Settings for the open page (callback_open)

General requirements

  • Callbacks often fail because of caching services. You should disable caching services like CloudFlare, Varnish, etc.

  • All image, link, stylesheet, and form elements must use double quotes for attributes. For example

    <img href="image.png"/>
  • To prevent fraud attempts, the callback page must not accept traffic from any source but AltaPay's gateway. AltaPay's outgoing IP address is 185.206.120.0/24(ipv6: 2a10:a200::/29). You can do this, for example, using the following .htaccess file: 

    order deny,allow
    deny from all
    allow from <valid outgoing IP address>

  • Encode the page using UTF-8, or use HTML entities.

  • The maximum size for resources, for example, HTML, images, or CSS Files is 2 MB.

  • Resources must have the appropriate content type. See Supported Resource Content Types.

  • Verify that all parameters posted to the callback page are accurate to ensure that a fraud attempt has not been made.

  • Callback URLs must only use ports 443 and 80.

Specific requirements (callback_open)

  • The page must not contain a form for submitting the credit card information again.

  • Validate the order on the open page. Don’t use another page, as this causes problems if a customer uses the back button in the browser, and accidentally resubmits a payment. Check that the amounts (reserved, captured etc.) match your expectations. If they do not, there is a problem. In that case, perhaps put the order on hold in your system until you figure out what happened with the payment.
  • In case of success, the http response code should be 200, or if you want us to redirect the customer, 301, 302, 303 or 307.