Settings for the redirect page (callback_redirect)

General requirements

  • Callbacks often fail because of caching services. You should disable caching services like CloudFlare, Varnish, etc.
  • All image, link, stylesheet, and form elements must use double quotes for attributes. For example

    <img href="image.png"/>
  • To prevent fraud attempts, the callback page must not accept traffic from any source but AltaPay's gateway. AltaPay's outgoing IP address is 91.199.134.160, 91.199.134.161, 91.199.134.162, 91.199.134.163, 91.199.134.164, 91.199.134.165, 91.199.134.166, 91.199.134.167 or 185.206.120.0/24(ipv6: 2a10:a200::/29). You can do this, for example, using the following .htaccess file: 

    order deny,allow

    deny from all

    allow from <valid outgoing IP address>

  • Encode the page using UTF-8, or use HTML entities.
  • The maximum size for resources, for example, HTML, images, or CSS Files is 2 MB.

  • Resources must have the appropriate content type. See Supported Resource Content Types.
  • Verify that all parameters posted to the callback page are accurate to ensure that a fraud attempt has not been made.

  • Callback URLs must only use ports 443 and 80.

Specific requirements for the redirect page (callback_redirect)

  • Your payment page must contain a single div element with id PensioPaymentForm, <div id="PensioRedirectForm">, for example:

    • <div id="PensioRedirectForm">
      	All content in here will be replaced by the actual redirect form
      </div>
  • The <div> element must not be placed in a <form> element.