooCommerce Stock Update → Data Transformer (SHA256 Hash) → Inventory API → Tamper-Proof Sync
Content Management & Migration
Blog Content Migration:
WordPress Export → Data Transformer (HTML Decode) → WPForms Pre-fill → Content Editing
Multi-Channel Content Distribution:
WordPress Post → Data Transformer (Strip Tags) → Social Media APIs → Clean Text Posts
Document Processing Pipeline:
Contact Form 7 Upload → Data Transformer (Base64 Encode) → Document API → Processed Files
Marketing Automation
Clean Communication Flow:
Email Campaign Content → Data Transformer (Strip Tags) → WhatsApp API → Clean Messages
Lead Verification:
Gravity Forms Lead → Data Transformer (SHA256 Hash Email) → CRM Webhook → Secure Lead Storage
File Processing for Marketing:
Media Upload → Data Transformer (Base64 Encode) → Image Processing API → Optimized Assets
Customer Service & Support
Secure Ticket Creation:
Contact Form → Data Transformer (HTML Encode) → Support System → Safe Support Tickets
Multi-Channel Notifications:
Support Update → Data Transformer (Strip Tags) → SMS + WhatsApp → Clean Status Updates
Document Handling:
Customer Document Upload → Data Transformer (Base64 Encode) → Support API → Secure Processing
Best Practices & Pro Tips
Security Best Practices
- Choose appropriate hashing: SHA256+ for security, MD5 only for non-security duplicate detection
- Protect HMAC secrets: Store webhook secrets securely, never expose in logs
- Validate before transforming: Always verify input data format and content
- Use HTTPS: Ensure encrypted transmission of sensitive transformed data
- Regular security audits: Review hash algorithms periodically for compliance
Performance Optimization
- Transform efficiently: Choose the least resource-intensive method that meets requirements
- Cache transformed results: Store frequently used transformations to avoid repeated processing
- Batch processing: Group similar transformations when possible
- Monitor resource usage: Track transformation performance in high-volume workflows
Workflow Design Tips
- Plan transformation sequence: Map required transformations before building workflows
- Document your logic: Maintain clear records of why specific transformations are chosen
- Test with real data: Always test transformations with actual production data samples
- Error handling: Plan for transformation failures and invalid input scenarios
- Version control: Keep track of transformation configuration changes
Testing Strategy
- Start with static data: Test transformations with known, predictable input
- Use production samples: Test with real data from your actual triggers
- Edge case testing: Test with empty fields, special characters, maximum data sizes
- System compatibility: Verify output works correctly with receiving systems
- Load testing: Ensure transformations perform well under expected volume
- Security testing: For hash functions, verify output meets security requirements
Debugging Tips
- Use test data first: Always test transformations with simple, known data
- Check character encoding: Ensure UTF-8 compatibility across your workflow
- Verify input format: Confirm input data matches expected format
- Compare with examples: Use online tools to verify transformation results
- Monitor error logs: Check FlowMattic logs for transformation errors
- Test incrementally: Add transformations one at a time to isolate issues
Quick Reference Table
| Need to… | Use This Action | Common Scenarios |
|---|---|---|
| Make user content safe for web display | HTML Encode | Form submissions, comments, reviews |
| Edit previously encoded content | HTML Decode | Content editing, form pre-filling |
| Send files through text-based APIs | Base64 Encode | Document processing, image APIs |
| Process files from API responses | Base64 Decode | Saving API files, mobile app data |
| Secure passwords or create unique IDs | SHA256 Hash | User authentication, order verification |
| Work with legacy systems | SHA1 Hash | Older payment processors, legacy APIs |
| Maximum security compliance | SHA512 Hash | Enterprise, banking, government |
| Verify webhooks or authenticate APIs | HMAC SHA256 | Stripe/PayPal verification, API security |
| Detect duplicate files (non-security) | MD5 Hash | File deduplication, cache keys |
| Send clean text messages | Strip Tags | WhatsApp, SMS, plain text emails |
Getting Advanced Support
The Data Transformer integrates seamlessly with all FlowMattic workflow steps, and transformed data can be mapped into subsequent actions just like any other workflow data.
Pro Tip: Always test your data transformations with real data samples before deploying workflows to production. This ensures compatibility and prevents unexpected issues.
Ready to transform your data workflows? Start building with FlowMattic Data Transformer today!
