Documentation Index
Fetch the complete documentation index at: https://docs.ecrypt.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Every integration must be reviewed and certified by the ECRYPT engineering team before processing live transactions. Certification confirms that your implementation handles payment flows correctly, meets compliance requirements, and avoids common issues that can cause problems in production. The process has three stages: prepare your integration in sandbox, schedule a certification call with our engineering team, and cut over to production once approved.Before You Schedule
Work through the checklist below in your sandbox environment. Completing these items before your certification call keeps the review focused and avoids delays.Test Core Payment Flows
Run each of the following transaction types end-to-end and confirm you receive the expected response codes:| Flow | What to Verify |
|---|---|
| Sale | Transaction approved, transactionId returned, amount matches |
| Refund | Refund issued against a settled transaction, amount does not exceed original |
| Void | Unsettled transaction voided successfully |
| Authorize | Authorization hold placed, no capture |
| Authorize then Capture | Capture completes against the original authorization, amount is equal to or less than authorized |
| Authorize then Void | Authorization voided before settlement |
check payment object.
Test Entry Points
Certification requirements vary depending on how you accept payments. Make sure you test every entry point your integration uses:| Entry Point | What to Cover |
|---|---|
| API (card-not-present) | Tokenization via POST /v1/tokens, then sale using payment.token |
| Hosted Iframe | Token generation through the iframe, sale submission from your server |
| Checkout Page | Dynamic checkout creation via POST /v1/dynamiccheckout, end-to-end purchase |
| Terminal (card-present) | Terminal registration, sale via payment.terminal, tip prompt if applicable |
| Stored credentials | Charging a customer wallet via payment.stored, both merchant-initiated and customer-initiated |
Verify Error Handling
Trigger common failure scenarios and confirm your integration handles them gracefully:- Declined transactions. Submit a transaction that returns a decline and verify your UI communicates the result clearly to the end user.
- Validation errors (400). Send a malformed request (missing required fields, invalid values) and confirm you parse the
errorsarray from the response. - Authentication failures (401/403). Attempt a request with an invalid or missing API key and verify you do not expose raw error details to end users.
Confirm Webhook Delivery
If your integration relies on webhooks:- Register your webhook endpoint in the ECRYPT dashboard.
- Process at least one transaction and confirm the webhook payload is received.
- Verify your endpoint returns a
200response promptly. - Test your handling for relevant event types (transaction approved, declined, refunded, voided).
Review Compliance Basics
- PCI scope. Confirm you understand your PCI obligations based on your integration method. If you tokenize via the hosted iframe or checkout page, your server never handles raw card data. If you tokenize server-side via
POST /v1/tokenswith raw card numbers, your environment must meet SAQ D requirements and provide ECRYPT a copy of your AOC. - Surcharging. If surcharging is enabled on your account, verify that surcharge amounts display correctly to the cardholder before they confirm the transaction. ECRYPT automatically drops surcharges on debit and prepaid cards via BIN lookup. You are responsible for complying with your states surcharging laws.
- Stored credentials. When charging a customer wallet for recurring or installment payments, make sure
initiatedByis set correctly (0for merchant-initiated,1for customer-initiated).
Schedule Your Certification Call
Once you have completed the checklist above, contact the ECRYPT engineering team to schedule your review:Schedule Certification
Email your account manager or devsupport@ecrypt.com with:
- DBA Name
- Brief description of your integration
- Supported features (iFrame, terminals, subscriptions, etc.)
What Happens During the Call
The certification call is a live review where an ECRYPT engineer works through your integration with you. Expect the session to cover:- Transaction walkthrough. You will run each of the core payment flows (sale, refund, void, authorize, capture) while the engineer monitors the requests and responses on the ECRYPT side.
- Error handling review. The engineer may trigger specific decline codes or error conditions to confirm your integration responds appropriately.
- Compliance check. The engineer reviews how you handle sensitive data, display surcharges (if applicable), and manage stored credentials to ensure there are no compliance risks.
- Edge cases. Depending on your integration type, the engineer may check scenarios like partial refunds, duplicate transaction prevention, webhook retry handling, or terminal connectivity recovery.
- Feedback. If any issues are found, the engineer will walk through what needs to change. Minor issues can often be resolved and re-tested on the same call.
After Certification
Once the ECRYPT engineering team approves your integration:Switch to Production Credentials
Replace your sandbox API keys with your production API keys. Your production keys are available in the ECRYPT dashboard under Settings > API Keys.| Setting | Sandbox | Production |
|---|---|---|
| Base URL | https://sandbox.api.ecrypt.com | https://api.ecrypt.com |
| API Key | Sandbox private key | Production private key |
| Public Key | Sandbox public key | Production public key |