Settings for the Payment Notification (callback_notification)
General requirements
- Callbacks often fail because of caching services. You should disable caching services like CloudFlare, Varnish, etc.
- To prevent fraud attempts, the callback page must not accept traffic from any source but AltaPay's gateway. AltaPay's outgoing IP address is 185.206.120.0/24(ipv6: 2a10:a200::/29). You can do this, for example, using the following .htaccess file:
order deny,allow
deny from all
allow from <valid outgoing IP address>
-
Verify that all parameters sent to the callback are accurate to ensure that a fraud attempt has not been made.
- Callback URLs must only use ports 443 and 80.
Specific requirements (callback_notification)
-
Validate the order on the OK page. Don’t use another page, as this causes problems if a customer uses the back-button in the browser, and accidentally resubmits a payment. Check that the amounts (reserved, captured etc.) match your expectations. If they do not then something is wrong. In that case, perhaps put the order on hold in your system until you figure out what happened with the payment.
- In case of success the http response code should be 200.