Settings for the redirect page (callback_redirect)
- Callbacks often fail because of caching services. You should disable caching services like CloudFlare, Varnish, etc.
All image, link, stylesheet, and form elements must use double quotes for attributes. For example
- To prevent fraud attempts, the callback page must not accept traffic from any source but AltaPay's gateway. AltaPay's outgoing IP address is 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206 or 220.127.116.11/24(ipv6: 2a10:a200::/29). You can do this, for example, using the following .htaccess file:
deny from all
allow from <valid outgoing IP address>
- Encode the page using UTF-8, or use HTML entities.
- Resources must have the appropriate content type. See Supported Resource Content Types.
Verify that all parameters posted to the callback page are accurate to ensure that a fraud attempt has not been made.
- Callback URLs must only use ports 443 and 80.