Many customers wish to use the template in an iframe as part of their existing site, rather than displaying it as a standalone page - this is supported by Asperato, as long as the containing site is served over TLS1.2 or newer. Please make sure your iframe element is large enough to contain the payment form without any scrollbars. We recommend a size of at least 500px width and 1000px height.


Non-secure pages may not iframe the Asperato payment page in this way, as customers have no easy way of determining that the iframe itself is secure if the surrounding page is not.



PostMessage events


There are a number of standard postmessage events that occur when the template is operating in iframe mode. The postmessage content is a simple string. The values and their related events are documented in the table below. 


Text string
Event
asp--redir:REDIR URL
On redirect to an external authorisation page (such as in the case of Paypal.) This message contains the value of that URL, so on receiving this message the parent page may choose to close the iframe and launch the new in a new tab / window.
asp--exit-screen
On load of the payment success screen
asp--error--value:ERROR MESSAGE
On load of the payment error screen, this message contains the value of the error message displayed to the user.
asp--error-screenOn load of the payment error screen
asp--errorWhen the Close Without Retry button is pressed on the error page
asp--completeWhen the Finish button is pressed on the exit page
asp--cancelWhen the cancel link is pressed on the main pay page
asp--dddialogWhen the DD confirmation dialog box is displayed (allows the parent frame to refocus the iframe using "window.scrollTo(0,0)") 


By implementing an appropriate listener in the parent HTML you can make decisions based on these postmessage events.
For example if you want to suppress the display of the success screen then you can close the iframe when the listener detects the text content "asp--exit-screen" in the body of the postmessage.


Please note that we may add additional postmessage events from time to time - you must make sure that your integration won't cause an error if it receives a postmessage that it doesn't know about (ignoring it is fine.)