Connectivity details for Windcave customers.
Windcave provides two separate testing and general use environments for the pinpads, and unattended SCR card readers provided by Windcave. Please note that terminals are set up to work in either the production or the testing environment and cannot be used to access the other. All terminals should use HTTPS and use TCP as back up.
The pxscrcontroller_cfg.txt file contains XML, which allows merchants to configure the settings of their terminal; correct set up for the live and testing environments will have the following tags.
By default, both HTTPS and TCP are enabled. If there are issues with HTTPS, the connection will fail over to TCP; the Priority tag controls this behavior.
Please note that transactions using the HIT API can only be performed using TCP connection between the IPP/IWL and Windcave, however all communication between the POS and Windcave must be performed using HTTPS Posts.
Live transaction environment
HTTPS Communication to/from POS:
Address https://sec.windcave.com/hit/pos.aspx
Port 443
TCP Communication to/from terminal:
Address scr.windcave.com
Port 65
Test transaction environment
HTTPS Communication to/from POS:
Address https://uat.windcave.com/hit/pos.aspx
Port 443
TCP Communication to/from terminal:
Address uatscr.windcave.com
Port 65
All requests should follow HTTP/1.1 specification; full reference available here: https://tools.ietf.org/rfc/rfc2616.txt
HTTPS is used exclusively; connections using HTTP only will fail. You will need to support TLS1.2 or better currently.
Windcave domains are detailed here
For more details and specifications, please refer to the Windcave REST API reference
Details can be found below -
We recommend that any endpoints using the paymentexpress.com domain be changed to windcave.com.
sec.paymentexpress.com --> sec.windcave.com
scr.paymentexpress.com --> scr.windcave.com
For merchants who restrict traffic to specific IP or endpoints, please email support.
Some applications may cache DNS for extended periods. We would advise for any applications, which connect to Windcave endpoints that you confirm your applications DNS cache settings. As an example, older Java versions will never refresh DNS entries and will only pick up DNS changes after the application is restarted. Other applications may ignore the TTL values entirely and set their own values. We recommend that you check your application DNS cache/TTL settings to ensure the application will honor the DNS TTL values provided.
Windcave uses globally trusted Certificate Authorities to issue and manage the TLS/SSL certificates used to secure its services. These Certificate Authorities are widely recognised by modern operating systems, browsers, and payment platforms, ensuring secure and encrypted communication based on industry standards.
The Certificate Authorities currently used by Windcave are listed below. This page should be referenced as the authoritative source for the most up to date list, as Certificate Authority usage may change over time as part of normal security and operational practices.
Windcave does not recommend pinning or whitelisting any of the below certificate components unless you have an automated process that can keep this information up to date. Manual updates will not be reliable due to frequent certificate changes.
Windcave supports a set of secure, PCI DSS approved TLS 1.2 and TLS 1.3 cipher suites. To establish a secure connection to Windcave, your systems must be configured to support one or more of the cipher suites listed below.
| TLS Version | IANA Name | OpenSSL Name |
|---|---|---|
| 1.3 | TLS_AES_128_GCM_SHA256 | TLS_AES_128_GCM_SHA256 |
| 1.3 | TLS_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 |
| 1.3 | TLS_CHACHA20_POLY1305_SHA256 | TLS_CHACHA20_POLY1305_SHA256 |
| 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE-RSA-AES128-GCM-SHA256 |
| 1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ECDHE-RSA-CHACHA20-POLY1305 |
| 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 |