About ECPay's APIs
- For the request method please use HTTP POST to test API calls.
- The API parameters do not allow HTML tags, such as <br/> <B> <h1> …etc.
- Please do not store or display any important information data (e.g. HashKey and HashIV) in the front-end application. For example: JavaScript, HTML, CSS…etc.
- The merchant server must perform host time correction to avoid time lags.
- To protect customers’ rights and online transaction security, ECPay’s API services support only TLS 1.1 and above.
Description of the merchant firewall settings
- ECPay’s host IP will not be fixed. If merchant’s firewall needs to allow ECPay’s IP, please set it in the way of FQDN (fully qualified domain name) as below:
ecpg.ecpay.com.tw TCP 443 (production environment)
ecpg-stage.ecpay.com.tw TCP 443 (stage environment)
ecpayment.ecpay.com.tw TCP 443 (production environment)
ecpayment-stage.ecpay.com.tw TCP 443 (stage environment)
Please submit your application online if you need a static IP for your firewall. - If the merchant’s firewall must allow ECPay hosts to connect, please set it to allow the following domain:
postgate.ecpay.com.tw TCP 443 (production environment)
postgate-stage.ecpay.com.tw TCP 443 (stage environment)
The URL of merchant’s server to receive ECPay’s payment. [ReturnURL]
- The ReturnURL is the server URL of the merchant that is used to receive the payment results from ECPay’s server. Please make sure that the ReturnURL connection is open when testing the ECPay’s api.
- If the merchant uses a CDN (Content Delivery Network) service, please set the URL of the host for the ReturnURL. Please do not set the URL of the CDN.
- Make sure your server has already enabled the firewall postgate.ecpay.com.tw otherwise you will not be able to receive ECPay’s payment notification (callbacks).
- If you need to use a port, ECPay supports only HTTP 80 port and HTTPS 443 port.
- ECPay’s connection port for API calls is only the HTTPS (443 port and 80 port). Please use a legitimate domain name system (DNS).
- ReturnURL does not support Chinese characters. If it is a Chinese URL parameter, please use the punycode encoded URL, for example, 中文.tw to xn--fiq228c.tw.