Preparing your environment
It is therefore necessary to make sure the notifications function properly.
Here are some guidelines:
In order for the dialog between the payment gateway and your merchant website to work, you must make sure, together with your technical teams, that the 18.104.22.168/24 IP address range is authorized on the various devices within your system (firewalls, apache server, proxy server, etc.).
Notifications are sent from an IP address in the 22.214.171.124/24 range in Test and Production modes.
- Using redirection leads to losing data presented in POST.
This is the case if there is a configuration on your devices or on the side of your host that redirects the URLs of “http://www.example.com” type to “http://example.com” or “http://example.com” to “https://example.com”.
- HTML must not be visible on the page. Access to images or CSS slows down the exchange between the payment gateway and the merchant website.
- Avoid integrating time-consuming tasks, such as PDF invoice generation or sending e-mails in your script.
The processing time has a direct influence on the time it takes to display the payment summary page.
The longer the processing of the notification, the greater the delay for displaying the page. After 35 seconds, the payment gateway considers that the call has failed (timeout).
- If your page is only accessible in https, test your URL on the Qualys SSL Labs website (https://www.ssllabs.com/ssltest/ and, if necessary, change your configuration in order to
obtain the A score.
Your SSL certificate must be signed by a certification authority known and recognized on the market.
Make sure that you use the latest version of the TLS protocol in order to maintain a high level of security.