Calling the ECPay API
Special Note:
Please double check the following points when receiving and sending ECPAY API notifications:
- Make sure your server (i.e. ServerReplyURL) has already enabled the firewall (i.e. any other external IP can access your server), otherwise you will not be able to receive ECPay’s response (callbacks).
- ECPay’s connection port for API calls is only the HTTPS (443 port). Please use a legitimate domain name system (DNS).
- For the request method of API calls, please use HTTP POST.
- If you really need to use a Port, ECPay supports only HTTP Port 80 and HTTPS Port 443.
- Parameters sent to ECPay’s API should not contain any HTML tags, such us <br />, <B> or <h1> .
- When testing API calls, please do not place credentials (i.e. MerchantID, HashKey and HashIV) into the front-end code, such as JavaScript, HTML and CSS in order to avoid the theft of credentials and data leakage.
- Chinese characters are not supported in server URLs. Please converter the Chinese into punycode.
- For example, 中文.tw is converted into xn--fiq228c.tw.
- To protect customers’ rights and online transaction security, ECPay’s API services support only TLS 1.2 and above.
- If you are calling the API too fast, you will receive an HTTP Status Code 403, so please slow down the API and wait 30 minutes before calling again.If you need to access the API at a high speed, please contact the service provider.
Merchant Firewall Settings Instructions
- If the merchant’s firewall needs to connect to ECPay’s server, since ECPay’s server IP is not fixed, please set the following domain using the FQDN method: logistics.ecpay.com.tw TCP 443 (production environment) logistics-stage.ecpay.com.tw TCP 443 (stage environment) If your company’s firewall requires a fixed IP, please apply online at https://member.ecpay.com.tw/ServiceReply/CreateProblem. For the problem category and sub-category, please select: 申請主機IP鎖定.
- If the merchant’s firewall needs to allow access from ECPay’s server, please set the following domain to allow access: postgate.ecpay.com.tw TCP 443 (production environment) postgate-stage.ecpay.com.tw TCP 443 (stage environment) If your company’s firewall requires a fixed IP, there is no need to apply separately for the postgate IP, please use the ping command to query the IP address yourself.