All-In-One API Document

Preliminary Preparation

Stage Environment (Test Mode)

  • https://vendor-stage.ecpay.com.tw This website provides: 1. search order and 2. test payment and inform the merchant.
  • 4311-9522-2222-2222 Test CVV code : 222 (Special Note: only this credit card number can be used on Stage environment)
  • 4938-1777-7777-7777 Test CVV code : 222 (Special Note: Credit Card Flexible Installment can be used on Stage environment))
❗ Special Notes:
  • If merchants cannot receive notifications from simulated payment, please refer to the Special Note following this table.
  • Please enter a MM/YYYY which is greater than the test date. For example, if the test is done on 2016/04/20th, please set an expiry date after 05/2016 (including May of 2016), or else the system will respond as transaction failed.
  • Test environment credit card payment method not available for overseas cards.
  • Test environment CUP provides validation URLs for mock test pages.
  • Apple Pay mock/simulate the payment method description.

Test Information

Please use the following information to interface with the test environment.

Merchant Test Data: Simulation Bank 3D Verification

  • Merchant ID3002607
  • Vendor  Management System Login ID:stagetest3
  • Vendor  Management System Login Password:test1234
  • Vendor  Number:00000000
  • HashKeypwFHCqoQZGmho4w6
  • HashIV:EkRm7iFT261dpevs

Platform Merchant Test Data:

  • Merchant ID:3002599
  • Vendor  Management System Login ID:stagetest2
  • Vendor  Management System Login Password:test1234
  • Vendor  Identity back 4 codes:3609
  • HashKeyspPjZn66i0OhqJsQ
  • HashIVhT5OJckN45isQTTs

❗ Notes:

  • The aboving credential is on Stage environment (test mode). Do not use it on Production environment.
  • When switching to Production, please replace the following credential with the real one in Production that merchants have. Please click here to get a Production key.

Special Note

❗ Notes:

  1. Please confirm that the payment complete notification return URL [ReturnURL] for the order created is open for external connections. Please configure it so it can [receive] the payment results information returned by ECPay via Server Site POST. Before returning 1|OK to ECPay, the checksum must be checked and must match the credentials.
  2. Please confirm whether the membership system server has enabled a firewall exception for postgate.ecpay.com.tw, in order to prevent the firewall from blocking payment notifications. Do not bind the exception directly to the IP address.
  3. The connection port for ECPay API calls provided is limited to only the https (443 port) option. Please connect using a legitimate domain name system (DNS).
  4. Please confirm that every transaction parameter is transmitted to the ECPay API via http POST.
  5. Make sure that the Server URL connection port is http 80 port and https 443 port.
  6. HTML tags are not permitted for labeling the contents of the transmitted parameters .
  7. Please do not keep or display cryptographic key information, such as Javascript, HTML, or CSS on the front page to prevent the loss or theft of transaction information due to stolen keys.
  8. When transmitting the platform merchant ID parameter PlatformID, please use the HashKey and HashIV of the platform merchant and create a checksum. The [PlatformID] is the merchant ID [MerchantID] binded to the platform.
  9. Foreign and UnionPay cards are not supported for credit card payment under Stage.
  10. Chinese URLs are not supported for the return URL. For the value of URL field, please use the word converted into punycode. For example, 中文.tw is converted into xn--fiq228c.tw (the xn--fiq228c.tw should be in use).
  11. Special symbols are not supported in parameter transmission. This will cause the order creation to fail.
  12. Credit card biding card number function – if OTP text messaging is supported by the merchant, then entering the CVV is not required.
  13. For merchants, please undergo Time Synchronization for the server to avoid server lag.
  14. The payment result should be subject to the information returned to [ReturnURL].
  15. To protect the rights and online transaction security for consumers,  ECPay’s API service supports TLS 1.2 .
  16. If you are calling the API too fast, you will receive an HTTP Status Code 403, so please slow down the API and wait 30 minutes before calling again.If you need to access the API at a high speed, please contact the service provider.
  17.  If merchants need to accept credit card payment of foreign cards, please enable “accepting foreign credit card” function on Merchant’s Admin Website (on Production only). The path is: Merchant’s Admin Website → Credit card receipt → Credit card account settings → Foreign credit card transactions:
  • application status: if not applied, please press “application” button.
  • Enabled state: if not enabled, please select “Enable” (the Merchant’s Admin Website is in Chinese only; the above is translated by Google translation).

Firewall setup instructions

  • If you need to connect the firewall of the special store to the ECPAY host, because the IP of the ECPAY host is not fixed, please set the following domain by FQDN:
    Official environment:payment.ecpay.com.tw TCP 443
    Test environment:payment-stage.ecpay.com.tw TCP 443
  • If your firewall requires a fixed IP, please report online at https://member.ecpay.com.tw/ServiceReply/CreateProblem to apply, and select the question type and sub-category: Apply for host IP lock.
  • If your firewall needs to allow the green border hosts to connect to it, please set the following domain release:
    Official environment: postgate.ecpay.com.tw TCP 443
    Test environment: postgate.ecpay.com.tw TCP 443 , postgate-stage.ecpay.com.tw TCP 443
  • If you need a fixed IP for your firewall, you do not need to apply for a postgate IP, please use the ping command to check the IP address.

Copyright © Green World FinTech Service Co., Ltd. All rights reserved.

Green World