Settings for the Payment Page (callback_form)

General requirements

  • Callbacks often fail because of caching services. You should disable caching services like CloudFlare, Varnish, etc.

  • All image, link, stylesheet, and form elements must use double quotes for attributes. For example

    <img href="image.png"/>
  • To prevent fraud attempts, the callback page must not accept traffic from any source but AltaPay's gateway. AltaPay's outgoing IP address is 185.206.120.0/24(ipv6: 2a10:a200::/29). You can do this, for example, using the following .htaccess file: 

    order deny,allow
    deny from all
    allow from <valid outgoing IP address>

  • Encode the page using UTF-8, or use HTML entities.

  • The maximum size for resources, for example, HTML, images, or CSS Files is 2 MB.

  • Resources must have the appropriate content type. See Supported Resource Content Types.

  • Verify that all parameters posted to the callback page are accurate to ensure that a fraud attempt has not been made.

  • Callback URLs must only use ports 443 and 80.

Specific requirements

  • Your payment page must contain a single form element with id PensioPaymentForm, <form id="PensioPaymentForm">, for example:

      <form id="PensioPaymentForm" >
	<!--All content in here will be replaced by the actual payment form-->
</form>

    • AltaPay inserts all required fields into the form, and defines the appropriate action parameters. Any existing content is removed from the form element.
    • You can only have one form with id PensioPaymentForm, <form id="PensioPaymentForm">,
    • For information about setting up a floating payment window using an IFrame, see Styling a floating payment window and Loading the payment page dynamically.
  • Create CSS styles for each applicable payment method, or category of payment method (payment nature). For more information about payment methods, see Payment methods and providers.
  • If there is a surcharge on the transaction, the callback page must have two additional elements (<div> or <span>) with the id attributes PensioSurcharge and PensioTotal. The contents of these elements are replace with the surcharge and total amount. For example 

    • <div id="PensioSurcharge"></div>

  • To let customers override the payment amount, you can include an <input>, <textarea>, or <select> element with the id attribute set to PensioOverrideAmountand also include another element with the id attribute set to PensioOverrideAmountError, to display any errors. For example

    • <input id="PensioOverrideAmount"></input>
      <span id="PensioOverrideAmountError"></span>

  • The callback page must return the HTTP response code 200 for the payment to proceed. If the code is different from 200, the payment will not proceed.
  • All caching services like CloudFlare, Varnish etc. should be DISABLED on the callback pages, as we often see Callbacks fail if a caching service is in between your server and ours.
  • All image-, link-, stylesheet, form-tags must use double qoutes for their attributes: "<img src="..."> ".
  • The form page should not accept access from anything but our gateway. This is important to ensure that fraud is not possible. Any change to our outgoing IP-address will be advised to all merchants. Our outgoing IP-addresses are: 185.206.120.0/24(ipv6: 2a10:a200::/29)
  • The page should have correct encoding (preferrably UTF-8) or use HTML-entities to ensure that it is free of encoding.
  • Each individual resource (html, images, css files etc.) must not be bigger than 2MB
  • Each individual resource (html, images, css files etc.) must be sent with one of the allowed content-types. See Supported Resource Content Types.
  • Set up css styles for each of the payment natures applicable for your shop. Either a test terminal for each applicable purpose or a multi-purpose terminal should be available. The following payment natures are available in the system: CreditCard, E-Payment, iDEAL, BankPayment, WalletPayment.
  • You verify the parameters posted back to the form page: order_id, amount, currency to ensure that you know the order and that the amount/currency has not been changed by a malicious user.
  • If surcharge is enabled, there must be two additional elements (div or span) : One with id="PensioSurcharge " (the contents of this element is replaced by the surcharge-amount) and id="PensioTotal " (the contents of this element is replaced by the total amount including surcharge.)
  • If amount override is enabled, there must be two additional elements. An input/textarea/select with name="PensioOverrideAmount " (this will allow the user to change the amount on the payment) and an element that can contain an error message with id="PensioOverrideAmountError ".
  • In case of success, the http response code should be 200.
  • Callback URLs must not use any port other than 443 or 80.