What is ePay relay-script
The ePay relay-script makes sure that your own designed payment form is highly secured with SSL encryption as required by PCI.
A SSL secured page has a padlock down in the right corner of the internet browser, which indicates to the user that data entered is encrypted and cannot be intercepted by someone else.
Below a sample is illustrated of a page which is not encrypted and a page which is encrypted by SSL.
| IE6 with SSL |
IE6 without SSL |
 |
 |
| IE7+8 |
 |
The data is encrypted over the internet by use of SSL certificates. ePay relay-script is able to fetch the HTML from your internet shop and present it to the customer with the SSL padlock in the browser. Your customer will not even notice that he/her is guided through ePay servers.
How-to integrate ePay relay-script
It is simple to use the ePay relay-script
Basiclly all that is needed is to insert the ePay relay-script URL infront of your own URL. Here is a example of how this page is encrypted by use of the ePay relay-script:
https://relay.ditonlinebetalingssystem.dk/relay/v2/relay.cgi/HTTP://WWW.YOURWEBSITE.COM
To avoid a popup to the user about being transferred to an insecure page it is important that you use our ePay relay-script on following pages:
- The page which shows your payment form
- The accept page (acceptURL)
- The decline page (declineURL)
Paths to images and other objects
All pages which uses the ePay relay-script must be setup with relative paths.
This means that the paths never must be setup as: http://www.myurl.dk/images/myimage.jpg. If this occurs your customer will receive a security warning in the browser. If the customer clicks no to this popup warning the page will not be shown correct. The paths must be set-up relative "../images/myimage.jpg".This must be effective for all objects!
Tricks for forcing relay for links
Often the website is build on a standard CMS where the URLs for the objects to be routed through the relay-script cannot be modified. Here a GET parameter can be added to the URL named forcerelay=1.
If the URL secured by the relay-script looks like:
https://relay.ditonlinebetalingssystem.dk/relay/v2/relay.cgi/http://magento.epay.dk/index.php/epay/standard/redirect/
Then forcing relay to all objects on this URL will be as adding the forcelay=1 to the URL:
https://relay.ditonlinebetalingssystem.dk/relay/v2/relay.cgi/http://magento.epay.dk/index.php/epay/standard/redirect/?forcerelay=1
MAX size of objects
The relay-script has an limitation of 512KB for each element. It is therefore important for you to chop your images and other elements to a minimum size.
If you try to route elements through the relay-server which exceeds the maximum relay-size only the first bytes will be displayed to the user!
How to maintain sessions
In order to maintain sessions the webserver session attribute must be send to the relay-script. This session attribute is named as HTTP_COOKIE. The relay-script will then send the HTTP_COOKIE backup to the webserver in order to maintain the session.
This HTTP_COOKIE must be send to the relay-script as GET or POST. You extract the HTTP_COOKIE by:
ASP:
<INPUT TYPE="HIDDEN" NAME="HTTP_COOKIE" VALUE="<%= Request.ServerVariables("HTTP_COOKIE") %>">
PHP:
<INPUT TYPE="HIDDEN" NAME="HTTP_COOKIE" VALUE="<?php echo getenv("HTTP_COOKIE"); ?>">
C#:
<INPUT TYPE="HIDDEN" NAME="HTTP_COOKIE" VALUE="<%= Request.ServerVariables.Get("HTTP_COOKIE") %>">
Force relay for links
Often the website is build on a standard CMS solution where the target of links cannot be alterede dynamically. Here a simple javascript can be included on the page which is secured by the ePay relay-script. The javascript is included by inserting this code at the bottom of the page:
<script type="text/javascript" src="https://relay.ditonlinebetalingssystem.dk/relay/v2/replace_relay_urls.js"></script>
