B2B E-Invoice API Document (Certification Mode)

Preliminary Preparation / Special Notes

When testing API calls, please confirm the following details:

❗ Special note:

  1. Make sure your server has already enabled the firewall (i.e. any other external IP can access your server) otherwise you will not be able to receive ECPay’s callbacks in response.
  2. ECPay’s connection port for API calls is only the HTTPS (443 port). Please use a legitimate domain name system (DNS).
  3. Please use HTTP POST to test API calls.
  4. If there is the need to use a port, ECPay supports only HTTP 80 port and HTTPS 443 port.
  5. When testing the API calls, please do not place credentials (i.e. MerchantID, HashKey and HasIV) into the front-end of your website to avoid the theft or leakeage of credentials (i.e. do not put into any code of JavaScript, HTML and CSS).
  6. ECPay does not support any Chinese character in your server’s URL that sent to ECPay’s API. That is, if your server’s URL has Chinese characters, ECPay’s API will not accept it. Please convert the word into punycode (i.e. 中文.tw is converted into xn--fiq228c.tw.)
  7. ECPay’s e-invoice services (i.e. APIs in this document) needs to be applied firstly before using. So if you are interested in this API services, please contact your ECPay’s sales contact window to apply for it. But on ECPay’s Stage (i.e. testing mode), it is free to use if testing API calls.
  8. To protect customers’ rights and online transaction security, ECPay’s API services support only TLS 1.2 and above.
  9. ECPay’s host IP is not fixed. If your firewall needs to connect to the ECPay’s host, please set it in the way of FQDN (fully qualified domain name) as below: postgate.ecpay.com.tw, postgate-stage.ecpay.com.tw(Test mode).
    If you need a fixed IP for your firewall, please go to https://member.ecpay.com.tw/ServiceReply/CreateProblem
    to apply.
  10. If your application is calling the API too fast, you will receive a status code of HTTP Status Code 403, please reduce the frequency of API calls and wait 30 minutes before calling again. If you need to access the API at high speed, please make sure you are a “contracted merchant” and contact your service provider first.
  11. If you receive a status code (HTTP Status Code 500), it may be the data format error, a mismatch between MerchantID and Key and IV (no permission) or an encryption error. Please check the return message you received and resend the correct data.

Copyright © Green World FinTech Service Co., Ltd. All rights reserved.

Green World