ECPay Integration: Secure Next.js Setup

ECPay Payment Integration: A Technical Guide

Integrating ECPay (Taiwan's leading payment gateway) into a modern Next.js application requires careful handling of security signatures and server-side notifications. This guide documents the process of building a secure digital product checkout system.

Core Security: CheckMacValue

CheckMacValue is the digital signature used by ECPay to prevent data tampering. Generating it involves sorting parameters, appending Hash keys, URL encoding, and SHA-256 hashing.

Secure Redirection

Using HMAC-SHA256 signatures for success pages prevents "URL guessing" and ensures only paying customers can access digital content. We also implement a 30-minute expiration token for enhanced security.

Automation with Google Apps Script

By leveraging GAS as a lightweight webhook receiver, we automatically log sales to Google Sheets and send instant email notifications to administrators upon successful payment.