Skip to main content

Special Character Restrictions

For system stability and security, the use of certain special characters is restricted in API requests. Please adhere to the following rules when sending parameters during API integration.

🚫 Prohibited Special Characters

The following characters are blocked as they may cause system errors during data processing or pose security threats (such as SQL Injection, XSS, etc.).

CharacterNameReason for RestrictionMitigation Strategy
'Single QuoteRisk of SQL InjectionRemove or use Full-width characters
"Double QuoteCauses JSON parsing errorsRemove
< >Angle BracketsRisk of XSS (Cross Site Scripting)Remove
\BackslashConfusion with escape characters & JSON parsing errorsRemove (Replace with /)
;SemicolonRisk of SQL Injection (Query separation/termination)Remove
|Vertical Bar (Pipe)Risk of Command Injection & internal delimiter conflictReplace with comma (,) or others
\n \rNewline (CR/LF)HTTP Response Splitting, Log ForgingReplace with space or remove
&AmpersandConfusion with URL parameter delimitersApply URL Encoding (%26)
Caution

Emojis (e.g., 🍎, 😊) are 4-byte characters. Their use is strictly prohibited as they may cause storage errors or data corruption (Mojibake) in some legacy systems (EUC-KR based) or databases.


✅ Allowed Characters by Field

The permitted character range varies depending on the nature of each parameter.

1. Order ID (orderId)

A unique order identifier generated by the merchant.

  • Allowed: English letters (Case-insensitive A-Z, a-z), Numbers (0-9), Hyphen (-), Underscore (_)
  • Length: Max 40 characters
  • Example: ORD-20231025-0001

2. Product Name (goodName)

  • Allowed: Korean, English, Numbers, Spaces, Basic punctuation ((, ), [, ], -, .)
  • Restricted: Any symbol listed in 'Prohibited Special Characters' above.
  • Example: [Special Offer] Autumn New Jacket (Black)

3. Customer Name / Email

  • Customer Name: Korean, English, Spaces allowed (No special characters)
  • Email: Standard email format (Allows @, ., _, -)