How can I perform data and origin check? (Referrer)
Even though we advise against using it since this feature will no longer be supported from 25 August 2020, you can configure the so-called referrer check, in addition to the SHA signature authentication. With this setting, our system checks the origin of the transaction request which is the URL the request comes from (the referrer). The aim is so that unauthorised URLs (that were not configured in your account) will not be able to call the payment page.
In order to set it up or remove it, simply go to Technical Information > Data and origin verification. Under Checks for e-Commerce & Alias Gateway, you can enter one or more URLs that you want to enable to call the payment page: orderstandard.asp / orderstandard_utf8.asp.
Possible errors related to the referrer are "unknown order/1/r" and "unknown order/0/r". Go to Possible errors for more information about these errors.
Important: We strongly advise against it and therefore to leave it blank.
However, if you would still like to use it,
- The URL(s) must always start with http:// or https://
- You must enter the ‘origin’ of the URL being accepted (Origin: <scheme> "://" <hostname> [ ":" <port> ])’ (For example: https://www.mysite.net)
- If you have several domains, multiple URLs can be entered. For example, http://www.mysite.com;http://www.mysite.net;https://www.secure.mysite.com. The URLs must be separated by a semicolon, with no spaces before or after the semicolon.
- If you perform a test transaction from our test page, please remember to enter our site’s origin URL as a referrer, otherwise you will receive an error.
We also would like to take the opportunity to remind you that although the referrer allows our system to identify the origin of an order, SHA signature authentication remains the most trusted way to secure your transactions on your PSPID. You can find more information on that in our SHA signature integration guide.