Between November and January is time for our Annual PCI Tasks and Audit.
Between March and June is time for our Annual SOC Audits.
Doing a lot (or constant API Call) of Retrieves, either:
is NOT the correct way to use our API. Please contact support@TabaPay.com.We have enabled Rate Limiting on the Sandbox Environment. Sandbox is a Shared Environment used by many Clients and meant only for Development purposes...
● SSO Token will Expire after 5-10 minutes and will therefore be rendered invalid.
● CreateKey will be deprecating soon. When the CreateKey replacement becomes available, CreateKey will be disabled...
● RetrieveAccount by ReferenceID is deprecated and should only be used in the case of a HTTP Communications Error where an AccountID was not returned back.
● RetrieveTransaction by ReferenceID is deprecated and should only be used in the case of a HTTP Communications Error where a TransactionID was not returned back.
If you continue to use Retrieve by ReferenceID, the API will return a Status Code of 421 Misdirected Request:
ReferenceID Change:
ReferenceID will no longer be required to be UNIQUE on a CreateAccount. If you do a Retrieve by ReferenceID, you will get the last one (the most recently added).
See the Anti-Pattern FAQ...
Anti-Pattern or incorrect use of TabaPay’s API is not permitted on Sandbox, UAT, or Production Environments as they can impact the overall Environment. Examples of incorrect use of TabaPay’s API:
Also see the Anti-Pattern FAQ for more examples...
We will only keep transactions accessible to the TabaPay API for approximately 120 days. This means that Delete Transaction will only work for transactions within approximately 120 days. However, we archive transactions for many years (as legally required).
Inactive IP Addresses will be disabled in the Sandbox Environment. Contact TabaPay Support if you need to reenable a disabled IP Address. If you need more IP Addresses whitelisted, consider using a Proxy (or our Proxy).
Creating too many Keys in the Sandbox and/or Production Environment will cause your CreateKey to be disabled.
Inactive and Duplicate Accounts, created with the Account Create API in the Sandbox, UAT, or Production Environment, may result in these inactive and duplicate accounts being deleted and/or additional charges will be charged for these accounts.
Please inform us of possible Volume Spikes.
If you do not inform us of unexpected Volume Spikes, our systems may detect it as abnormal and our systems may block all IP Addresses causing this unexpected Volume Spikes. Volume Spikes that are all (or mostly) Errors, like:
There should be no expectations on the Sandbox or UAT Environments, see the FAQ for the Sandbox Environment and see the FAQ for the UAT Environment. The Sandbox and UAT Environments use Simulators, so the accuracy of these Simulators may not be exactly the same as you will see in Production. For example, AVS calls will most likely always return a Network Response Code of 85, we will change the Simulator in the near future to reflect this.
Ready for Production? Please read the Production FAQ.
We have multiple Environments:
We will try not to update this WebSite before the corresponding Code Release to the Sandbox Environment. However, this WebSite might be slightly ahead of the Code Release to the Sandbox and Production Environments. So some things that are described on this WebSite may not yet be available and working in the Environment you are using.
On Sandbox and UAT Environments, your Client will now be limited to the IPs Whitelisted for that Client. If you have more than one Client, you will need to specify the IPs to be Whitelisted for each Client separately. This will also be implemented on the Production Environment soon...
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
If you need help, please contact support@TabaPay.com with the following:
Environment | Maintenance | |
---|---|---|
Date | Task | |
UAT | 02/28/2021 | Database Cleaned Up* |
Sandbox | 02/28/2021 | Database Cleaned Up* |
Sandbox | 05/26/2020 - 08/03/2020 | Migrate to New Sandbox Environment |
UAT | 05/24/2020 | Database Cleaned Up* |
Sandbox | 05/24/2020 | Database Cleaned Up* |
* There should be no expectations on the Sandbox or UAT Environments.
Nothing is unlimited, this includes the database, so the database was cleaned up.
Environment | Current | |
---|---|---|
Version | Deployment Date | |
Production USE1 | v22.0124 | 01/29/2022 |
Production USE2 | v22.0124 | 01/29/2022 |
UAT | v22.0124 | 02/01/2022 |
Sandbox | v22.0124 | 02/01/2022 |
This WebSite is preliminary and is subject to change.
TabaPay makes no representation or warranties, expressed or implied, as to the truth or accuracy of any information contain herein. This WebSite may include typographical errors and technical inaccuracies. This WebSite is provided "as is" and all expressed or implied conditions, representations and warranties, including any implied warranty of merchantability, fitness for a particular purpose, or non-infringement, are disclaimed; except to the extent that such disclaimers are held to be legally invalid.
The URLs and ResourceIDs specified on this WebSite are only used for illustrative purposes (temporary place holders and/or samples) and does not reflect the actual URLs and ResourceIDs to be used (in Sandbox or Production). Please contact TabaPay Support for the actual URLs and ResourceIDs to be used for your situation.
You will need to reverify your IP Addresses every year, otherwise they will be removed.
Code | Description |
---|---|
R | Required |
O | Optional |
C | Conditional |
® | Restricted Usage (Permissions Required) |
CR | Conditional Required - Choice |
Code | Description |
---|---|
R n | Required if chosing Non-Encrypted Card Data |
O n | Optional if chosing Non-Encrypted Card Data |
R e | Required if chosing Encrypted Card Data |
O e | Optional if chosing Encrypted Card Data |
RAVS | Required if AVS |
® t | Restricted Usage (Permissions Required) if chosing Token |
® m | Restricted Usage (Permissions Required) if chosing MobilePay |
R m | Required if chosing MobilePay |
O m | Optional if chosing MobielPay |
R a | Required if chosing Bank Data (ACH) |
R c | Required if chosing Company Name |
R n | Required if chosing Name |
O n | Optional if chosing Name |
Response:
Code | Description |
---|---|
✔ | Returned |
O | Optional |
The only operation available for this resource is:
Only TabaPay can:
Status Code | Description | |
---|---|---|
200 | OK | The Client's Attributes are returned. |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
200 | Other | ||||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | |||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | |||
EM | String | Error Message | O | ||||
label | String (no whitespaces) | Client Label | ✔ | ||||
networks | object | List of Available Networks | ✔ | ||||
pull | array of Strings | For Pull Transactions Array can be empty or is a List of Network Names | ✔ | ||||
push | array of Strings | For Push Transactions Array can be empty or is a List of Network Names | ✔ | ||||
limits | object | ✔ | |||||
currency | String 3-digit code | ISO 4217 Currency Number | ✔ | ||||
pull | object | ✔ | |||||
transaction | String Amount | Pull Transaction Limit | ✔ | ||||
daily | String Amount | Approximate Pull Daily Limit | ✔ | ||||
networks | array of objects | List of Network Limits Network is listed only if different from above Pull Limits | O | ||||
network | String | Network Name | ✔ | ||||
transaction | String Amount | Network Pull Transaction Limit | ✔ | ||||
daily | String Amount | Approximate Network Pull Daily Limit | ✔ | ||||
push | object | ✔ | |||||
transaction | String Amount | Push Transaction Limit | ✔ | ||||
daily | String Amount | Approximate Push Daily Limit | ✔ | ||||
networks | array of objects | List of Network Limits Network is listed only if different from above Push Limits | O | ||||
network | String | Network Name | ✔ | ||||
transaction | String Amount | Network Push Transaction Limit | ✔ | ||||
daily | String Amount | Approximate Network Push Daily Limit | ✔ |
{ "SC": 200, "EC": "0", "label": "ClientLabel", "networks": { "pull": [ "STAR", "Visa" ], "push": [ "STAR", "CU24", "Visa" ] }, "limits": { "currency": "840", "pull": { "transaction": "0.25", "daily": "1.00" }, "push": { "transaction": "0.25", "daily": "1.00", "networks": [ { "network": "CU24", "transaction": "0.20", "daily": "1.00" } ] } } }
{ "SC": 404, "EC": "3A100000", "EM": "Not Found" }
{ "SC": 423, "EC": "3A100000", "EM": "Locked" }
The operations that are available for this resource are:
JSON Name | Value | Required | Default | Description | ||
---|---|---|---|---|---|---|
format | String | R | Public Key Response Format, either:
| |||
expiration | Integer Between 30 and 365 | R | 365 | Key Expiration Time:
|
ASN.1
{ "format": "ASN.1", "expiration": 365 }Raw (Modulus and Public Exponent)
{ "format": "Raw", "expiration": 365 }
Status Code | Description | |
---|---|---|
200 | OK | A Key is created. |
429 | Too Many Requests | Created too many Keys See Notes Below... |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
ASN.1 | Raw | Other | |||||
200 | 200 | ||||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | ||
EM | String | Error Message | O | ||||
keyID | String 22 characters | KeyID | ✔ | ✔ | |||
key | String | ASN.1 encoded in Base64 URL-Safe Character Set | ✔ | ||||
keyModulus | String | Modulus encoded in Base64 URL-Safe Character Set | ✔ | ||||
keyExponent | String | Public Exponent encoded in Base64 URL-Safe Character Set | ✔ | ||||
expiration | String | Key Expiration in yyyy-MM-ddTHH:mm:ssZ Format. | ✔ | ✔ | |||
notices | String | Important Notices | O | O | O |
{ "SC": 200, "EC": "0", "keyID": "TabaPay_KeyID_22-chars", "key": "Base64_Encoded_Key", "expiration": "2017-04-03T00:00:00Z" }Key created returned in Raw format:
{ "SC": 200, "EC": "0", "keyID": "TabaPay_KeyID_22-chars", "keyModulus": "Base64_Encoded_Modulus", "keyExponent": "Base64_Encoded_Exponent", "expiration": "2017-04-03T00:00:00Z" }
You should only have at most 2 keys active at any one time. If you create more than 2 keys that are currently active (expiration date), you might get a return of SC=429, Too Many Requests. However, if the system detects that there are more than 2 keys that are currently active (expiration date), the system may automatically delete the older keys until there are at most 2 keys that are currently active.
Status Code | Description | |
---|---|---|
200 | OK | The Key is returned. |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
ASN.1 | Raw | Other | |||||
200 | 200 | ||||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | ||
EM | String | Error Message | O | ||||
key | String | ASN.1 encoded in Base64 URL-Safe Character Set | ✔ | ||||
keyModulus | String | Modulus encoded in Base64 URL-Safe Character Set | ✔ | ||||
keyExponent | String | Public Exponent encoded in Base64 URL-Safe Character Set | ✔ | ||||
expiration | String | Key Expiration in yyyy-MM-ddTHH:mm:ssZ Format. | ✔ | ✔ |
{ "SC": 200, "EC": "0", "keyID": "TabaPay_KeyID_22-chars", "key": "Base64_Encoded_Key", "expiration": "2017-04-03T00:00:00Z" }Key returned in Raw format:
{ "SC": 200, "EC": "0", "keyID": "TabaPay_KeyID_22-chars", "keyModulus": "Base64_Encoded_Modulus", "keyExponent": "Base64_Encoded_Exponent", "expiration": "2017-04-03T00:00:00Z" }
Status Code | Description | |
---|---|---|
200 | OK | The Key is marked for deletion. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O |
{ "SC": 200, "EC": "0" }
{ "SC": 404, "EC": "10000000" }
{ "SC": 410, "EC": "50000000" }
The only operation available for this resource is:
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Conditional | ||
---|---|---|---|---|---|---|---|
networks | String | O | List of Network Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||
cardTypesPull | String | O | List of Card Type Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||
cardTypesPush | String | O | |||||
► account | object View Object | CR | Either Account or Card | Account | |||
accountID | String 22 characters | R | AccountID | Account | |||
securityCode | String 3-4 digits | O | CVV2 | Account AVS | |||
► card | object View Object | CR | Either Account or Card Either Payment Card Not Encrypted:
| Card Data Encrypted? | |||
accountNumber | String 13-19 digits | R n | Payment Card Account Number | Card Not Encrypted | |||
expirationDate | String YYYYMM Format | O n RAVS | Expiration Date | Card Not Encrypted AVS | |||
securityCode | String 3-4 digits | O n | CVV2 | Card Not Encrypted AVS | |||
keyID | String 22 characters | R e | KeyID | Card Encrypted | |||
mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | Card Encrypted | ||
data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | Card Encrypted | |||
token | String | ® t | Card Token (from SSO) Restricted Usage | Card Token | |||
► device | object View Object | ® d | Card Data from P2PE Device Restricted Usage | Card Device | |||
id | String | ® d | Device Identifier | Card Device | |||
blob | Hex String | ® d | Blob in Hex | Card Device | |||
► mobilePay | object View Object | ® m | Card Data from Mobile Payment Restricted Usage | SA PC Mobile Pay | |||
accountNumber | String 13-19 digits | R m | Pseudo Payment Card Account Number | SA PC Mobile Pay | |||
expirationDate | String YYYYMM Format | R m | Expiration Date | SA PC Mobile Pay | |||
cryptogram | Base64 String 28 characters | R m | Payment Data Cryptogram | SA PC Mobile Pay | |||
transactionID | Hex String 64 characters | R m | Transaction Identifier in Hex | SA PC Mobile Pay | |||
eciIndicator | String 1 character | O m | Usually only Visa cards | SA PC Mobile Pay | |||
network | String | R m | Card Network (Visa, MasterCard, Amex, Discover, etc...) | SA PC Mobile Pay | |||
type | String | R m | Card Type (Debit, Credit, PrePaid, etc...) | SA PC Mobile Pay | |||
► owner | object View Object | C | Card Holder | AVS / Verify | |||
► name | object View Object | C | Name on Card | Verify | |||
first | String | R | First Name | Verify | |||
middle | String | O | Middle Name or Initial | Verify | |||
last | String | R | Last Name | Verify | |||
suffix | String | O | Suffix | Verify | |||
▼ address | object Hide Object | C | Billing Address | AVS | |||
line1 | String | O | Address Line 1, for AVS, see notes below | AVS | |||
line2 | String | O | Address Line 2 | AVS | |||
city | String | O | City | AVS | |||
state | String 2-character code | O | State Code | AVS | |||
zipcode | String | R | Zip Code | AVS | |||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | AVS | ||
► phone | object View Object | C | Phone Number (E.164 Numbering) | Verify | |||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | Verify | ||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | Verify | |||
currency | String 3-digits | O | 840 | ISO 4217 Currency Number | Fees Check | ||
amount | String Amount | C | Amount of Transaction | Fees Check | |||
timeout | Number Between 15 and 50 | O | 39 | Maximum time to wait for AVS and/or Verify Response | AVS / Verify |
Field | Required | Description | UnEncrypted Card Data Format |
---|---|---|---|
Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | Security Code (no spaces, pipe symbol separated) see samples |
Expiration Date | O RAVS | Expiration date in YYYYMM Format | |
Security Code | O | 3 or 4 digit CVV2 |
Query Card:
{ "card": { "accountNumber": "9999999999999999" } }Query Card using Encrypted Data:
{ "card": { "keyID": "TabaPay_KeyID_22-chars", "data": "Base64_Encoded_Encrypted_Data" } }Query Card using AccountID:
{ "account": { "accountID": "TabaPay_AccountID_22ch" } }
{ "card": { "accountNumber": "9999999999999999" }, "amount": "0.50" }
1111111111111111|| where Card Number: 1111111111111111 Expiration Date: None Security Code: None
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: None
1111111111111111|203001|333 where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: 333
1111111111111111||333 where Card Number: 1111111111111111 Expiration Date: None Security Code: 333
Status Code | Description | |
---|---|---|
200 | OK | The Payment Card's Attributes are returned. |
207 | Multi-Status | One or more Failures occurred while processing the Request. |
JSON Name | Value | Description | Status Code | Conditional | ||||
---|---|---|---|---|---|---|---|---|
200 | 207 | Other | ||||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | |||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | |||
EM | String | Error Message | O | |||||
card | object | Card Attributes | ✔ | ✔ | ||||
pull | object | Debit Transaction | ✔ | ✔ | ||||
enabled | Boolean | ✔ | ✔ | |||||
network | String | O | O | |||||
type | String | Credit, Debit, Prepaid | O | O | ||||
regulated | Boolean | O | O | |||||
currency | String 3-digit code | ISO 4217 Currency Number | O | O | ||||
country | String 3-digit code | ISO 3166-1 Country Code | O | O | ||||
push | object | Credit Transaction | ✔ | ✔ | ||||
enabled | Boolean | ✔ | ✔ | |||||
network | String | O | O | |||||
type | String | Credit, Debit, Prepaid | O | O | ||||
availability | String | Estimated Funds Availability | O | O | ||||
regulated | Boolean | O | O | |||||
currency | String 3-digit code | ISO 4217 Currency Number | O | O | ||||
country | String 3-digit code | ISO 3166-1 Country Code | O | O | ||||
AVS | object | AVS Results | C | C | AVS | |||
networkRC | String 2 or 3-character code | Network Response Code | ✔ | O | AVS | |||
authorizeID | String | ID | ✔ | O | AVS | |||
resultText | String | AVS Result Text | O | O | AVS | |||
codeAVS | String | AVS Response Code | ✔ | O | AVS | |||
codeSecurityCode | String | Security Code Response Code | ✔ | O | AVS | |||
EC | String 1 or 8 characters | Internal Error Code | O | AVS | ||||
fees | object | Fees Check | C | C | Fees Check | |||
pull | object | Debit Transaction | O | O | Fees Check | |||
interchange | String Amount | Interchange Fees | ✔ | ✔ | Fees Check | |||
network | String Amount | Network Fees | ✔ | ✔ | Fees Check | |||
tabapay | String Amount | TabaPay Fees | ✔ | ✔ | Fees Check | |||
push | object | Credit Transaction | O | O | Fees Check | |||
interchange | String Amount | Interchange Fees | ✔ | ✔ | Fees Check | |||
network | String Amount | Network Fees | ✔ | ✔ | Fees Check | |||
tabapay | String Amount | TabaPay Fees | ✔ | ✔ | Fees Check |
{ "SC": 200, "EC": "0", "card": { "pull": { "enabled": true, "network": "Visa", "type": "Debit", "regulated": true, "currency": "840", "country": "840" }, "push": { "enabled": true, "network": "Visa", "type": "Debit", "regulated": true, "currency": "840", "country": "840", "availability": "Immediate" } } }
{ "SC": 200, "EC": "0", "card": { "pull": { "enabled": false }, "push": { "enabled": true, "network": "Visa", "type": "Debit", "regulated": true, "currency": "840", "country": "840", "availability": "Immediate" } } }
{ "SC": 200, "EC": "0", "card": { "pull": { "enabled": true, "network": "Visa", "type": "Debit", "regulated": true, "currency": "840", "country": "840" }, "push": { "enabled": false } } }
{ "SC": 200, "EC": "0", "card": { "pull": { "enabled": false }, "push": { "enabled": false } } }
Creating unused and/or inactive Accounts will result in:
For AVS:
card.mode | Description |
---|---|
0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.
The only operation available for this resource is:
JSON Name | Value | Required | Default | Description |
---|---|---|---|---|
routingNumber | String 9 digits | R | Routing Number |
Query Bank:
{ "routingNumber": "999999999" }
Status Code | Description | |
---|---|---|
200 | OK | The Bank's Attributes are returned. |
JSON Name | Value | Description | Status Code | |
---|---|---|---|---|
200 | Other | |||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O |
EC | String 1 or 8 characters | Internal Error Code | ✔ | O |
EM | String | Error Message | O | |
RTP | Boolean | RTP | ✔ |
{ "SC": 200, "EC": "0", "RTP": true }
The only operation available for this resource is:
JSON Name | Value | Required | Default | Description | |
---|---|---|---|---|---|
name | object | R | Name | ||
first | String | R | First Name | ||
last | String | R | Last Name | ||
address | object | O | Address | ||
requestID | String up to 32 Characters | O | WatchDog Request Identifier This is Required if the Bank requires the use of WatchDog | ||
birthYear | String YYYY Format | O | Birth Year This is Optional if the Bank requires the use of WatchDog | ||
country | String 3-digit code | O | ISO 3166-1 Country Code This is Optional if the Bank requires the use of WatchDog |
Query OFAC:
{ "name": { "first": "John", "last": "Smith" } }Query OFAC (using WatchDog):
{ "name": { "first": "John", "last": "Smith" }, "requestID": "ABC123" }
Status Code | Description | |
---|---|---|
200 | OK | The OFAC Match Codes are returned. |
207 | Multi-Status | Unable to contact WatchDog. |
JSON Name | Value | Description | Status Code | ||
---|---|---|---|---|---|
200 | 207 | Other | |||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O |
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O |
EM | String | Error Message | O | O | |
ofacMatchCodes | String | OFAC Match Codes | ✔ | ||
ofacValue | String | OFAC Value to be used in Create Transaction | ✔ | ||
errors | Array of 8 characters Strings | Array of Internal Error Codes | ✔ |
{ "SC": 200, "EC": "0", "ofacMatchCodes": "LN", "ofacValue": "7nGfHHedKNe1aw" }Query OFAC (using WatchDog):
{ "SC": 200, "EC": "0", "ofacMatchCodes": "H", "ofacValue": "8oHgIIfeLOf2bx" }
OFAC Match Codes | Description |
---|---|
LN | Last Name did Not Match |
LM | Last Name Matched, but First Name did Not Match |
LMFM | Last Name Matched and First Name Matched |
LMFP | Last Name Matched, but First Name was just a Partial Match |
LMFO | Last Name Matched, but First Name was just a Partial (out of order) Match |
LP | Last Name was just a Partial Match and First Name did Not Match |
LPFM | Last Name was just Partial Match, but First Name Matched |
LPFP | Last Name and First Name were both just a Partial Match |
LPFO | Last Name partial Match and First Name Out Of Order |
LOFM | Last Name was just a Partial (out of order) Match, but First Name Matched |
LOFP | Last Name was just a Partial (out of order) Match and First Name was just a Partial Match |
LOFO | Last Name and First Name were both just a Partial (out of order) Match |
N | No Hit |
H | Hit |
HN | Hit by Name |
Please speak to your Bank to determine if this is required in Create Transaction.
The operations that are available for this resource are:
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Conditional | ||
---|---|---|---|---|---|---|---|
referenceID | String 1-15 characters | R | Your unique Reference ID | ||||
bank | object | CR | Either Bank or Card | ACH | |||
routingNumber | String 9 digits | R a | Routing Number | ACH | |||
accountNumber | String 4-17 digits | R a | Account Number | ACH | |||
accountType | String 1-character code | R a | Account Type | ACH | |||
card | object | CR | Either Bank or Card Either Payment Card Not Encrypted:
| Payment Card | |||
accountNumber | String 13-19 digits | R n | Payment Card Account Number | Payment Card Not Encrypted | |||
expirationDate | String YYYYMM Format | R n O n | Expiration Date | Payment Card Not Encrypted | |||
keyID | String 22 characters | R e | KeyID | Payment Card Encrypted | |||
mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | Payment Card Encrypted | ||
data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | Payment Card Encrypted | |||
token | String | ® t | Card Token (from SSO) Restricted Usage | Payment Card Token | |||
device | object | ® d | Card Data from P2PE Device Restricted Usage | Payment Card Device | |||
id | String | ® d | Device Identifier | Payment Card Device | |||
blob | Hex String | ® d | Blob in Hex | Payment Card Device | |||
owner | object | R | Account Owner | ||||
name | object | R | Name Either Company or First, Middle, Last, and Suffix | ||||
company | String | R c | Company Name | ||||
first | String | R n | First Name | ||||
middle | String | O n | Middle Name or Initial | ||||
last | String | R n | Last Name | ||||
suffix | String | O n | Suffix | ||||
address | object | O | Address | ||||
line1 | String | R | Address Line 1 | ||||
line2 | String | O | Address Line 2 | ||||
city | String | R | City | ||||
state | String 2-character code | R | State Code | 840 | |||
zipcode | String | R | Zip Code | 840 | |||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | 840 | ||
phone | object | O | Phone Number (E.164 Numbering) | 840 | |||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | 840 | ||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | 840 |
Field | Required | Description | UnEncrypted Card Data Format |
---|---|---|---|
Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | (no spaces, pipe symbol separated) see samples |
Expiration Date | R | Expiration date in YYYYMM Format |
Create Payment Card Account:
{ "referenceID": "1", "card": { "accountNumber": "9999999999999999", "expirationDate": "202012" }, "owner": { "name": { "first": "John", "last": "Customer" }, "address": { "line1": "465 Fairchild Drive", "line2": "Suite #222", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" } } }
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030
Status Code | Description | |
---|---|---|
200 | OK | An Account is Created. |
207 | Multi-Status | Account created, but Duplicate Card Check Failed. |
409 | Conflict | Duplicate Card Check Matched. |
JSON Name | Value | Description | Status Code | |||||
---|---|---|---|---|---|---|---|---|
200 | 207 | 409 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | ✔ | O | ||
EM | String | Error Message | ✔ | ✔ | O | |||
accountID | String 22 characters | AccountID | ✔ | ✔ | ||||
card | object | Card | O | O | ||||
last4 | String 4 digits | Last 4 of Card Account Number (PAN) | ✔ | ✔ | ||||
expirationDate | String 6 digits | Expiration Date YYYYMM Format | O | O | ||||
notices | String | Important Notices | O | O | O | |||
duplicateAccountIDs | Array of Strings | AccountIDs using the same Card Account Number | O |
{ "SC": 200, "EC": "0", "accountID": "TabaPay_AccountID_22ch" }
Creating unused and/or inactive Accounts will result in:
card.mode | Description |
---|---|
0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
Status Code | Description | |
---|---|---|
200 | OK | The Account is retrieved. |
421 | Misdirected Request | Too late to Retrieve Account by ReferenceID, use AccountID. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | |||
referenceID | String | ReferenceID | ✔ | |||
bank | object | Bank | O | |||
routingNumber | String 9 digits | Routing Number | O | |||
last4 | String 4 digits | Last 4 of Account Number | O | |||
accountType | String 1-character code | Account Type | O | |||
card | object | Card | O | |||
last4 | String 4 digits | Last 4 of Card Number | O | |||
expirationDate | String 6 digits | Expiration Date | O | |||
owner | object | Account Owner | ✔ | |||
name | object | Name | ✔ | |||
first | String | First Name | ✔ | |||
middle | String | Middle Name or Initial | O | |||
last | String | Last Name | ✔ | |||
suffix | String | Suffix | O | |||
address | object | Address | O | |||
line1 | String | Address Line 1 | ✔ | |||
line2 | String | Address Line 2 | O | |||
city | String | City | ✔ | |||
state | String 2-character code | State Code | ✔ | |||
zipcode | String | Zip Code | ✔ | |||
country | String 3-digit code | ISO 3166-1 Country Code | O | |||
phone | object | Phone Number (E.164 Numbering) | O | |||
countryCode | String 1-3 digits | Country Calling Code | O | |||
number | String Min: 4 digits Max: 12-14 digits | Phone Number | ✔ |
{ "SC": 200, "EC": "0", "referenceID": "1", "card": { "last4": "9990", "expirationDate": "202012" }, "owner": { "name": { "first": "John", "last": "Customer" }, "address": { "line1": "465 Fairchild Drive", "line2": "Suite #222", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" } } }
This request is only valid if the Account was created within 24 hours ago, otherwise SC=421 will be returned, use Retrieve by AccountID.
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
Status Code | Description | |
---|---|---|
200 | OK | The Account is retrieved. |
421 | Misdirected Request | Too late to Retrieve Account by ReferenceID, use AccountID. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | |||
accountID | String 22 characters | AccountID | ✔ | |||
bank | object | Bank | O | |||
routingNumber | String 9 digits | Routing Number | O | |||
last4 | String 4 digits | Last 4 of Account Number | O | |||
accountType | String 1-character code | Account Type | O | |||
card | object | Card | O | |||
last4 | String 4 digits | Last 4 of Card Number | O | |||
expirationDate | String 6 digits | Expiration Date | O | |||
owner | object | Account Owner | ✔ | |||
name | object | Name | ✔ | |||
first | String | First Name | ✔ | |||
middle | String | Middle Name or Initial | O | |||
last | String | Last Name | ✔ | |||
suffix | String | Suffix | O | |||
address | object | Address | O | |||
line1 | String | Address Line 1 | ✔ | |||
line2 | String | Address Line 2 | O | |||
city | String | City | ✔ | |||
state | String 2-character code | State Code | ✔ | |||
zipcode | String | Zip Code | ✔ | |||
country | String 3-digit code | ISO 3166-1 Country Code | O | |||
phone | object | Phone Number (E.164 Numbering) | O | |||
countryCode | String 1-3 digits | Country Calling Code | O | |||
number | String Min: 4 digits Max: 12-14 digits | Phone Number | ✔ |
{ "SC": 200, "EC": "0", "accountID": "TabaPay_AccountID_22ch", "owner": { "name": { "first": "John", "last": "Customer" }, "address": { "line1": "465 Fairchild Drive", "line2": "Suite #222", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" } } }
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Conditional | ||
---|---|---|---|---|---|---|---|
bank | object | CR | Either Bank or Card | ACH | |||
routingNumber | String 9 digits | R a | Routing Number | ACH | |||
accountNumber | String 4-17 digits | R a | Account Number | ACH | |||
accountType | String 1-character code | R a | Account Type | ACH | |||
card | object | CR | Either Bank or Card Either Payment Card Not Encrypted:
| Payment Card | |||
accountNumber | String 13-19 digits | R n | Payment Card Account Number | Payment Card Not Encrypted | |||
expirationDate | String YYYYMM Format | R n O n | ExpirationDate | Payment Card Not Encrypted | |||
keyID | String 22 characters | R e | KeyID | Payment Card Encrypted | |||
mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | Payment Card Encrypted | ||
data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | Payment Card Encrypted | |||
token | String | ® t | Card Token (from SSO) Restricted Usage | Payment Card Token | |||
device | object | ® d | Card Data from P2PE Device Restricted Usage | Payment Card Device | |||
id | String | ® d | Device Identifier | Payment Card Device | |||
blob | Hex String | ® d | Blob in Hex | Payment Card Device | |||
owner | object | R | Account Owner | ||||
name | object | R | Name Either Company or First, Middle, Last, and Suffix | ||||
company | String | R c | Company Name | ||||
first | String | R n | First Name | ||||
middle | String | O n | Middle Name or Initial | ||||
last | String | R n | Last Name | ||||
suffix | String | O n | Suffix | ||||
address | object | O | Address | ||||
line1 | String | R | Address Line 1 | ||||
line2 | String | O | Address Line 2 | ||||
city | String | R | City | ||||
state | String 2-character code | R | State Code | 840 | |||
zipcode | String | R | Zip Code | 840 | |||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | 840 | ||
phone | object | O | Phone Number (E.164 Numbering) | 840 | |||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | 840 | ||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | 840 |
Field | Required | Description | UnEncrypted Card Data Format |
---|---|---|---|
Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | (no spaces, pipe symbol separated) see samples |
Expiration Date | R | Expiration date in YYYYMM Format |
Update Payment Card Account:
{ "card": { "accountNumber": "9999999999999999", "expirationDate": "202012" }, "owner": { "name": { "first": "John", "last": "Customer" }, "address": { "line1": "465 Fairchild Drive", "line2": "Suite #222", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" } } }
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030
Status Code | Description | |
---|---|---|
200 | OK | The Account is Updated. |
207 | Multi-Status | Account updated, but Update Duplicate Card Check Failed. |
409 | Conflict | Duplicate Card Check Matched. |
JSON Name | Value | Description | Status Code | |||||
---|---|---|---|---|---|---|---|---|
200 | 207 | 409 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | ✔ | O | ||
EM | String | Error Message | ✔ | ✔ | O | |||
duplicateAccountIDs | Array of Strings | AccountIDs using the same Card Account Number | O |
{ "SC": 200, "EC": "0" }
card.mode | Description |
---|---|
0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Update specific fields in the Account. Currently does not work with DuplicateCardCheck. Currently only works with Unencrypted Cards (Card in the Clear) and/or Bank Accounts.
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Conditional | ||
---|---|---|---|---|---|---|---|
bank | object | CO | Either Bank or Card | ACH | |||
routingNumber | String 9 digits | O a | Routing Number | ACH | |||
accountNumber | String 4-17 digits | O a | Account Number | ACH | |||
accountType | String 1-character code | O a | Account Type | ACH | |||
card | object | CO | Either Bank or Card | Payment Card | |||
accountNumber | String 13-19 digits | O n | Payment Card Account Number | Payment Card Not Encrypted | |||
expirationDate | String YYYYMM Format | O n | ExpirationDate | Payment Card Not Encrypted | |||
owner | object | O | Account Owner | ||||
name | object | O | Name Either Company or First, Middle, Last, and Suffix | ||||
company | String | O c | Company Name | ||||
first | String | O n | First Name | ||||
middle | String | O n | Middle Name or Initial | ||||
last | String | O n | Last Name | ||||
suffix | String | O n | Suffix | ||||
address | object | O | Address | ||||
line1 | String | O | Address Line 1 | ||||
line2 | String | O | Address Line 2 | ||||
city | String | O | City | ||||
state | String 2-character code | O | State Code | 840 | |||
zipcode | String | O | Zip Code | 840 | |||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | 840 | ||
phone | object | O | Phone Number (E.164 Numbering) | 840 | |||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | 840 | ||
number | String Min: 4 digits Max: 12-14 digits | O | Phone Number | 840 |
Update First Name on Account:
{ "owner": { "name": { "first": "Jane" } } }Update Address on Account:
{ "owner": { "address": { "line1": "605 Ellis St", "line2": "Suite #110", } } }
Status Code | Description | |
---|---|---|
200 | OK | The Account is Updated. |
207 | Multi-Status | Account updated, but Update Duplicate Card Check Failed. |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
200 | 207 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | ||
EM | String | Error Message | ✔ | O |
{ "SC": 200, "EC": "0" }
Updating specific fields must make logical sense, here are some examples of illogical updates that will fail with SC=400 Bad Request:
Current Account State | Update Wanted | Reason for Failure |
---|---|---|
Account is a Card | bank.accountNumber | In order to Change an Account from Card to Bank, you will need to provide all the Bank Fields:
|
Account Owner's Address is Country 840 | Postal Code of "A1A 1A1" | The Postal Code is not a US Zip Code |
Account Owner's Address is Country 124 | State Code of "CA" | The State Code is not a Canadian Province |
Account Name is a Company | Last Name of "Smith" | In order to change the Name, you will need to provide at least:
|
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
Status Code | Description | |
---|---|---|
200 | OK | The Account is marked for deletion. |
207 | Multi-Status | Account marked for deletion, but Delete Duplicate Card Check Failed. |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
200 | 207 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | ||
EM | String | Error Message | ✔ | O |
{ "SC": 200, "EC": "0" }
The operations that are available for this resource are:
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Choice | ||||
---|---|---|---|---|---|---|---|---|---|
referenceID | String 1-15 characters | R | Your unique Reference ID | ||||||
correspondingID | String 22 characters | O | Either Corresponding TransactionID or Corresponding (For a Pull Transaction, this would be the corresponding Push Transaction or For a Push Transaction, this would be the corresponding Pull Transaction) | CID | |||||
► corresponding | object View Object | O | Either Corresponding or Corresponding TransactionID (For a Push Transaction, this would be the corresponding Pull Transaction) | C | |||||
ofacValue | String | O | Sender OFAC Value from Query OFAC... | C | |||||
▼ name | object Hide Object | R | Sender Name | C | |||||
first | String | R | First Name | C | |||||
last | String | R | Last Name | C | |||||
▼ address | object Hide Object | O | Sender Address | C | |||||
line | String | O | Address Line | C | |||||
city | String | O | City | C | |||||
state | String 2-character code | O | State Code | C | |||||
zipcode | String | O | Zip Code | C | |||||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | C | ||||
accountNumber | String | O | Sender Account Number | C | |||||
sourceOfFunds | String | O | Sender Source of Funds:
| C | |||||
type | String 4 characters Either push or pull | R | Transaction Type This is used to verify that your Source and Destination Accounts are valid. | ||||||
networks | String | O | List of Network Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||||
cardTypes | String | O | List of Card Type Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||||
▼ accounts | object Hide Object | R | Accounts | ||||||
sourceAccountID | String 22 characters | CR | Either Source AccountID or Source Account | SAID | |||||
► sourceAccount | object View Object | CR | Either Source Account or Source AccountID | SA | |||||
► bank | object View Object | CR | Either Bank or Card | SA ACH | |||||
routingNumber | String 9 digits | R a | Routing Number | SA ACH | |||||
accountNumber | String 4-17 digits | R a | Account Number | SA ACH | |||||
accountType | String 1-character code | R a | Account Type:
| SA ACH | |||||
► card | object View Object | CR | Either Bank or Card Either Payment Card Not Encrypted:
| SA PC | |||||
accountNumber | String 13-19 digits | R n | Payment Card Account Number | SA PC Not Encrypted | |||||
expirationDate | String YYYYMM Format | R n | Expiration Date | SA PC Not Encrypted | |||||
securityCode | String 3-4 digits | O n | Security Code | SA PC Not Encrypted | |||||
keyID | String 22 characters | R e | KeyID | SA PC Encrypted | |||||
mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | SA PC Encrypted | ||||
data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | SA PC Encrypted | |||||
token | String | ® t | Card Token (from SSO) Restricted Usage | SA PC Token | |||||
► device | object View Object | ® d | Card Data from P2PE Device Restricted Usage | SA PC Device | |||||
id | String | R d | Device Identifier | SA PC Device | |||||
blob | Hex String | R d | Blob in Hex | SA PC Device | |||||
► mobilePay | object View Object | ® m | Card Data from Mobile Payment Restricted Usage | SA PC Mobile Pay | |||||
accountNumber | String 13-19 digits | R m | Pseudo Payment Card Account Number | SA PC Mobile Pay | |||||
expirationDate | String YYYYMM Format | R m | Expiration Date | SA PC Mobile Pay | |||||
cryptogram | Base64 String 28 characters | R m | Payment Data Cryptogram | SA PC Mobile Pay | |||||
transactionID | Hex String 64 characters | R m | Transaction Identifier in Hex | SA PC Mobile Pay | |||||
eciIndicator | String 1 character | O m | Usually only Visa cards | SA PC Mobile Pay | |||||
network | String | R m | Card Network (Visa, MasterCard, Amex, Discover, etc...) | SA PC Mobile Pay | |||||
type | String | R m | Card Type (Debit, Credit, PrePaid, etc...) | SA PC Mobile Pay | |||||
► processor | object View Object | ® p | Processor Restricted Usage | SA PC Processor | |||||
name | String | R p | Name | SA PC Processor | |||||
token | String | R p | Token | SA PC Processor | |||||
► owner | object View Object | R | Account Owner | SA | |||||
► name | object View Object | R | Name Either Company or First, Middle, Last, and Suffix | SA | |||||
company | String | R c | Company Name | SA | |||||
first | String | R n | First Name | SA | |||||
middle | String | O n | Middle Name or Initial | SA | |||||
last | String | R n | Last Name | SA | |||||
suffix | String | O n | Suffix | SA | |||||
► address | object View Object | O | Address | SA | |||||
line1 | String | O | Address Line 1 | SA | |||||
line2 | String | O | Address Line 2 | SA | |||||
city | String | O | City | SA | |||||
state | String 2-character code | O | State Code | SA | |||||
zipcode | String | O | Zip Code | SA | |||||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | SA | ||||
► phone | object View Object | O | Phone Number (E.164 Numbering) | SA | |||||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | SA | ||||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | SA | |||||
destinationAccountID | String 22 characters | CR | Either Destination AccountID or Destination Account | DAID | |||||
► destinationAccount | object View Object | CR | Either Destination Account or Destination AccountID | DA | |||||
► bank | object View Object | CR | Either Bank or Card | DA ACH | |||||
routingNumber | String 9 digits | R a | Routing Number | DA ACH | |||||
accountNumber | String 4-17 digits | R a | Account Number | DA ACH | |||||
accountType | String 1-character code | R a | Account Type:
| DA ACH | |||||
► card | object View Object | CR | Either Bank or Card Either Payment Card Not Encrypted:
| DA PC | |||||
accountNumber | String 13-19 digits | R n | Payment Card Account Number | DA PC Not Encrypted | |||||
expirationDate | String YYYYMM Format | R n | Expiration Date | DA PC Not Encrypted | |||||
securityCode | String 3-4 digits | O n | CVV2 | DA PC Not Encrypted | |||||
keyID | String 22 characters | R e | KeyID | DA PC Encrypted | |||||
mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | DA PC Encrypted | ||||
data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | DA PC Encrypted | |||||
token | String | ® t | Card Token (from SSO) Restricted Usage | DA PC Token | |||||
► device | object View Object | ® d | Card Data from P2PE Device Restricted Usage | DA PC Device | |||||
id | String | ® d | Device Identifier | DA PC Device | |||||
blob | Hex String | ® d | Blob in Hex | DA PC Device | |||||
► processor | object View Object | ® p | Processor Restricted Usage | SA PC Processor | |||||
name | String | R p | Name | SA PC Processor | |||||
token | String | R p | Token | SA PC Processor | |||||
► owner | object View Object | R | Account Owner | DA | |||||
► name | object View Object | R | Name Either Company or First, Middle, Last, and Suffix | DA | |||||
company | String | R c | Company Name | DA | |||||
first | String | R n | First Name | DA | |||||
middle | String | O n | Middle Name or Initial | DA | |||||
last | String | R n | Last Name | DA | |||||
suffix | String | O n | Suffix | DA | |||||
► address | object View Object | O | Address | DA | |||||
line1 | String | O | Address Line 1 | DA | |||||
line2 | String | O | Address Line 2 | DA | |||||
city | String | O | City | DA | |||||
state | String 2-character code | O | State Code | DA | |||||
zipcode | String | O | Zip Code | DA | |||||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | DA | ||||
► phone | object View Object | O | Phone Number (E.164 Numbering) | DA | |||||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | DA | ||||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | DA | |||||
currency | String 3 digits | O | 840 | ISO 4217 Currency Number | |||||
amount | String Amount | R | Transaction Amount | ||||||
ofacValue | String | O | OFAC Value from Query OFAC... | ||||||
memo | String Max of 32 characters | O | Memo | ||||||
achOptions | String 1-character code | O R>ACH | ACH Options: (Required for ACH)
| ACH | |||||
overrides | String | O RISO | Overrides For ISOs, please contact TabaPay Support for details on when and how to use. | Required for ISOs | |||||
► pullOptions | object View Object | O | Additional Pull Options | ||||||
lender | Boolean | O | Lender - deprecating, use overrides | ||||||
quasiCash | Boolean | O | Quasi-Cash - deprecating, use overrides | ||||||
securityCode | String 3-4 digits | O | CVV2 Valid only when using sourceAccountID (Pull) | ||||||
recurring | Boolean | O | Recurring Pull Transaction | ||||||
3DSecure | Object | O | 3D Secure | ||||||
version | String | O RMasterCard | Version Required by MasterCard | ||||||
ECI | String | R | ECI (Electronic Commerce Indicator) | old: 3dsECI | |||||
UCAF | String | R | UCAF (Universal Cardholder Authentication Field) | old: 3dsUCAF | |||||
XID | String | O | XID (Transaction ID) | old: 3dsXID | |||||
dsTransactionID | String | O RMasterCard | Directory Server TransactionID Required by MasterCard | ||||||
level2TaxExempt | boolean | O | Level 2: Tax Exempt | Level 2 | |||||
level2TaxAmount | String Amount | O | Level 2: Tax Amount (Currency is the same as the Transaction Amount) | Level 2 | |||||
level3 | Object | O | Level 3 | Level 3 | |||||
amountTax | String Amount | R | Tax Amount (Currency is the same as the Transaction Amount) | Level 3 | |||||
tax | Code 1 digit | R | 0 = Sales Tax Not Included 1 = Sales Tax Included 2 = Tax Exempt | Level 3 | |||||
taxRate | Number Max 2 decimal places | R | Tax Rate | Level 3 | |||||
amountDiscount | String Amount | R | Discount Amount | Level 3 | |||||
amountShipping | String Amount | R | Shipping Amount | Level 3 | |||||
amountDuty | String Amount | R | Duty Amount | Level 3 | |||||
itemCommodityCode | String | R | Item Commodity Code | Level 3 | |||||
itemDescription | String | R | Item Description | Level 3 | |||||
productCode | String | R | Product Code | Level 3 | |||||
quantity | Number | R | Quantity | Level 3 | |||||
unitOfMeasure | String | R | Unit of Measure | Level 3 | |||||
amountUnitCost | String Amount | R | Unit Cost | Level 3 | |||||
amountItemDiscount | String Amount | R | Discount per Line Item | Level 3 | |||||
amountTotal | String Amount | R | Total | Level 3 | |||||
poNumber | String | R | Purchase Order Number | Level 3 | |||||
► softDescriptor | object View Object | ® | Soft Descriptor Restricted Usage | ® | |||||
name | String | R | Name | ® | |||||
▼ address | object Hide Object | R | Address | ® | |||||
line1 | String | R | Address Line 1 | ® | |||||
line2 | String | O | Address Line 2 | ® | |||||
city | String | R | City | ® | |||||
county | String 3 characters | R | County | ® | |||||
state | String 2-character code | R | State Code | ® | |||||
zipcode | String | R | Zip Code | ® | |||||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | ® | ||||
▼ phone | object Hide Object | O | Phone Number (E.164 Numbering) | ® | |||||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | ® | ||||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | ® | |||||
email | String | O RAmex | Email Address For American Express Bill Pay Provider program: Seller Email Address (max of 40 characters) | ® | |||||
id | String | O RAmex | ID For American Express Bill Pay Provider program: Seller ID (max of 20 digits) | ® | |||||
► location | object View Object | O | Location of the Origination of Transaction | ||||||
name | String | R | Location Name | ||||||
▼ address | object Hide Object | R | Location Address | ||||||
line1 | String | R | Address Line 1 | ||||||
line2 | String | O | Address Line 2 | ||||||
city | String | R | City | ||||||
state | String 2-character code | R | State Code | ||||||
zipcode | String | R | Zip Code | ||||||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | |||||
Integer Between 15 and 39 | O | 39 | Time to wait for a response Default is 39 seconds See Notes Below... |
Field | Required | Description | UnEncrypted Card Data Format |
---|---|---|---|
Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | Security Code (no spaces, pipe symbol separated) see samples |
Expiration Date | R | Expiration date in YYYYMM Format | |
Security Code | O | 3 or 4 digit CVV2 |
Create Transaction:
{ "referenceID": "1", "type": "push", "accounts": { "sourceAccountID": "TabaPay_AccountID_22-c", "destinationAccountID": "TabaPay_AccountID_22-c" }, "amount": "1.00" }Create Pull Transaction:
{ "referenceID": "1", "type": "pull", "accounts": { "sourceAccount": { "card": { "accountNumber": "9999999999999999", "expirationDate": "202012" }, "owner": { "name": { "first": "John", "last": "Benson" }, "address": { "line1": "465 Fairchild Drive", "line2": "Suite #222", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" } } }, "destinationAccountID": "TabaPay_AccountID_22-c" }, "amount": "0.10" }Create Push Transaction:
{ "referenceID": "1", "type": "push", "accounts": { "sourceAccountID": "TabaPay_AccountID_22-c", "destinationAccount": { "card": { "accountNumber": "9999999999999999", "expirationDate": "202012" }, "owner": { "name": { "first": "John", "last": "Benson" }, "address": { "line1": "465 Fairchild Drive", "line2": "Suite #222", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" } } } }, "amount": "0.10" }
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: None
1111111111111111|203001|333 where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: 333
Status Code | Description | |
---|---|---|
200 | OK | A Transaction is created and processing is completed. |
201 | Created | A Transaction is created, but the transaction is waiting to be processed (batch). |
207 | Multi-Status | One or more Failures occurred while processing the Request. |
429 | Too Many Requests | Over your Daily (24-hour rolling) Approximation Limit. |
JSON Name | Value | Description | Status Code | |||||
---|---|---|---|---|---|---|---|---|
200 | 201 | 207 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | ✔ | O | ||
EM | String | Error Message | O | O | ||||
transactionID | String 22 characters | TransactionID | ✔ | ✔ | ✔ | |||
network | String | Network | ✔ | ✔ | ✔ | |||
networkRC | String 2 or 3-character code | Network Response Code | ✔ | O | ||||
networkID | String | NetworkID (Network TransactionID) | O | |||||
status | String | Status | ✔ | ✔ | ✔ | |||
approvalCode | String 6 characters | Approval Code | ✔ | O | ||||
errors | Array of 8 characters Strings | Array of Internal Error Codes | ✔ | |||||
AVS | object | AVS Results | C | |||||
codeAVS | String | AVS Response Code | O | |||||
codeSecurityCode | String | Security Code Response Code | O | |||||
fees | object | Estimated Fees | O | O | ||||
interchange | String Amount | Interchange Fees | ✔ | ✔ | ||||
network | String Amount | Network Fees | ✔ | ✔ | ||||
tabapay | String Amount | TabaPay Fees | ✔ | ✔ | ||||
card | object | Card | O | O | ||||
last4 | String 4 digits | Last 4 of Card Account Number (PAN) | ✔ | ✔ | ||||
expirationDate | String 6 digits | Expiration Date YYYYMM Format | O | O |
{ "SC": 200, "EC": "0", "transactionID": "TabaPay_TransactionID_", "network": "Visa", "networkRC": "00", "status": "COMPLETED", "approvalCode": "000000" }Transaction created but waiting to be processing (batch):
{ "SC": 201, "EC": "0", "transactionID": "TabaPay_TransactionID_", "network": "CreditCards", "status": "PENDING" }
On a Pull Transaction, specifying at least the Owner Address Line 1 and/or Owner Zip Code will result in an automatic AVS check which may result in lower fees. However, a bad AVS will not stop the Transaction. You should have previously done a Query Card with AVS to check the Card.
Once the Transaction finished processing, the Actual Status of the Transaction will be reflected. You can do a Retrieve Transaction to check on the actual Transaction Status. However, do not poll, otherwise you will get SC=429.
After 90 seconds, the Transaction Status will NOT change. We have given up waiting for a response. Most likely, the Transaction Status will remain in an UNKNOWN status. Contact TabaPay Support if you need us to investigate what really happened with this Transaction.
card.mode | Description |
---|---|
0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
Status Code | Description | |
---|---|---|
200 | OK | The Transaction is retrieved. |
421 | Misdirected Request | Too late to Retrieve Transaction by ReferenceID, use TransactionID. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | |||
referenceID | String | ReferenceID | ✔ | |||
network | String | Network | O | |||
networkRC | String 2 or 3-character code | Network Response Code | O | |||
status | String | Status | ✔ | |||
originally | String | Original Status | O | |||
approvalCode | String 6 characters | Approval Code | O | |||
errors | Array of 8 characters Strings | Array of Internal Error Codes | O | |||
currency | String 3-digit code | ISO 4217 Currency Number | O | |||
amount | String | Amount in Currency | ✔ | |||
amountUSD | String | Amount in USD if Currency is not 840 (USD) | O | |||
last4 | String | Last 4 of Card Account Number (PAN) or Last 4 of Bank Account Number | ✔ | |||
memo | String | Memo | O | |||
fees | object | Fees | O | |||
interchange | String Amount | Interchange Fees | ✔ | |||
network | String Amount | Network Fees | ✔ | |||
tabapay | String Amount | TabaPay Fees | ✔ | |||
reversalStatus | String | Reversal Status | O | |||
reversal | object | Reversal | O | |||
networkRC | String 2 or 3-character code | Network Response Code | O | |||
networkRC2 | String 2 or 3-character code | Network Response Code | O | |||
error | String 1 or 8 characters | Internal Error Code | O |
{ "SC": 200, "EC": "0", "referenceID": "1", "network": "Visa", "networkRC": "00", "status": "COMPLETED", "approvalCode": "000000", "amount": "0.10", "fees": { "interchange": "0.50", "network": "0.50", "tabapay": "0.25" } }
This request is only valid if the Transaction was created within 24 hours ago, otherwise SC=421 will be returned, use Retrieve by TransactionID.
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
Status Code | Description | |
---|---|---|
200 | OK | The Transaction is retrieved. |
421 | Misdirected Request | Too late to Retrieve Transaction by ReferenceID, use TransactionID. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | |||
transactionID | String 22 characters | TransactionID | ✔ | |||
network | String | Network | O | |||
networkRC | String 2 or 3-character code | Network Response Code | O | |||
status | String | Status | ✔ | |||
originally | String | Original Status | O | |||
approvalCode | String 6 characters | Approval Code | O | |||
errors | Array of 8 characters Strings | Array of Internal Error Codes | O | |||
currency | String 3-digit code | ISO 4217 Currency Number | O | |||
amount | String | Amount in Currency | ✔ | |||
amountUSD | String | Amount in USD if Currency is not 840 (USD) | O | |||
last4 | String | Last 4 of Card Account Number (PAN) or Last 4 of Bank Account Number | ✔ | |||
memo | String | Memo | O | |||
fees | object | Fees | O | |||
interchange | String Amount | Interchange Fees | ✔ | |||
network | String Amount | Network Fees | ✔ | |||
tabapay | String Amount | TabaPay Fees | ✔ | |||
reversalStatus | String | Reversal Status | O | |||
reversal | object | Reversal | O | |||
networkRC | String 2 or 3-character code | Network Response Code | O | |||
networkRC2 | String 2 or 3-character code | Network Response Code | O | |||
error | String 1 or 8 characters | Internal Error Code | O |
{ "SC": 200, "EC": "0", "transactionID": "TransactionID_22chars_", "network": "Visa", "networkRC": "00", "status": "COMPLETED", "approvalCode": "000000", "amount": "0.10", "fees": { "interchange": "0.50", "network": "0.50", "tabapay": "0.25" } }
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Choice | ||||
---|---|---|---|---|---|---|---|---|---|
overrides | String | O RISO | Overrides For ISOs, please contact TabaPay Support for details on when and how to use. | Required for ISOs | |||||
currency | String 3 digits | O | 840 | ISO 4217 Currency Number | |||||
amount | String Amount | O | Partial Reversal Amount |
Partial Reversal:
{ "amount": "1.00" }
Status Code | Description | |
---|---|---|
200 | OK | A Request for a Reversal of the previous Transaction is successful. |
207 | Multi-Status | One or more Failures occurred while processing the Request. |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
200 | 207 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | ||
EM | String | Error Message | O | O | |||
status | String | Status | ✔ | ✔ | |||
reversal | object | Reversal | ✔ | O | |||
networkRC | String 2 or 3-character code | Void Network Response Code | ✔ | O | |||
networkRC2 | String 2 or 3-character code | Refund after failed Void Network Response Code | ✔ | O |
{ "SC": 200, "EC": "0", "status": "COMPLETED", "reversal": { "networkRC": "00" } }Dual Message Network:
{ "SC": 200, "EC": "0", "status": "COMPLETED", "reversal": { "networkRC": "21", "networkRC2": "00" } }
A status of COMPLETED and either networkRC equals to 00 or networkRC2 equals to 00 means a successful request for a reversal.
The operations that are available for this resource are:
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | Choice | ||||
---|---|---|---|---|---|---|---|---|---|
type | String 4 characters Either pull or push | R | Transaction Type | ||||||
user1 | String 1-15 characters | O | User1 | ||||||
user2 | String 1-15 characters | O | User2 | ||||||
currency | String 3 digits | O | 840 | ISO 4217 Currency Number | |||||
amount | String Amount | R | Transaction Amount | ||||||
► customer | object View Object | R | Customer | ||||||
► name | object View Object | R | Name | ||||||
first | String | R | First Name | ||||||
last | String | R | Last Name | ||||||
► address | object View Object | O | Address | ||||||
line1 | String | R | Address Line 1 | ||||||
line2 | String | O | Address Line 2 | ||||||
city | String | R | City | ||||||
state | String 2-character code | R | State Code | ||||||
zipcode | String | R | Zip Code | ||||||
country | String 3-digit code | R | 840 | ISO 3166-1 Country Code | |||||
► callback | object View Object | O | Callback, contact TabaPay | ||||||
type | String | R | URL | ||||||
value | String | R | URL String |
{ "type": "pull", "user1": "123456789", "amount": "1000.00", "customer": { "name": { "first": "TabaPay", "last": "Inc", }, "address": { "line1": "605 Ellis Street", "line2": "Suite 110", "city": "Mountain View", "state": "CA", "zipcode": "94043", } } }With Callback:
{ "type": "pull", "user1": "123456789", "amount": "1000.00", "customer": { "name": { "first": "TabaPay", "last": "Inc", }, "address": { "line1": "605 Ellis Street", "line2": "Suite 110", "city": "Mountain View", "state": "CA", "zipcode": "94043", } }, "callback": { "type": "URL", "value": "https://somewhere.com" } }
Status Code | Description | |
---|---|---|
200 | OK | A Transaction is created and processing is completed. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | O | ||
otppID | String 22 characters | TransactionRequestID (OTPPID) | ✔ | |||
link | String URL | URL | ✔ |
{ "SC": 200, "EC": "0", "otppid": "TabaPay_OTPPID_22Chars", "link": "https://link/?ID=TabaPay_OTPPID_22Chars" }
{ "request": { "amount": "1000.00", "card": { "last4": "1234", "expirationDate": "202512" }, "user1": "123456789", "name": { "first": "TabaPay", "last": "Inc" }, "address": { "line1": "605 Ellis Street", "line2": "Suite 110", "city": "Mountain View", "state": "CA", "zipcode": "94043", } }, "response": { "SC": "200", "EC": "0", "transactionID": "TabaPay_TransactionID_", "network": "Visa", "networkRC": "00", "status": "COMPLETED", "approvalCode": "230402", "AVS": { "codeAVS": "Y", "codeSecurityCode": "M" } } }
The functions that are available for this service are:
Also please read the 3D Secure FAQ.
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | |||
---|---|---|---|---|---|---|---|
account | object | R | Account | ||||
accountID | String 22 characters | R | AccountID | ||||
owner | object | O | Owner | ||||
phone | object | O | Phone Number (E.164 Numbering) | ||||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | |||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | ||||
order | object | R | Order | ||||
orderID | String 1-50 characters | R | Order Number | ||||
currency | String 3 digits | O | 840 | ISO 4217 Currency Number | |||
amount | String Amount | R | Transaction Amount |
{ "account": { "accountID": "TabaPay_AccountID_22-c" }, "order": { "orderID": "12345678", "amount": "0.10" } }
Status Code | Description | |
---|---|---|
200 | OK | A JWT is created. |
207 | Multi-Status | One or more Failures occurred while processing the Request. |
404 | Not Found | The AccountID does not point to a valid Account. |
JSON Name | Value | Description | Status Code | ||||
---|---|---|---|---|---|---|---|
200 | 207 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O | ||
EM | String | Error Message | O | O | |||
3dsID | String | An identifier representing this Request | ✔ | ||||
jwt | String | JWT (JSON Web Token) | ✔ | ||||
deviceCollectionURL | String URL | URL for Device Data Collection | ✔ |
{ "SC": 200, "EC": "0", "3dsID": "ID_BASE64-URL-SAFE-VALUE", "jwt": "JWT-BASE64-URL-SAFE-VALUE", "deviceCollectionURL": "https://someplace.somewhere.com/DeviceCollect" }
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | |||
---|---|---|---|---|---|---|---|
3dsID | String | R | 3dsID from 3D Secure Initialize | ||||
authenticationIndicator | String 2 digits | R | |||||
transactionMode | String 1 character | O | |||||
transactionType | String 1 character | R | |||||
productCode | String 3 characters | R | |||||
account | object | R | Account | ||||
accountID | String 22 characters | R | AccountID | ||||
owner | object | R | Owner | ||||
String | R | Email Address | |||||
phone | object | O | Phone Number (E.164 Numbering) | ||||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | |||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | ||||
order | object | R | Order | ||||
orderID | String 1-50 characters | R | Order Number | ||||
currency | String 3 digits | O | 840 | ISO 4217 Currency Number | |||
amount | String Amount | R | Transaction Amount | ||||
browser | object | R | Browser Info | ||||
javascriptEnabled | boolean | O | |||||
userAgent | String | O | |||||
header | String | O | |||||
javaEnabled | boolean | O | |||||
language | String | O | |||||
colorDepth | String | O | |||||
screenHeight | String | O | |||||
screenWidth | String | O | |||||
ipAddress | String | O | |||||
deviceChannel | String | R | Either:
|
{ "3dsID": "ID_BASE64-URL-SAFE-VALUE", "authenticationIndicator": "01", "transactionType": "C", "productCode": "ACF", "account": { "accountID": "TabaPay_AccountID_22-c", "owner": { "email": "support@tabapay.com" } }, "order": { "orderID": "12345678", "amount": "0.10" }, "browser": { "deviceChannel": "Browser" } }
Status Code | Description | |
---|---|---|
200 | OK | A Lookup Response is returned. |
207 | Multi-Status | One or more Failures occurred while processing the Request. |
404 | Not Found | The AccountID does not point to a valid Account. |
JSON Name | Value | Description | Status Code | |||||
---|---|---|---|---|---|---|---|---|
200 | 200 Challenge | 207 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | ✔ | O | ||
EM | String | Error Message | O | O | ||||
3dsVersion | String | The 3D Secure Version that was used to process this request | ✔ | ✔ | ||||
enrolled | String | Authentication Eligibility Status | ✔ | ✔ | ||||
processorTransactionID | String | Processor Transaction Identifier | ✔ | ✔ | ||||
dsTransactionID | String | Directory Server Transaction Identifier | O | O | ||||
status | String | Status | ✔ | |||||
ECI | String | ECI (Electronic Commerce Indicator) | ✔ | |||||
UCAF | String | UCAF (Universal Cardholder Authentication Field)
| ✔ | |||||
XID | String | XID (Transaction ID) | O | |||||
challengeURL | String | Consumer Authentication URL | ✔ | |||||
payload | String | Encoded Payment Request | ✔ |
{ "SC": 200, "EC": "0", "3dsVersion": "2.1.0", "enrolled": "Y", "processorTransactionID":"11111111111111111111", "dsTransactionID": "11111111-2222-3333-4444-555555555555", "status": "Y", "ECI": "05", "UCAF": "1111111111111111111111111111" }Challenge:
{ "SC": 200, "EC": "0", "3dsVersion": "2.1.0", "enrolled": "Y", "processorTransactionID": "11111111111111111111", "dsTransactionID": "11111111-2222-3333-4444-555555555555", "challengeURL":"https://someplace.somewhere.com/challenge", "payload":"A_LONG_PAYLOAD" }
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
JSON Name | Value | Required | Default | Description | ||
---|---|---|---|---|---|---|
3dsID | String | R | 3dsID from 3D Secure Initialize | |||
jwt | String | R | JWT (JSON Web Token) from Challenge |
{ "3dsID": "ID_BASE64-URL-SAFE-VALUE", "jwt": "JWT-BASE64-URL-SAFE-VALUE" }
Status Code | Description | |
---|---|---|
200 | OK | A Lookup Response is returned. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | |||
actionCode | String | Result: Action Code | ✔ | |||
errorNumber | String | Result: Error Number | ✔ | |||
errorDescription | String | Result: Error Description | O | |||
3dsVersion | String | The 3D Secure Version that was used to process this request | ✔ | |||
processorTransactionID | String | Processor Transaction Identifier | ✔ | |||
status | String | Status | ✔ | |||
ECI | String | ECI (Electronic Commerce Indicator) | ✔ | |||
UCAF | String | UCAF (Universal Cardholder Authentication Field)
| ✔ | |||
XID | String | XID (Transaction ID) | O |
{ "SC": 200, "EC": "0", "actionCode": "SUCCESS", "errorNumber": "0", "errorDescription": "Success" "3dsVersion": "2.1.0", "processorTransactionID":"11111111111111111111", "status": "Y", "ECI": "05", "UCAF": "1111111111111111111111111111" }
The operations that are available for this resource are:
JSON Name | Value | Required | Default | Description | |
---|---|---|---|---|---|
type | String 4 characters Either push or pull | R | Transaction Type The direction of the transaction impacts the FX Rate | ||
sourceCurrency | String 3-digit code | R | ISO 4217 Currency Number The source currency. On a push, the originator's currency. On a pull, the beneficiary's currency | ||
destinationCurrency | String 3-digit code | R | ISO 4217 Currency Number The destination currency. On a push, the beneficiary's currency. On a pull, the originator's currency | ||
amount | String Amount | R | Transaction Amount | ||
network | String Either visa, mastercard, or bank | R | Transaction Network |
Query FXRate:
{ "type": "push", "sourceCurrency": "840", "destinationCurrency": "826", "amount": "10.00", "network" "visa" }
Status Code | Description | |
---|---|---|
200 | OK | The FX Rate has been queried and the process is complete. |
207 | Multi-Status | One or more failures occurred while processing the Request. |
JSON Name | Value | Description | Status Code | ||
---|---|---|---|---|---|
200 | 207 | Other | |||
SC | Integer 3-digit code | HTTP Status Code | ✔ | ✔ | O |
EC | String 1 or 8 characters | Internal Error Code | ✔ | ✔ | O |
EM | String | Error Message | O | O | |
sourceAmount | String Amount | On a push, this is the transaction amount. On a pull, this is the settlement amount. | ✔ | ||
sourceCurrency | String 3-digit code | ISO 4217 Currency Number The source currency code. On a push, the originator's currency. On a pull, the beneficiary's currency | ✔ | ||
destinationAmount | String Amount | On a push, this is the settlement amount. On a pull, this is the transaction amount. | ✔ | ||
destinationCurrrency | String 3-digit code | ISO 4217 Currency Number The destination currency. On a push, the beneficiary's currency. On a pull, the originator's currency | ✔ | ||
conversionRate | String Decimal | Conversion Rate without markup applied. | ✔ | ||
markup | String Decimal | Markup Rate applied to the transaction amount. | ✔ | ||
rateExpiration | String yyyy-MM-ddTHH:mm:ssZ Format. | All FX Rates expire 00:00:00 GMT the following calander day. | ✔ | ||
errors | Array of 8 characters Strings | Array of Internal Error Codes | ✔ |
{ "SC": 200, "EC": "0", "sourceAmount": "10.70", "sourceCurrency":"840", "destinationAmount": "8.22", "destinationCurrency": "826", "conversionRate": "0.7682243", "markup": "0.07" "rateExpiration": "2022-01-29 00:00:00 GMT" }
The operations that are available for this resource are:
For ISOs (Independent Sales Organization) only.
JSON Name | Value | Required | Default | Description | ||
---|---|---|---|---|---|---|
name | String | R | Company Name | |||
tin | String 9 digits | R | Taxpayer Identification Number (EIN or SSN) | |||
type | String | R | Company Type:
| |||
url | String | O | URL | |||
String | R | |||||
address | object | R | Address | |||
line1 | String | R | Address Line 1 | |||
line2 | String | O | Address Line 2 | |||
city | String | R | City | |||
state | String 2-character code | R | State Code | |||
zipcode | String | R | Zip Code | |||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | ||
phone | object | R | Phone Number (E.164 Numbering) | |||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | ||
number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | |||
mcc | String 4 digits | R | Merchant Category Code | |||
mvv | String 6 digits | O | Visa Merchant Verification Code - requires Visa registration | |||
maid | String 6 digits | O | MasterCard Identification - requires MasterCard registration | |||
settlement | object | O | Settlement Accounts | |||
purchase | object | R | Purchase | |||
routingNumber | String 9 digits | R | Routing Number | |||
accountNumber | String 4-17 digits | R | Account Number | |||
disbursement | object | R | Disbursement | |||
routingNumber | String 9 digits | R | Routing Number | |||
accountNumber | String 4-17 digits | R | Account Number | |||
fee | object | R | Fee | |||
routingNumber | String 9 digits | R | Routing Number | |||
accountNumber | String 4-17 digits | R | Account Number | |||
exception | object | R | Exception | |||
routingNumber | String 9 digits | R | Routing Number | |||
accountNumber | String 4-17 digits | R | Account Number |
Client's SubClient:
{ "name": "TabaPay", "tin": "123456789", "type": "Corp", "url": "www.tabapay.com", "email": "help@tabapay.com", "address": { "line1": "605 Ellis Street", "line2": "Suite 110", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" }, "mcc": 1234, "mvv": 1234, "maid": 1234, "settlement": { "purchase": { "routingNumber": 121140399, "accountNumber": 12345 }, "disbursement": { "routingNumber": 121140399, "accountNumber": 12345 }, "fee": { "routingNumber": 121140399, "accountNumber": 12345 }, "exception": { "routingNumber": 121140399, "accountNumber": 12345 } } }
Status Code | Description | |
---|---|---|
200 | OK | Client's SubClient Registration Created. |
JSON Name | Value | Description | Status Code | ||
---|---|---|---|---|---|
200 | Other | ||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | |
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | |
EM | String | Error Message | O |
{ "SC": 200, "EC": "0" }
For ISOs (Independent Sales Organization) only.
Status Code | Description | |
---|---|---|
200 | OK | The Transaction is retrieved. |
404 | Not Found | SubClient Registration not found. |
JSON Name | Value | Description | Status Code | |||
---|---|---|---|---|---|---|
200 | Other | |||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | ||
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | ||
EM | String | Error Message | O | |||
name | String | Company Name | ✔ | |||
tin | String 9 digits | Taxpayer Identification Number (EIN or SSN) | ✔ | |||
type | String | Company Type | ✔ | |||
url | String | URL | O | |||
String | ✔ | |||||
address | object | Address | ✔ | |||
line1 | String | Address Line 1 | ✔ | |||
line2 | String | Address Line 2 | O | |||
city | String | City | ✔ | |||
state | String 2-character code | State Code | ✔ | |||
zipcode | String | Zip Code | ✔ | |||
country | String 3-digit code | ISO 3166-1 Country Code | O | |||
phone | object | Phone Number (E.164 Numbering) | ✔ | |||
countryCode | String 1-3 digits | Country Calling Code | O | |||
number | String Min: 4 digits Max: 12-14 digits | Phone Number | ✔ | |||
mcc | String 4 digits | Merchant Category Code | ✔ | |||
mvv | String 6 digits | Visa Merchant Verification Code | O | |||
maid | String 6 digits | MasterCard Identification | O | |||
settlement | object | Settlement Accounts | O | |||
purchase | object | Purchase | ✔ | |||
routingNumber | String 9 digits | Routing Number | ✔ | |||
accountNumber | String 4-17 digits | Account Number | ✔ | |||
disbursement | object | Disbursement | ✔ | |||
routingNumber | String 9 digits | Routing Number | ✔ | |||
accountNumber | String 4-17 digits | Account Number | ✔ | |||
fee | object | Fee | ✔ | |||
routingNumber | String 9 digits | Routing Number | ✔ | |||
accountNumber | String 4-17 digits | Account Number | ✔ | |||
exception | object | Exception | ✔ | |||
routingNumber | String 9 digits | Routing Number | ✔ | |||
accountNumber | String 4-17 digits | Account Number | ✔ |
{ "SC": 200, "EC": "0", "name": "TabaPay", "tin": "123456789", "type": "Corp", "url": "www.tabapay.com", "email": "help@tabapay.com", "address": { "line1": "605 Ellis Street", "line2": "Suite 110", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" }, "mcc": 1234, "mvv": 1234, "maid": 1234, "settlement": { "purchase": { "routingNumber": 121140399, "accountNumber": 12345 }, "disbursement": { "routingNumber": 121140399, "accountNumber": 12345 }, "fee": { "routingNumber": 121140399, "accountNumber": 12345 }, "exception": { "routingNumber": 121140399, "accountNumber": 12345 } } }
For ISOs (Independent Sales Organization) only.
JSON Name | Value | Required | Default | Description | ||
---|---|---|---|---|---|---|
name | String | O | Company Name | |||
tin | String 9 digits | O | Taxpayer Identification Number (EIN or SSN) | |||
type | String | O | Company Type:
| |||
url | String | O | URL | |||
String | O | |||||
address | object | O | Address | |||
line1 | String | O | Address Line 1 | |||
line2 | String | O | Address Line 2 | |||
city | String | O | City | |||
state | String 2-character code | O | State Code | |||
zipcode | String | O | Zip Code | |||
country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | ||
phone | object | O | Phone Number (E.164 Numbering) | |||
countryCode | String 1-3 digits | O | 1 | Country Calling Code | ||
number | String Min: 4 digits Max: 12-14 digits | O | Phone Number | |||
mcc | String 4 digits | O | Merchant Category Code | |||
mvv | String 6 digits | O | Visa Merchant Verification Code - requires Visa registration | |||
maid | String 6 digits | O | MasterCard Identification - requires MasterCard registration | |||
settlement | object | O | Settlement Accounts | |||
purchase | object | O | Purchase | |||
routingNumber | String 9 digits | O | Routing Number | |||
accountNumber | String 4-17 digits | O | Account Number | |||
disbursement | object | O | Disbursement | |||
routingNumber | String 9 digits | O | Routing Number | |||
accountNumber | String 4-17 digits | O | Account Number | |||
fee | object | O | Fee | |||
routingNumber | String 9 digits | O | Routing Number | |||
accountNumber | String 4-17 digits | O | Account Number | |||
exception | object | O | Exception | |||
routingNumber | String 9 digits | O | Routing Number | |||
accountNumber | String 4-17 digits | O | Account Number |
Client's SubClient:
{ "name": "TabaPay", "tin": "123456789", "type": "Corp", "url": "www.tabapay.com", "email": "help@tabapay.com", "address": { "line1": "605 Ellis Street", "line2": "Suite 110", "city": "Mountain View", "state": "CA", "zipcode": "94043" }, "phone": { "number": "4159808222" }, "mcc": 1234, "mvv": 1234, "maid": 1234, "settlement": { "purchase": { "routingNumber": 121140399, "accountNumber": 12345 }, "disbursement": { "routingNumber": 121140399, "accountNumber": 12345 }, "fee": { "routingNumber": 121140399, "accountNumber": 12345 }, "exception": { "routingNumber": 121140399, "accountNumber": 12345 } } }
Status Code | Description | |
---|---|---|
200 | OK | Client's SubClient Registration Updated. |
JSON Name | Value | Description | Status Code | ||
---|---|---|---|---|---|
200 | Other | ||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | |
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | |
EM | String | Error Message | O |
{ "SC": 200, "EC": "0" }
For ISOs (Independent Sales Organization) only.
Status Code | Description | |
---|---|---|
200 | OK | The Transaction is deleted. |
404 | Not Found | SubClient Registration not found. |
JSON Name | Value | Description | Status Code | ||
---|---|---|---|---|---|
200 | Other | ||||
SC | Integer 3-digit code | HTTP Status Code | ✔ | O | |
EC | String 1 or 8 characters | Internal Error Code | ✔ | O | |
EM | String | Error Message | O |
{ "SC": 200, "EC": "0" }
Network Name | |
---|---|
STAR | ![]() |
Pulse | ![]() |
NYCE | ![]() |
CU24 | ![]() |
Accel | ![]() |
Visa | ![]() |
VisaFF | ![]() |
MasterCard | ![]() |
MasterCardSend (MoneySend) | ![]() |
Discover | ![]() |
Amex | ![]() |
CCPay | ![]() ![]() ![]() ![]() |
IntlVisa | ![]() |
IntlMasterCard | ![]() |
A Financial Institution may decide to return a Network Response Code that may not match the ISO Code meaning.
ISO CODE | Description |
---|---|
00 | Approved or completed successfully |
01 | Refer to card issuer |
02 | Refer to card issuers special conditions |
03 | Invalid merchant |
04 | Pick-up |
05 | Do not honor |
06 | Error |
07 | Pick-up card, special conditions |
08 | Honor with identification |
09 | Request in progress |
10 | Approved for partial amount |
11 | Approved (VIP) |
12 | Invalid transaction |
13 | Invalid amount |
14 | Invalid card number (no such number) |
15 | No such issuer |
16 | Approved, update track 3 |
17 | Customer cancellation, reversal (unsupported) |
18 | Customer dispute, chargeback (future) |
19 | Re-enter transaction |
20 | Invalid response |
21 | No action taken, reversal (unsupported) |
22 | Suspected malfunction, reversal (unsupported) |
23 | Unacceptable transaction fee |
24 | File update not supported by receiver |
25 | Unable to locate record on file |
26 | Duplicate file update record, no action |
27 | File update field edit error |
28 | File update record locked out |
29 | File update not successful, contact acquirer |
30 | Format error (may also be a reversal) |
31 | Bank not supported by switch |
32 | Completed partially, reversal (unsupported) |
33 | Expired card, pick-up |
34 | Suspected fraud, pick-up |
35 | Card acceptor contact acquirer, pick-up |
36 | Restricted card, pick-up |
37 | Card acceptor call acquirer security, pick-up |
38 | Allowable PIN tries exceeded, pick-up |
39 | No credit account |
40 | Requested function not supported |
41 | Lost card, pick-up |
42 | No universal account |
43 | Stolen card, pick-up |
44 | No investment account |
45 | Reserved for ISO use |
46 | Reserved for ISO use |
47 | Reserved for ISO use |
48 | Reserved for ISO use |
49 | Reserved for ISO use |
50 | Reserved for ISO use |
51 | Insufficient funds |
52 | No checking account |
53 | No savings account |
54 | Expired card |
55 | Incorrect PIN |
56 | No card record |
57 | Transaction not permitted to cardholder |
58 | Transaction not permitted to terminal (may also be a chargeback) |
59 | Suspected fraud |
60 | Card acceptor contact acquirer |
61 | Exceeds withdrawal amount limit |
62 | Restricted card |
63 | Security violation (may also be a chargeback) |
64 | Original amount incorrect, reversal (unsupported) |
65 | Exceeds withdrawal frequency limit |
66 | Card acceptor call acquirer security |
67 | Hard capture, pick-up |
68 | Response received too late, reversal (unsupported) |
69 | Reserved for ISO |
70 | Reserved for ISO |
71 | Reserved for ISO |
72 | Reserved for ISO |
73 | Reserved for ISO |
74 | Reserved for ISO |
75 | Allowable number of PIN tries exceeded |
76 | Key synchronization error (FIS) |
77 | Reserved for private use |
78 | Customer not eligible for POS (Star SM ) |
79 | Invalid digital signature |
80 | Stale dated transaction (Star SM ) |
81 | Issuer requested standin |
82 | Count exceeds limit (VISANet) |
83 | Reserved for private use |
84 | Time limit for pre-authorization reached (VISANet) |
85* | Issuer has no reason to decline the transaction (Account Verification) |
86 | Cannot verify PIN (VISANet) |
87 | Check already posted |
88 | Information not on file |
89 | Card verification value (CVV) verification failed (no pickup) |
90 | Cutoff is in progress |
91 | Issuer or switch is inoperative |
92 | Financial institution or intermediate network unknown for routing |
93 | Transaction cannot be completed, violation of law |
94 | Duplication transaction |
95 | Reconcile error |
96 | System malfunction |
97 | Reserved for national use |
98 | Reserved for national use |
99* | Card network fault error |
0Z-9Z | Reserved for ISO use |
C2-E0 | Reserved for national use (X9.2) |
E1* | Invalid or unsupported SEC |
E2* | AVS data required |
E3* | CVV2 data required |
E4* | Service not allowed. Transaction not permitted to cardholder. |
E5* | Service not allowed. Transaction not permitted to cardholder. |
E6* | Issuer country is blocked |
E7* | Incorrect MAC was sent |
E8* | Standard Entry Class requirements were not met |
E9* | System time out |
EA* | Account length error |
EB* | Check digit error |
EC* | CID format error |
ED* | Authorization is too old to capture |
EE* | Card product code is blocked Card product code is blocked |
EF* | Attempt to process a BRIC transaction on a prior PIN based transaction |
EG* | CyberSource Time Out Connection to CyberSource timed out |
EH* | CARD_ENT_METH supplied is not valid or required additional data not provided as defined |
EI* | CARD_ID is not valid |
EJ* | Required PIN block not present |
EK* | Bin is not valid for pinless routing |
EL* | Signature store did not complete |
EM* | Debit PIN transactions must be swiped |
EN* | DB proxy response was not processed within the time out period |
EO* | Transaction was declined by merchant due to mismatch of CVV2 data |
EP* | Transaction not allowed as per a validation rule |
EQ* | There were no available gateway nodes to route transaction |
EZ-MZ | Reserved for national use (X9.2) |
N0 | Authorization life cycle unacceptable |
N1 | Authorization life cycle expired |
N2 | Non-receipt of requested item (future) |
N3 | Non-receipt of requested item, illegible copy (future) |
N4 | Transaction exceeds floor limit (future) |
N5 | Declined authorization (future) |
N6 | Non-matching account numbers (future) |
N7 | Error in addition (future) |
N8 | Altered amount (future) |
N9 | Incorrect account number (future) |
P0 | Missing signature (future) |
P1 | Slip without card imprint (future) |
P2 | Imprinting of multiple slips (future) |
P3 | Canceled pre-authorization transaction (future) |
P4 | Delinquent settlement (future) |
P5 | Currency conversion error (future) |
P6 | Credit posted as a debit (sale) (future) |
P7 | Claim or defense (future) |
P8 | Non-receipt of goods (future) |
P9 | Defective merchandise (future) |
Q1* | Card authentication failed |
R0 | Fraudulent transaction prior to embossed valid date (future) |
R1 | Credit not received (future) |
R2 | Allowable PAN entries warning -- approved |
R3 | Approved with overdraft protection |
R4 | Bad CVV3 |
RR* | Unknown Backend Processing Error |
S0 | Check not acceptable for cash |
S1 | Check not acceptable |
S2 | Check deposit limit exceeded |
S3 | Cash back limit exceeded |
S4 | Check amount does not match courtesy amount |
S5 | PIN not selected |
S6 | PIN already selected |
S7 | Unmatched voucher information |
S8 | Allowable PAN entries exceeded -- denial |
S9 | Expiration date mismatch |
SA | Inactive card |
SB | Expiration date mismatch (card pickup) |
SC | Item suspected for stop pay |
SD | Account closed |
SE | Ineligible account |
SF | Item submitted more than two times |
SG | No account on file - absolute |
SH | Unable to locate |
SI | General denial |
SJ | Item settled via ACH |
SK | Cross-reference card not found |
SL | Category limit exceeded |
SM | Transaction limit exceeded |
SN | Daily limit exceeded |
SO | Monthly limit exceeded |
SP | Invalid secret code |
SQ | PIN key sync error |
SR | Bad CVV2 |
SS | Stop payment order |
ST | Revocation of authorization order |
SV | Stop reoccurring payments |
T3 | Lost card (no pickup) |
T4 | Closed account |
T5 | Dormant account |
T6 | Special conditions (no pick-up) |
T7 | Purchase only approval for purchase with cash back transaction. |
T9 | Insufficient funds for fees |
TA | ARQC validation failed for chip card |
TB | Unsafe PIN |
U0-YZ | Reserved for private use |
ZD* | MasterCard Send (MoneySend) Error due to Expiration Date |
ZN* | MasterCard Send (MoneySend) Decline due to Card was Declined |
ZR* | MasterCard Send (MoneySend) Decline due to Unsupported Card |
ZU* | MasterCard Send (MoneySend) Error due to an Unknown Reason |
ZX* | MasterCard Send (MoneySend) Decline due to an Unknown Reason |
ZY* | MasterCard Send (MoneySend) Request in Unknown Status |
ZZ* | Used by TabaPay for Testing |
Notes:
* Not all Networks may return this Network Response Code.
Accel Action Code | Description |
---|---|
000 | Approved |
001 | Approved with identification |
002 | Approved for partial amount |
003 | Approved (VIP) |
100, 200 | Do not honor |
101, 201 | Expired card |
102, 202 | Suspected fraud |
103, 203 | Card acceptor contact acquirer |
104, 204 | Restricted card |
105, 205 | Card acceptor call acquirer’s security department |
106, 206 | Allowable PIN tries exceeded |
107 | Refer to card issuer |
108 | Refer to card issuer’s special condition |
109 | Invalid merchant |
110 | Invalid amount |
111 | Invalid card number |
112 | PIN data required |
113 | Unacceptable fee |
114, 214 | No account of type requested |
115 | Requested function not supported (invalid transaction) |
116, 216 | Insufficient funds |
117, 217 | Incorrect PIN |
118 | No card record |
119 | Transaction not permitted to cardholder |
120 | Transaction not permitted to terminal |
121 | Exceeds withdrawal amount limit |
122 | Security violation |
123 | Exceeds withdrawal limit frequency |
124 | Violation of law |
126 | Invalid PIN block |
127 | PIN length error |
128 | PIN key synchronization error (sanity error) |
129 | Suspected counterfeit card |
130 | Transaction failed OFAC check |
131 | Check not acceptable |
180 | Limit exceeded due to cashback amount |
181 | Enter lesser amount |
182 | Institution not supported by switch |
183 | Balances not available for inquiry |
184 | Resubmission in violation of network rules |
185 | Stop payment on check (shared branch only) |
207 | Special conditions |
208 | Lost card |
209 | Stolen card |
210 | Suspected counterfeit card |
907 | Card issuer or switch inoperative |
908 | Transaction destination cannot be found for routing |
909 | System malfunction |
999 | Used by TabaPay for Testing |
RTP Response Code | Description |
---|---|
P01 | Insufficient Funds |
P02 | Unknown customer, account closed |
P04 | Debtor/Creditor Account invalid |
P07 | Account blocked |
P11 | Transaction forbidden on this account |
P14 | Deceased customer |
P18 | Invalid Date |
P21 | Incorrect Agent |
P23 | Amount not agreed upon or invalid |
P24 | Duplicate message |
P26 | Missing or invalid mandatory field |
P27 | See narrative information for more detail about error |
P28 | Incorrect RTN |
P34 | Suspended account |
Z01 | Internal RTP error |
Z02 | Timeout |
Z03 | Token error |
Z0U | Unknown Network Error |
Code | Visa | MasterCard | Discover | American Express |
---|---|---|---|---|
Y | Address & 5-digit or 9-digit ZIP match | Address & 5-digit ZIP match | Address only matches | Address & ZIP match |
A | Address matches, ZIP does not | Address matches, ZIP does not | Address & 5-digit ZIP match | Address only matches |
S | AVS not supported | AVS not supported | AVS not supported | AVS not supported |
R | System unavailable, retry | System unavailable, retry | Not applicable | System unavailable, retry |
U | Information not available | Information not available | System unavailable, retry | Information not available |
Z | Either 5-digit or 9-digit ZIP match, address does not | 5-digit ZIP matches, address does not | 5-digit ZIP matches, address does not | ZIP code only matches |
N | Neither ZIP nor address match | Neither ZIP nor address match | Neither ZIP nor address match | Neither ZIP nor address match |
W | Not applicable | For U.S., 9-digit ZIP matches, address does not. For non-U.S., ZIP matches, address does not | Information not available | Not applicable |
X | Not applicable | For U.S., all digits match. For non-U.S., ZIP and address match. | Address & 9-digit ZIP match | Not applicable |
B | Address matches, ZIP not verified | Not applicable | Not applicable | Not applicable |
T | Not applicable | Not applicable | 9-digit ZIP matches, address does not | Not applicable |
P | ZIP matches, address not verified | Not applicable | Not applicable | Not applicable |
C | Address and ZIP not verified | Not applicable | Not applicable | Not applicable |
D | Address & ZIP match (International only) | Not applicable | Not applicable | Not applicable |
G | Address not verified for International transaction (International only) | Not applicable | Not applicable | Not applicable |
I | Address not verified (International only) | Not applicable | Not applicable | Not applicable |
M | Address & ZIP match (International only) | Not applicable | Not applicable | Not applicable |
F | Address & ZIP match (UK only) | Not applicable | Not applicable | Not applicable |
Response Code for Securtiy Code | Description |
---|---|
M | Security Code was matched |
N | Security Code was not matched |
EC | Description |
---|---|
0 | OK |
!= 0 | Error |
If you need to contact TabaPay Support, be sure to send:
Status Code | Description | |
---|---|---|
200 | OK | The API Request was successfully processed. |
201 | Created | Transaction Created, but Transaction Processing is Pending (batch). |
207 | Multi-Status | One or more upstream processing failed. |
400 | Bad Request | The ResourceID is invalid or The Request Data is invalid. |
401 | UnAuthorized | The Authorization Token is invalid or The IP Address is invalid (not whitelisted). |
403 | Forbidden | Invalid permissions to access the Resource, please contact TabaPay support. |
404 | Not Found | The ResourceID does not point to a valid Resource. |
405 | Method Not Allowed | Request Method Not Allowed for the Requested Resource. |
406 | Not Acceptable | Our Web Application Firewall (WAF) found something invalid in your request. |
409 | Conflict | ReferenceID already used or Conflicting Request Parameters. |
410 | Gone | The Resource pointed to by the ResourceID has been marked for deletion. |
415 | Unsupported Media Type | Content-type must be application/json. |
421 | Misdirected Request | Too late to Retrieve by ReferenceID, use AccountID or TransactionID. |
422 | Unprocessable Entity | The Resource pointed to by the ResourceID is in an invalid state or The Transaction Amount exceeded one or more Limits. |
423 | Locked | The Resource pointed to by the ResourceID is locked. |
429 | Too Many Requests | Retrieve: Too many requests, please do not poll. Create Transaction: Over your Daily (24-hour rolling) Approximation Limit. |
431 | Request Header Fields Too Large | Too many HTTP Header Lines and/or HTTP Header Lines too big. |
500 | Server Error | There was a problem processing the Request. |
502 | Bad Gateway | Problem connecting to an Application Server. |
503 | Service Unavailable | Your request cannot be processed, should be only a Temporary Condition. |
504 | Gateway Timeout | Connection to an Application Server timed out. |
A 400 Series Error is usually something that you can fix by changing something in your request. A 500 Series Error is usually something that you need to contact us (support@TabaPay.com) to look at. If we determine that a 500 Series Error can be fixed by you, we will try to change this error situation to a 400 Series Error in a future code release.
Currency Number | Decimal Places | Decimal Separator | Currency Code | Currency Name |
---|---|---|---|---|
784 | 2 | . (period) | AED | United Arab Emirates dirham |
971 | 2 | . (period) | AFN | Afghan afghani |
008 | 2 | , (comma) | ALL | Albanian lek |
051 | 2 | , (comma) | AMD | Armenian dram |
532 | 2 | . (period) | ANG | Netherlands Antillean guilder |
973 | 2 | , (comma) | AOA | Angolan kwanza |
032 | 2 | , (comma) | ARS | Argentine peso |
036 | 2 | . (period) | AUD | Australian dollar |
533 | 2 | . (period) | AWG | Aruban florin |
944 | 2 | , (comma) | AZN | Azerbaijani manat |
977 | 2 | , (comma) | BAM | Bosnia and Herzegovina convertible mark |
052 | 2 | . (period) | BBD | Barbados dollar |
050 | 2 | . (period) | BDT | Bangladeshi taka |
975 | 2 | , (comma) | BGN | Bulgarian lev |
048 | 3 | . (period) | BHD | Bahraini dinar |
108 | 0 | N/A | BIF | Burundian franc |
060 | 2 | . (period) | BMD | Bermudian dollar |
096 | 2 | . (period) | BND | Brunei dollar |
068 | 2 | , (comma) | BOB | Boliviano |
986 | 2 | , (comma) | BRL | Brazilian real |
044 | 2 | . (period) | BSD | Bahamian dollar |
064 | 2 | . (period) | BTN | Bhutanese ngultrum |
072 | 2 | . (period) | BWP | Botswana pula |
933 | 2 | , (comma) | BYN | Belarusian ruble |
084 | 2 | . (period) | BZD | Belize dollar |
124 | 2 | . (period) | CAD | Canadian dollar |
976 | 2 | . (period) | CDF | Congolese franc |
756 | 2 | . (period) | CHF | Swiss franc |
152 | 0 | N/A | CLP | Chilean peso |
156 | 2 | . (period) | CNY | Renminbi yuan |
170 | 2 | , (comma) | COP | Colombian peso |
188 | 2 | , (comma) | CRC | Costa Rican colon |
931 | 2 | , (comma) | CUC | Cuban convertible peso |
192 | 2 | , (comma) | CUP | Cuban peso |
132 | 2 | . (period) | CVE | Cape Verdean escudo |
203 | 2 | . (period) | CZK | Czech koruna |
262 | 0 | N/A | DJF | Djiboutian franc |
208 | 2 | , (comma) | DKK | Danish krone |
214 | 2 | . (period) | DOP | Dominican peso |
012 | 2 | , (comma) | DZD | Algerian dinar |
818 | 2 | . (period) | EGP | Egyptian pound |
232 | 2 | . (period) | ERN | Eritrean nakfa |
230 | 2 | . (period) | ETB | Ethiopian birr |
978 | 2 | , (comma) | EUR | Euro |
242 | 2 | . (period) | FJD | Fiji dollar |
238 | 2 | . (period) | FKP | Falkland Islands pound |
826 | 2 | . (period) | GBP | Pound sterling |
981 | 2 | , (comma) | GEL | Georgian lari |
936 | 2 | . (period) | GHS | Ghanaian cedi |
292 | 2 | . (period) | GIP | Gibraltar pound |
270 | 2 | . (period) | GMD | Gambian dalasi |
324 | 0 | N/A | GNF | Guinean franc |
320 | 2 | . (period) | GTQ | Guatemalan quetzal |
328 | 2 | . (period) | GYD | Guyanese dollar |
344 | 2 | . (period) | HKD | Hong Kong dollar |
340 | 2 | . (period) | HNL | Honduran lempira |
191 | 2 | . (period) | HRK | Croatian kuna |
332 | 2 | . (period) | HTG | Haitian gourde |
348 | 2 | , (comma) | HUF | Hungarian forint |
360 | 2 | , (comma) | IDR | Indonesian rupiah |
376 | 2 | . (period) | ILS | Israeli new shekel |
356 | 2 | . (period) | INR | Indian rupee |
368 | 3 | . (period) | IQD | Iraqi dinar |
364 | 2 | . (period) | IRR | Iranian rial |
352 | 0 | N/A | ISK | Icelandic króna |
388 | 2 | . (period) | JMD | Jamaican dollar |
400 | 3 | . (period) | JOD | Jordanian dinar |
392 | 0 | N/A | JPY | Japanese yen |
404 | 2 | . (period) | KES | Kenyan shilling |
417 | 2 | , (comma) | KGS | Kyrgyzstani som |
116 | 2 | . (period) | KHR | Cambodian riel |
174 | 0 | N/A | KMF | Comoro franc |
408 | 2 | . (period) | KPW | North Korean won |
410 | 0 | N/A | KRW | South Korean won |
414 | 3 | . (period) | KWD | Kuwaiti dinar |
136 | 2 | . (period) | KYD | Cayman Islands dollar |
398 | 2 | , (comma) | KZT | Kazakhstani tenge |
418 | 2 | . (period) | LAK | Lao kip |
422 | 2 | . (period) | LBP | Lebanese pound |
144 | 2 | . (period) | LKR | Sri Lankan rupee |
430 | 2 | . (period) | LRD | Liberian dollar |
426 | 2 | . (period) | LSL | Lesotho loti |
434 | 3 | . (period) | LYD | Libyan dinar |
504 | 2 | , (comma) | MAD | Moroccan dirham |
498 | 2 | , (comma) | MDL | Moldovan leu |
969 | 2 | . (period) | MGA | Malagasy ariary |
807 | 2 | , (comma) | MKD | Macedonian denar |
104 | 2 | . (period) | MMK | Myanmar kyat |
496 | 2 | . (period) | MNT | Mongolian tögrög |
446 | 2 | , (comma) | MOP | Macanese pataca |
929 | 2 | . (period) | MRU | Mauritanian ouguiya |
480 | 2 | . (period) | MUR | Mauritian rupee |
462 | 2 | . (period) | MVR | Maldivian rufiyaa |
454 | 2 | . (period) | MWK | Malawian kwacha |
484 | 2 | . (period) | MXN | Mexican peso |
458 | 2 | . (period) | MYR | Malaysian ringgit |
943 | 2 | , (comma) | MZN | Mozambican metical |
516 | 2 | . (period) | NAD | Namibian dollar |
566 | 2 | . (period) | NGN | Nigerian naira |
558 | 2 | . (period) | NIO | Nicaraguan córdoba |
578 | 2 | , (comma) | NOK | Norwegian krone |
524 | 2 | . (period) | NPR | Nepalese rupee |
554 | 2 | . (period) | NZD | New Zealand dollar |
512 | 3 | . (period) | OMR | Omani rial |
590 | 2 | . (period) | PAB | Panamanian balboa |
604 | 2 | , (comma) | PEN | Peruvian sol |
598 | 2 | . (period) | PGK | Papua New Guinean kina |
608 | 2 | . (period) | PHP | Philippine peso |
586 | 2 | . (period) | PKR | Pakistani rupee |
985 | 2 | , (comma) | PLN | Polish złoty |
600 | 0 | N/A | PYG | Paraguayan guaraní |
634 | 2 | . (period) | QAR | Qatari riyal |
946 | 2 | , (comma) | RON | Romanian leu |
941 | 2 | , (comma) | RSD | Serbian dinar |
643 | 2 | , (comma) | RUB | Russian ruble |
646 | 0 | N/A | RWF | Rwandan franc |
682 | 2 | . (period) | SAR | Saudi riyal |
090 | 2 | . (period) | SBD | Solomon Islands dollar |
690 | 2 | . (period) | SCR | Seychelles rupee |
938 | 2 | . (period) | SDG | Sudanese pound |
752 | 2 | , (comma) | SEK | Swedish krona/kronor |
702 | 2 | . (period) | SGD | Singapore dollar |
654 | 2 | . (period) | SHP | Saint Helena pound |
694 | 2 | . (period) | SLL | Sierra Leonean leone |
706 | 2 | . (period) | SOS | Somali shilling |
968 | 2 | , (comma) | SRD | Surinamese dollar |
728 | 2 | . (period) | SSP | South Sudanese pound |
930 | 2 | . (period) | STN | São Tomé and Príncipe dobra |
222 | 2 | . (period) | SVC | Salvadoran colón |
760 | 2 | . (period) | SYP | Syrian pound |
748 | 2 | . (period) | SZL | Swazi lilangeni |
764 | 2 | . (period) | THB | Thai baht |
972 | 2 | . (period) | TJS | Tajikistani somoni |
934 | 2 | , (comma) | TMT | Turkmenistan manat |
788 | 3 | , (comma) | TND | Tunisian dinar |
776 | 2 | . (period) | TOP | Tongan paʻanga |
949 | 2 | , (comma) | TRY | Turkish lira |
780 | 2 | . (period) | TTD | Trinidad and Tobago dollar |
901 | 2 | . (period) | TWD | New Taiwan dollar |
834 | 2 | . (period) | TZS | Tanzanian shilling |
980 | 2 | , (comma) | UAH | Ukrainian hryvnia |
800 | 0 | N/A | UGX | Ugandan shilling |
840 | 2 | . (period) | USD | United States dollar |
858 | 2 | , (comma) | UYU | Uruguayan peso |
927 | 4 | , (comma) | UYW | Unidad previsional |
860 | 2 | , (comma) | UZS | Uzbekistan som |
928 | 2 | , (comma) | VES | Venezuelan bolívar soberano |
704 | 0 | N/A | VND | Vietnamese đồng |
548 | 0 | N/A | VUV | Vanuatu vatu |
882 | 2 | . (period) | WST | Samoan tala |
950 | 0 | N/A | XAF | CFA franc BEAC |
951 | 2 | . (period) | XCD | East Caribbean dollar |
952 | 0 | N/A | XOF | CFA franc BCEAO |
953 | 0 | N/A | XPF | CFP franc |
886 | 2 | . (period) | YER | Yemeni rial |
710 | 2 | . (period) | ZAR | South African rand |
967 | 2 | . (period) | ZMW | Zambian kwacha |
932 | 2 | . (period) | ZWL | Zimbabwean dollar |
Country Code | Country Name |
---|---|
004 | Afghanistan |
248 | Åland Islands |
008 | Albania |
012 | Algeria |
016 | American Samoa |
020 | Andorra |
024 | Angola |
660 | Anguilla |
010 | Antarctica |
028 | Antigua and Barbuda |
032 | Argentina |
051 | Armenia |
533 | Aruba |
036 | Australia |
040 | Austria |
031 | Azerbaijan |
044 | Bahamas |
048 | Bahrain |
050 | Bangladesh |
052 | Barbados |
112 | Belarus |
056 | Belgium |
084 | Belize |
204 | Benin |
060 | Bermuda |
064 | Bhutan |
068 | Bolivia, Plurinational State of |
535 | Bonaire, Sint Eustatius and Saba |
070 | Bosnia and Herzegovina |
072 | Botswana |
074 | Bouvet Island |
076 | Brazil |
086 | British Indian Ocean Territory |
096 | Brunei Darussalam |
100 | Bulgaria |
854 | Burkina Faso |
108 | Burundi |
132 | Cabo Verde |
116 | Cambodia |
120 | Cameroon |
124 | Canada |
136 | Cayman Islands |
140 | Central African Republic |
148 | Chad |
152 | Chile |
156 | China |
162 | Christmas Island |
166 | Cocos (Keeling) Islands |
170 | Colombia |
174 | Comoros |
178 | Congo |
180 | Congo, the Democratic Republic of the |
184 | Cook Islands |
188 | Costa Rica |
384 | Côte d'Ivoire |
191 | Croatia |
192 | Cuba |
531 | Curaçao |
196 | Cyprus |
203 | Czechia |
208 | Denmark |
262 | Djibouti |
212 | Dominica |
214 | Dominican Republic |
218 | Ecuador |
818 | Egypt |
222 | El Salvador |
226 | Equatorial Guinea |
232 | Eritrea |
233 | Estonia |
231 | Ethiopia |
238 | Falkland Islands (Malvinas) |
234 | Faroe Islands |
242 | Fiji |
246 | Finland |
250 | France |
254 | French Guiana |
258 | French Polynesia |
260 | French Southern Territories |
266 | Gabon |
270 | Gambia |
268 | Georgia |
276 | Germany |
288 | Ghana |
292 | Gibraltar |
300 | Greece |
304 | Greenland |
308 | Grenada |
312 | Guadeloupe |
316 | Guam |
320 | Guatemala |
831 | Guernsey |
324 | Guinea |
624 | Guinea-Bissau |
328 | Guyana |
332 | Haiti |
334 | Heard Island and McDonald Islands |
336 | Holy See |
340 | Honduras |
344 | Hong Kong |
348 | Hungary |
352 | Iceland |
356 | India |
360 | Indonesia |
364 | Iran, Islamic Republic of |
368 | Iraq |
372 | Ireland |
833 | Isle of Man |
376 | Israel |
380 | Italy |
388 | Jamaica |
392 | Japan |
832 | Jersey |
400 | Jordan |
398 | Kazakhstan |
404 | Kenya |
296 | Kiribati |
408 | Korea, Democratic People's Republic of |
410 | Korea, Republic of |
414 | Kuwait |
417 | Kyrgyzstan |
418 | Lao People's Democratic Republic |
428 | Latvia |
422 | Lebanon |
426 | Lesotho |
430 | Liberia |
434 | Libya |
438 | Liechtenstein |
440 | Lithuania |
442 | Luxembourg |
446 | Macao |
807 | Macedonia, the former Yugoslav Republic of |
450 | Madagascar |
454 | Malawi |
458 | Malaysia |
462 | Maldives |
466 | Mali |
470 | Malta |
584 | Marshall Islands |
474 | Martinique |
478 | Mauritania |
480 | Mauritius |
175 | Mayotte |
484 | Mexico |
583 | Micronesia, Federated States of |
498 | Moldova, Republic of |
492 | Monaco |
496 | Mongolia |
499 | Montenegro |
500 | Montserrat |
504 | Morocco |
508 | Mozambique |
104 | Myanmar |
516 | Namibia |
520 | Nauru |
524 | Nepal |
528 | Netherlands |
540 | New Caledonia |
554 | New Zealand |
558 | Nicaragua |
562 | Niger |
566 | Nigeria |
570 | Niue |
574 | Norfolk Island |
580 | Northern Mariana Islands |
578 | Norway |
512 | Oman |
586 | Pakistan |
585 | Palau |
275 | Palestine, State of |
591 | Panama |
598 | Papua New Guinea |
600 | Paraguay |
604 | Peru |
608 | Philippines |
612 | Pitcairn |
616 | Poland |
620 | Portugal |
630 | Puerto Rico |
634 | Qatar |
638 | Réunion |
642 | Romania |
643 | Russian Federation |
646 | Rwanda |
652 | Saint Barthélemy |
654 | Saint Helena, Ascension and Tristan da Cunha |
659 | Saint Kitts and Nevis |
662 | Saint Lucia |
663 | Saint Martin (French part) |
666 | Saint Pierre and Miquelon |
670 | Saint Vincent and the Grenadines |
882 | Samoa |
674 | San Marino |
678 | Sao Tome and Principe |
682 | Saudi Arabia |
686 | Senegal |
688 | Serbia |
690 | Seychelles |
694 | Sierra Leone |
702 | Singapore |
534 | Sint Maarten (Dutch part) |
703 | Slovakia |
705 | Slovenia |
090 | Solomon Islands |
706 | Somalia |
710 | South Africa |
239 | South Georgia and the South Sandwich Islands |
728 | South Sudan |
724 | Spain |
144 | Sri Lanka |
729 | Sudan |
740 | Suriname |
744 | Svalbard and Jan Mayen |
748 | Swaziland |
752 | Sweden |
756 | Switzerland |
760 | Syrian Arab Republic |
158 | Taiwan, Province of China |
762 | Tajikistan |
834 | Tanzania, United Republic of |
764 | Thailand |
626 | Timor-Leste |
768 | Togo |
772 | Tokelau |
776 | Tonga |
780 | Trinidad and Tobago |
788 | Tunisia |
792 | Turkey |
795 | Turkmenistan |
796 | Turks and Caicos Islands |
798 | Tuvalu |
800 | Uganda |
804 | Ukraine |
784 | United Arab Emirates |
826 | United Kingdom |
581 | United States Minor Outlying Islands |
840 | United States of America |
858 | Uruguay |
860 | Uzbekistan |
548 | Vanuatu |
862 | Venezuela, Bolivarian Republic of |
704 | Viet Nam |
092 | Virgin Islands, British |
850 | Virgin Islands, U.S. |
876 | Wallis and Futuna |
732 | Western Sahara |
887 | Yemen |
894 | Zambia |
716 | Zimbabwe |
State Code | State Name | State Numeric Code |
---|---|---|
AL | Alabama | 01 |
AK | Alaska | 02 |
AZ | Arizona | 04 |
AR | Arkansas | 05 |
CA | California | 06 |
CO | Colorado | 08 |
CT | Connecticut | 09 |
DE | Delaware | 10 |
DC | District of Columbia | 11 |
FL | Florida | 12 |
GA | Georgia | 13 |
HI | Hawaii | 15 |
ID | Idaho | 16 |
IL | Illinois | 17 |
IN | Indiana | 18 |
IA | Iowa | 19 |
KS | Kansas | 20 |
KY | Kentucky | 21 |
LA | Louisiana | 22 |
ME | Maine | 23 |
MD | Maryland | 24 |
MA | Massachusetts | 25 |
MI | Michigan | 26 |
MN | Minnesota | 27 |
MS | Mississippi | 28 |
MO | Missouri | 29 |
MT | Montana | 30 |
NE | Nebraska | 31 |
NV | Nevada | 32 |
NH | New Hampshire | 33 |
NJ | New Jersey | 34 |
NM | New Mexico | 35 |
NY | New York | 36 |
NC | North Carolina | 37 |
ND | North Dakota | 38 |
OH | Ohio | 39 |
OK | Oklahoma | 40 |
OR | Oregon | 41 |
PA | Pennsylvania | 42 |
RI | Rhode Island | 44 |
SC | South Carolina | 45 |
SD | South Dakota | 46 |
TN | Tennessee | 47 |
TX | Texas | 48 |
UT | Utah | 49 |
VT | Vermont | 50 |
VA | Virginia | 51 |
WA | Washington | 53 |
WV | West Virginia | 54 |
WI | Wisconsin | 55 |
WY | Wyoming | 56 |
AS | American Samoa | 00 |
GU | Guam | 00 |
MP | Northern Mariana Islands | 00 |
PR | Puerto Rico | 00 |
UM | United States Minor Outlying Islands | 00 |
VI | Virgin Islands | 00 |
Province Code | Province Name | Province Numeric Code |
---|---|---|
AB | Alberta | 60 |
BC | British Columbia | 61 |
MB | Manitoba | 62 |
NB | New Brunswick | 63 |
NL | Newfoundland and Labrador | 64 |
NS | Nova Scotia | 66 |
NT | Northwest Territories | 65 |
NU | Nunavut | 72 |
ON | Ontario | 67 |
PE | Prince Edward Island | 68 |
QC | Quebec | 69 |
SK | Saskatchewan | 70 |
YT | Yukon | 71 |
Resource's Status | Any Resource | Transaction | Description |
---|---|---|---|
OK | ✔ | ✔ | Resource is in normal status. |
LOCKED | ✔ | ✔ | Resource is locked. |
DELETED | ✔ | ✔ | Resource is marked for deletion. |
PENDING | ✔ | Transaction processing started. | |
BATCH | ✔ | Transaction processing waiting to be processed (batch). | |
FAILED | ✔ | Transaction processing failed. | |
UNKNOWN | ✔ | Transaction processing result is unknown. | |
ERROR | ✔ | Transaction processing error. | |
COMPLETED | ✔ | Transaction completed processing successfully. | |
REVERSED | ✔ | A Request to Reverse a previous PULL Transaction was requested. | |
REVERSAL | ✔ | A Request to Reverse a previous PULL Transaction was tried, however the status is unknown. |
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started or waiting to be processed (batch). |
COMPLETED | Transaction processed successfully. |
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started. |
ERROR | Transaction processing error, see Network Response Code. |
Transaction Processing returned a non-successful Network Response Code from a Card Network.
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started. |
FAILED | Transaction processing failed. |
Transaction Processing failed. The Transaction was unsuccessful.
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started. |
UNKNOWN | Transaction processing result is unknown. |
The Transaction could have been successful or not. Manual intervention is required to determine the status of the Transaction. Please contact support@TabaPay.com.
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started. |
UNKNOWN | Transaction processing result is unknown. |
COMPLETED | Transaction processed successfully. |
The Transaction timed out so the Transaction Status was originally set to UNKNOWN. Your request returned a Status Code of 207. The Transaction Processing continue to be processed. The final and actual Transaction is COMPLETED.
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started. |
UNKNOWN | Transaction processing result is unknown. |
FAILED | Transaction processing failed. |
The Transaction timed out so the Transaction Status was originally set to UNKNOWN. Your request returned a Status Code of 207. The Transaction Processing continue to be processed. Something did go wrong and so the final and actual Transaction is FAILED.
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started or waiting to be processed (batch). |
COMPLETED | Transaction processed successfully. |
REVERSED | Transaction Reversal was requested. |
Status | Description |
---|---|
OK | Transaction created. |
PENDING | Transaction processing started or waiting to be processed (batch). |
COMPLETED | Transaction processed successfully. |
REVERSAL | Transaction Reversal was tried, however the status is unknown. |
Status | Description |
---|---|
OK | Transaction created. |
BATCH | Transaction waiting to be processed (batch). |
COMPLETED | Transaction processed successfully. |
Network | Card Number | Regulated | Card Type | Pull | Push (Availability) | ||||
---|---|---|---|---|---|---|---|---|---|
Debit | Credit | PrePaid | Immediate | Next | Few | ||||
Visa | 4000056655665556 | ✘ No | ✔ | ✔ | ✔ | ||||
4005519200000004 | ✔ Yes | ✔ | ✔ | ✔ | |||||
4111111111111111 | ✔ Yes | ✔ | ✔ | ✔ | |||||
4012000077777777 | ✔ Yes | ✔ | ✔ | ✔ | |||||
4000000760000002 | ✔ Yes | ✔ | ✔ | ✔ | |||||
4000001240000000 | ✔ Yes | ✔ | ✔ | ✔ | |||||
4000004840008001 | ✔ Yes | ✔ | ✔ | ✔ | |||||
4500600000000061 | ✘ No | ✔ | ✔ | ✔ | |||||
4217651111111119 | ✘ No | ✔ | ✘ | ✔ | |||||
4242424242424242 | ✘ No | ✔ | ✘ | ✔ | |||||
MasterCard | 2223000048400011 | ✘ No | ✔ | ✔ | ✘ (✔*) | ||||
5200828282828210 | ✔ Yes | ✔ | ✔ | ✘ (✔*) | |||||
5403879999999997 | ✔ Yes | ✔ | ✔ | ✘ (✔*) | |||||
5105105105105100 | ✔ Yes | ✔ | ✔ | ✘ (✔*) | |||||
MoneySend | 2223003122003222 | ✘ No | ✔ | ✘ | ✔ | ||||
5555555555554444 | ✔ Yes | ✔ | ✘ | ✔ | |||||
American Express | 371449635398431 | ✔ Yes | ✔ | ✔ | ✔ | ||||
378282246310005 | ✔ Yes | ✔ | ✔ | ✔ | |||||
378734493671000 | ✔ Yes | ✔ | ✔ | ✔ | |||||
Discover | 6011111111111117 | ✔ Yes | ✔ | ✔ | ✔ | ||||
6011000990139424 | ✔ Yes | ✔ | ✔ | ✔ | |||||
6011000991300009 | ✔ Yes | ✔ | ✔ | ✔ |
Network | Card Number | International | |
---|---|---|---|
Currency | Country | ||
IntlVisa | 8405124124999998 | 124 | 124 |
8405840124999999 | 840 | 124 | |
8405704704999995 | 704 | 704 | |
8405840704999997 | 840 | 704 | |
8405764764999996 | 764 | 764 | |
8405840764999994 | 840 | 764 | |
8405458458999996 | 458 | 458 | |
8405360360999991 | 360 | 360 | |
8405946946999990 | 946 | 946 | |
8405978946999993 | 978 | 946 | |
8405144144999992 | 144 | 144 | |
8405946642999997 | 946 | 642 | |
8405558558999992 | 558 | 558 | |
8405340340999998 | 340 | 340 | |
8405840222999990 | 840 | 222 | |
8405978384999992 | 978 | 384 | |
8405051051999990 | 051 | 051 | |
8405981268999997 | 981 | 268 | |
8405348348999993 | 348 | 348 | |
8405398398999997 | 398 | 398 | |
8405600600999990 | 600 | 600 | |
8405949792999999 | 949 | 792 | |
8405980804999990 | 980 | 804 | |
IntlMasterCard | 8505124124999997 | 124 | 124 |
8505840124999998 | 840 | 124 | |
8505704704999994 | 704 | 704 | |
8505840704999996 | 840 | 704 | |
8505764764999995 | 764 | 764 | |
8505840764999993 | 840 | 764 | |
8505458458999995 | 458 | 458 | |
8505360360999990 | 360 | 360 | |
8505946946999999 | 946 | 946 | |
8505978946999992 | 978 | 946 | |
8505144144999991 | 144 | 144 | |
8505946642999996 | 946 | 642 | |
8505558558999991 | 558 | 558 | |
8505340340999997 | 340 | 340 | |
8505840222999999 | 840 | 222 | |
8505978384999991 | 978 | 384 | |
8505051051999999 | 051 | 051 | |
8505981268999996 | 981 | 268 | |
8505348348999992 | 348 | 348 | |
8505398398999996 | 398 | 398 | |
8505600600999999 | 600 | 600 | |
8505949792999998 | 949 | 792 | |
8505980804999999 | 980 | 804 |
Retrieve Client's Attributes (Information) | |||||||
---|---|---|---|---|---|---|---|
API Call | Description | ||||||
1 | Retrieve Client | Client Attributes:
| |||||
Create Key (optional) | |||||||
API Call | Description | ||||||
2 | Create Key | Encryption Key RSA Public Key | |||||
Transaction using an Account (Tokenization) | |||||||
API Call | Description | ||||||
3 | Query Card | Card Attributes | |||||
API Call | Description | ||||||
4 | Create Account | Type: Card | |||||
API Call | Description | ||||||
5 | Create Transaction Push | Transaction:
| |||||
API Call | Description | ||||||
6 | Create Transaction Pull | Transaction:
| |||||
One Time Transaction | |||||||
API Call | Description | ||||||
7 | Query Card | Card Attributes | |||||
API Call | Description | ||||||
8 | Create Transaction Push | Transaction:
| |||||
API Call | Description | ||||||
9 | Create Transaction Pull | Transaction:
| |||||
Optionally Retrieve an Account, Update an Account, or Delete an Account | |||||||
API Call | Description | ||||||
10 | Retrieve Account | ||||||
API Call | Description | ||||||
11 | Update Account | Type: Card | |||||
API Call | Description | ||||||
12 | Delete Account | ||||||
Optionally Retrieve Transaction Information | |||||||
API Call | Description | ||||||
13 | Retrieve Transaction | ||||||
API Call | Description | ||||||
14 | Retrieve Transaction |
Therefore, you can use almost any programming language. We assume that you are an expert in the language that you have selected to use.
You can also use command line utilities such as:
If you need help in using the TabaPay Web Service (API), we recommend using one of the command line utilities first. By doing this first, it eliminates any language specific issues or uniquenesses, and since there are so many programming languages available today, we may not be an expert in (or even have used) the language that you are trying to use. Also, by doing this first, it can help eliminate networking issues such as firewalls blocking the requests and/or responses.We do provide some simple samples in various common programming languages:
curl https://<FQDN>/v1/clients/<ClientID> -H "Authorization: Bearer <TokenValue>"A POST Request (Query Card):
curl https://<FQDN>/v1/clients/<ClientID>/cards -H "Authorization: Bearer <TokenValue>" -H "Content-type: application/json" -X POST -d "{\"card\":{\"accountNumber\":\"9999999999999999\"}}"These were last tested successfully using:
wget -qO- https://<FQDN>/v1/clients/<ClientID> --header "Authorization: Bearer <TokenValue>"A POST Request (Query Card):
wget -qO- https://<FQDN>/v1/clients/<ClientID>/cards --header "Authorization: Bearer <TokenValue>" --header "Content-type: application/json" --post-data "{\"card\":{\"accountNumber\":\"9999999999999999\"}}"These were last tested successfully using:
openssl s_client -connect <FQDN>:443 GET /v1/clients/<ClientID> HTTP/1.0 Authorization: Bearer <TokenValue>A POST Request (Query Card):
openssl s_client -connect <FQDN>:443 POST /v1/clients/<ClientID>/cards HTTP/1.0 Authorization: Bearer <TokenValue> Content-type: application/json Content-length: 45 {"card":{"accountNumber":"9999999999999999"}}These were last tested successfully using:
import java.io.InputStream; import java.net.URL; import javax.net.ssl.HttpsURLConnection; public class Sample { public static void main( String[] asArgs ) { try { URL urlService = new URL( "https://<FQDN>/v1/clients/<ClientID>" ); HttpsURLConnection connectionService = (HttpsURLConnection) urlService.openConnection(); connectionService.setRequestMethod( "GET" ); connectionService.setRequestProperty( "Authorization", "Bearer " + "<TokenValue>" ); int iStatusCode = connectionService.getResponseCode(); System.out.println( "TabaPay API Call, SC=" + iStatusCode ); InputStream insResponse = iStatusCode == 200 ? connectionService.getInputStream() : connectionService.getErrorStream(); byte[] abResponse = new byte[1024]; int iLengthRead = insResponse.read( abResponse ); insResponse.close(); System.out.println( new String( abResponse, 0, iLengthRead, "UTF-8" ) ); } catch ( Throwable t ) { t.printStackTrace(); } } }A POST Request (Query Card):
import java.io.InputStream; import java.io.OutputStream; import java.net.URL; import javax.net.ssl.HttpsURLConnection; public class Sample { public static void main( String[] asArgs ) { try { URL urlService = new URL( "https://<FQDN>/v1/clients/<ClientID>/cards" ); HttpsURLConnection connectionService = (HttpsURLConnection) urlService.openConnection(); connectionService.setRequestMethod( "POST" ); connectionService.setRequestProperty( "Authorization", "Bearer " + "<TokenValue>" ); connectionService.setRequestProperty( "Content-type", "application/json" ); byte[] abDataRequest = "{\"card\":{\"accountNumber\":\"9999999999999999\"}}".getBytes( "UTF-8" ); connectionService.setDoOutput( true ); OutputStream outsRequest = connectionService.getOutputStream(); outsRequest.write( abDataRequest, 0, abDataRequest.length ); outsRequest.close(); int iStatusCode = connectionService.getResponseCode(); System.out.println( "TabaPay API Call, SC=" + iStatusCode ); InputStream insResponse = iStatusCode == 200 ? connectionService.getInputStream() : connectionService.getErrorStream(); byte[] abResponse = new byte[1024]; int iLengthRead = insResponse.read( abResponse ); insResponse.close(); System.out.println( new String( abResponse, 0, iLengthRead, "UTF-8" ) ); } catch ( Throwable t ) { t.printStackTrace(); } } }These were last tested successfully using Java 1.8 on 05/30/2017 and reverified on 08/08/2017.
RSA Encryption using CryptoRSA Class in TabaPayAPIHelpers.jar:
import com.tabapay.api.helpers.security.rsa.CryptoRSA; import com.tabapay.samples.CallTabaPay; import com.tabapay.samples.CallTabaPay.KeyData; public class APIHelpers { public static void main( String[] asArgs ) { String sCardData = "9999999999999999|202012|"; // Card Number | Expiration Date | CVV2 try { int iExpirationInDays = 365; KeyData dataKey = CallTabaPay.CreateKey( iExpirationInDays ); // You Provide String sEncodedEncryptedData = CryptoRSA.encryptUsingPublicKey( // TabaPayAPIHelpers.jar dataKey.m_sPublicKey, // Public Key from Create Key sCardData // Card Data ); CallTabaPay.QueryCard( dataKey.m_sKeyID, sEncodedEncryptedData ); // You provide } catch ( Throwable t ) { t.printStackTrace(); } } }
var https = require( "https" ); var options = { host: "<FQDN>", port: 443, path: "/v1/clients/<ClientID>", method: "GET", headers: { "Authorization": " Bearer <TokenValue>" } }; var req = https.request( options, function( res ) { console.log( "statusCode: ", res.statusCode ); res.on( "data", function( d ) { process.stdout.write( d ); }); }).on( "error", function( e ) { console.error( e ); }); req.end();A POST Request (Query Card):
var https = require( "https" ); var options = { host: "<FQDN>", port: 443, path: "/v1/clients/<ClientID>/cards", method: "POST", headers: { "Authorization": " Bearer <TokenValue>", "Content-type": "application/json", "Content-length": "45" } }; var req = https.request( options, function( res ) { console.log( "statusCode: ", res.statusCode ); res.on( "data", function( d ) { process.stdout.write( d ); }); }).on( "error", function( e ) { console.error( e ); }); req.write( '{"card":{"accountNumber":"9999999999999999"}}' ); req.end();These were last tested successfully using NodeJS 6.10.3 on 05/31/2017.
package main import ( "fmt" "io/ioutil" "net/http" ) func main() { client := &http.Client{} req, err := http.NewRequest( "GET", "https://<FQDN>/v1/clients/<ClientID>", nil) if err != nil { panic(err) } req.Header.Add("Authorization", "Bearer <TokenValue>") resp, err := client.Do(req) if err != nil { panic(err) } body, err := ioutil.ReadAll(resp.Body) if err != nil { panic(err) } defer resp.Body.Close() fmt.Println(string(body)) }A POST Request (Query Card):
package main import ( "fmt" "io/ioutil" "net/http" "strings" ) func main() { client := &http.Client{} req, err := http.NewRequest( "POST", "https://<FQDN>/v1/clients/<ClientID>/cards", strings.NewReader("{\"card\":{\"accountNumber\":\"9999999999999999\"}}")) if err != nil { panic(err) } req.Header.Add("Authorization", "Bearer <TokenValue>") req.Header.Add("Content-type", "application/json") resp, err := client.Do(req) if err != nil { panic(err) } body, err := ioutil.ReadAll(resp.Body) if err != nil { panic(err) } defer resp.Body.Close() fmt.Println(string(body)) }These were last tested successfully using go 1.9.2 on 11/30/2017.
import httplib conn = httplib.HTTPSConnection( '<FQDN>' ) conn.putrequest( 'GET', '/v1/clients/<ClientID>' ) conn.putheader( 'Authorization', 'Bearer <TokenValue>' ) conn.endheaders() response = conn.getresponse() print response.read()A POST Request (Query Card):
import httplib conn = httplib.HTTPSConnection( '<FQDN>' ) conn.putrequest( 'POST', '/v1/clients/<ClientID>/cards' ) conn.putheader( 'Authorization', 'Bearer <TokenValue>' ) conn.putheader( 'Content-type', 'application/json' ) conn.putheader( 'Content-length', '45' ) conn.endheaders() conn.send( '{"card":{"accountNumber":"9999999999999999"}}' ) response = conn.getresponse() print response.read()These were tested successfully using Python 2.7.10 on 05/30/2017.
require 'net/https' uri = URI.parse( 'https://<FQDN>/v1/clients/<ClientID>' ) http = Net::HTTP.new( uri.host, uri.port ) http.use_ssl = true request = Net::HTTP::Get.new( uri.request_uri ) request.add_field( "Authorization", "Bearer <TokenValue>") response = http.request( request ) puts response.bodyA POST Request (Query Card):
require 'net/https' require 'json' uri = URI.parse( 'https://<FQDN>/v1/clients/<ClientID>/cards' ) http = Net::HTTP.new( uri.host, uri.port ) http.use_ssl = true request = Net::HTTP::Post.new( uri.request_uri, 'Content-Type' => 'application/json' ) request.add_field( "Authorization", "Bearer <TokenValue>") request.body = {card:{accountNumber: '9999999999999999'}}.to_json response = http.request( request ) puts response.bodyThese were tested successfully using Ruby 2.0.0p648 on 05/31/2017.
These sections are still a Work in progress...
These TabaPay features are to help our Clients with PCI, but it does not remove the PCI requirements for the Client.
This section is still a Work in progress... Also see the PCI Helper - SSO FAQ. The samples and examples decribed here are now running in the Sandbox Environment.
How SSO works
See some working samples on how this might work.
The samples are only samples. We can provide a generic (plain/simple) SSO HTML Web Page; but, we think that allowing you to customize it to match your WebSite (colors, layout, errors handling, etc...) would be a much better solution, however, that means you will need to provide the HTML, CSS, and JavaScript. Please see the PCI Helper - SSO FAQ for the current status of providing a customized SSO.
The Imbedded Form Sample (currently) only shows one input method:
while the Modal Dialog Box Overlay shows 3 possible input methods:
If you are authorized to create a Customized SSO, see SSO Samples for additional details; but, you must follow the procedures exactly, no deviations, and understand the timelines, no deviations.
Client Web Page
Add a Listener for the Return from TabaPay SSO
window.addEventListener( "message", pfReceivedMessage, false );
Function to handle Return from TabaPay SSO
var pfReceivedMessage = function( event )
{
if ( event.data != "Close" )
{
if ( event.data.slice( 0, 7 ) == "Error: " )
{
// Error
}
else
{
var asData = event.data.split( "|" );
if ( asData.length == 3 )
{
// asData[ 0 ] contains the Last 4
// asData[ 1 ] contains the Expiration Date in YYYYMM Format
// asData[ 2 ] contains the Card Token
}
else
{
// Data Error
}
}
}
else
{
// Close or Cancel
}
}
JavaScript Code to load TabaPay SSO when needed
document.getElementById( "sso" ).src = "https://<FQDN>/<PageName>.html?<Unique>";
HTML to include TabaPay SSO
<div><iframe id="sso"></iframe></div>
Can use the Card Token in the following TabaPay API Calls:
If you are providing the HTML, CSS, and JavaScript to us:
Clarifications (feedback from Early Users):
Also see the Step-by-Step Example below of this process including our expectations of the expected file (or 3 files: HTML, CSS, and JavaScript) that we will be receiving from you.
Common sense (real world) facts about this customization:
(1) My Custom SSO Web Page
and it is nicely formatted for a developer to read:
<!DOCTYPE html> <html> <head> <style> /* * Table Header * 1st Column */ th { text-align: right; padding-right: 10px; } /* * Form Button(s) Row */ .b { padding-top: 10px; text-align: center; } </style> <script> function fCheckCardNumber( psCardNumber ) { // // Code to Check Card Number // if ( psCardNumber.length < 13 || psCardNumber.length > 19 ) { return false; } // // More Checks? // Card Range? // All Digits? // Luhn Checksum? // // // If you want use TabaPay's Common Utils, // (1) remove the above check // (2) and add the following if statement // // if ( ! TabaPayCommonUtils.fCheckCardNumber( psCardNumber ) ) // { // return false; // } // return true; } function fCheckExpirationDate( psExpirationDate ) { // // Code to Check Expiration Date // if ( psExpirationDate.length != 5 || psExpirationDate.slice( 2, 3 ) != "/" ) { return false; } // // More Checks? // Check Month and Year // // // If you want use TabaPay's Common Utils, // (1) remove the above check // (2) and add the following if statement // // if ( ! TabaPayCommonUtils.fCheckCardExpirationDate( psExpirationDate ) ) // { // return false; // } return true; } function fCheckSecurityCode( psSecurityCode ) { // // Code to Check Security Code // if ( psSecurityCode.length < 3 || psSecurityCode.length > 4 ) { return false; } // // More Checks? // Check Number // // // If you want use TabaPay's Common Utils, // (1) remove the above check // (2) and add the following if statement // // // Currently this only does minimal checking // // If you want a more thourogh Security Code check, // // feel free to replace this with your own function // // if ( ! TabaPayCommonUtils.fCheckSecurityCode( psSecurityCode ) ) // { // return false; // } // return true; } function fClear() { document.getElementById("c").value=""; document.getElementById("e").value=""; document.getElementById("s").value=""; } function fSubmit() { var sCardNumber = document.getElementById("c").value.trim(); var sExpirationDate = document.getElementById("e").value.trim(); var sSecurityCode = document.getElementById("s").value.trim(); // // Check Card Number // if ( sCardNumber.length == 0 ) { alert( "Missing Card Number" ); return; } if ( ! fCheckCardNumber( sCardNumber ) ) { alert( "Bad Card Number" ); return; } // // Check Expiration Date // if ( sExpirationDate.length == 0 ) { alert( "Missing Expiration Date" ); return; } if ( ! fCheckExpirationDate( sExpirationDate ) ) { alert( "Bad Expiration Date" ); return; } // // Check Security Code (optional) // if ( sSecurityCode.length > 0 ) { if ( ! fCheckSecurityCode( sSecurityCode ) ) { alert( "Bad Security Code" ); return; } } // // All Checks ok // // TabaPay will add code here // temporarily use an alert to display the values alert( sCardNumber + "," + sExpirationDate + "," + sSecurityCode ); } function fCancel() { // TabaPay will add code here // temporarily use an alert to indicate Cancel alert( "Cancelled" ); } </script> </head> <body> <form> <table> <tr> <th>Card Number</th> <td><input id="c" type="password" placeholder="13-19 digits"></td> </tr> <tr> <th>Expiration Date</th> <td><input id="e" placeholder="MM/YY Format"></td> </tr> <tr> <th>Security Code</th> <td><input id="s" placeholder="3-4 digits"></td> </tr> <tr> <td class="b" colspan="2"> <input type="button" value="Clear" onclick="fClear()"/> <input type="button" value="Use Card Data" onclick="fSubmit()"/> </td> </tr> <tr> <td class="b" colspan="2"><input type="button" value="Cancel" onclick="fCancel()"/></td> </tr> </table> </form> </body> </html>
The use of Alerts in the above example was only used to simplify the example and not clutter the JavaScript Code in the example. We recommend that you change the usage of Alerts to something more appropriate that matches your WebSite. Again, the above example is not meant for production use or imply that it is production ready.
(2) Please QA the My Custom SSO Web Page before (3)
(2a) TabaPay QA will only do a cursory check
(2b) There will be a very limited number of back and forth
(2c) It will be your responsibility for your Custom SSO Web Page
(3) Submit My Custom SSO Web Page to TabaPay
(4) Wait for TabaPay to complete the modifications to the Custom SSO Web Page
(5) TabaPay will make your Custom SSO Web Page available
(6) Test using TabaPay's Test your SSO Web Page
Goto the See some working samples link above
Use the filename: MyCustomSSOExample
and be sure to set the desired width and height
also this Example has an image that is hosted externally
(7) Include in your Web Page
Goto the View Additional Details link above on how to do this...
This section is still a Work in progress... Also see the PCI Helper - RSA FAQ.
How to use RSA
Due to the number of computer languages available today, we will be using OpenSSL, the well-known and widely used cryptography library, to show how to use RSA to create the value for the data parameter in the following TabaPay API Calls:
The data contains:
Here are the steps in creating the data parameter for the TabaPay API Calls:
Create a Key
Save the keyID
Convert the key (in ASN.1 Format) from Base64 URL-Safe to regular Base64 Encoding
Create a file containing the Public Key, we will use PEM Format, but we could have also use DER Format instead:
Create a file containing the Card Data, separated by "|" (pipe symbol):
Example is: 9400100999999993|209912|123
Use OpenSSL to encrypt the Card Data, RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding:
openssl pkeyutl -in card.data -out encrypted.data -inkey public.key -keyform PEM -pubin -encrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
Convert the Encrypted Data in the file to Base64 URL-Safe Encoding
in the following TabaPay API Calls:
Make sure the version of OpenSSL that you are using is at least 1.0.2k.
If you are having problems, hopefully this example can help you in the language that you are using... Some languages, such as:
Therefore, you can use almost any programming language; however, there are so many programming languages available today, we may not be an expert in (or even have used) the language that you are trying to use. We assume that you are an expert in the language that you have selected to use.
Be sure you can handle "freeform" JSON responses.
Works:
{ "NameA": "Test", "NameB": null, "NameC": "Test" }Preferred:
{ "NameA": "Test", "NameC": "Test" }
Nice for human:
{ "NameA": "Test", "NameB": 1 }But not so much for our Application and also it clutters our logs, so preferably:
{"NameA":"Test","NameB":1}
A 400 Series Error is usually something that you can fix by changing something in your request. A 500 Series Error is usually something that you need to contact us (support@TabaPay.com) to look at. If we determine that a 500 Series Error can be fixed by you, we will try to change this error situation to a 400 Series Error in a future code release.
PCI does require us to be cryptic in the Error Messages that we return back; but for certain 400 Series Errors, we may return back something in the Error Message (EM) field of the JSON Response that indicates what might be wrong.
Also, please see the Coding FAQ.
Everything on our end processed successfully:
Also, please see the Coding FAQ.
We may not be an expert in (or even have used) the language that you are trying to use. We assume that you are an expert in the language that you have selected to use.
With that said, here are some questions that we have encountered that might be helpful to you:
If you contact TabaPay support, please send your Request and Response:
Request should include:
Response should include:
For example:
Even if an error gets past the code on the Customer's Device and goes up to your Servers, your BackEnd Code on your Servers should also catch these obvious errors. That is two layers of code that should have caught the error, so that is why we say:
That is why you should test on the Sandbox Environment and pass the Certification Test completely.
Some companies require us to be PCI Level 1 and SOC Compliant (SOC1 Type 2 and SOC2 Type 2). And then some of those same companies still expect us to do things for them immediately (and even on Production). Here is a real life example that recently occurred:
Not everything is or can be an emergency...
Schedule for Sandbox changes:
Amount | Response | Actual Response | Error Description | |||
---|---|---|---|---|---|---|
Status Code | Network Response Code | Resource Status | Network Response Code | Resource Status | ||
0.01 11.00 | 200 | ZZ (or 999) | ERROR | ZZ (or 999) | ERROR | Transaction Error |
0.02 12.00 | 207 | UNKNOWN | UNKNOWN | Transaction Processing Failed | ||
0.03 13.00 | 200 | 00 (or 000) | COMPLETED | 00 (or 000) | COMPLETED | Transaction Successful, but upstream processing was delayed for 30 seconds |
0.04 14.00 | 207 | UNKNOWN | 00 (or 000) | COMPLETED | Transaction Successful, but upstream processing was delayed for 40 seconds |
Amount | Create Transaction Response | Delete Transaction Response | Error Description | ||||
---|---|---|---|---|---|---|---|
Status Code | Network Response Code | Resource Status | Status Code | Reversal Network Response Code | Resource Status | ||
0.07 | 200 | 00 (or 000) | COMPLETED | 200 | ZZ (or 999) | UNKNOWN | Reversal Request failed |
0.08 | 200 | 00 (or 000) | COMPLETED | 200 | 21 | UNKNOWN | Reversal Request failed, the Reversal was too late. Not available when routed to any Regional Network: Currently only STAR and Accel. |
Request | Response | Comments | ||||||
---|---|---|---|---|---|---|---|---|
Zip Code | Address | Security Code | Response Text | Network Response Code | Code AVS Results | Code Security Code Results | ||
Any* | Any* | None | NOT DECLINED | 85 | Y | Zip Code and Address were matched | ||
Any* | None | None | NOT DECLINED | 85 | Z | Zip Code was matched | ||
Any* | Any or None | Any* | DEPENDS | DEPENDS | DEPENDS | M | Depends upon if Zip Code and Address matches or not, but Security Code was matched | |
Any* | Any or None | 999 | DECLINE | 05 | DEPENDS | N | Depends upon if Zip Code and Address matches or not, but Security Code was not matched | |
99990 | Any or None | Any or None | DECLINE | 05 | U | Information not available | ||
99991 | Any or None | Any or None | DECLINE | 05 | R | AVS unavailable, retry | ||
99992 | Any* | None | DECLINE | 05 | A | Zip Code was not matched, but Address was matched | ||
99992 | None or 999 Bad | None | DECLINE | 05 | N | Zip Code and Address were not matched | ||
99993 | Any or None | Any or None | DEPENDS | DEPENDS | DEPENDS | DEPENDS | AVS Request delayed for 30 seconds | |
99994 | Any or None | Any or None | UNKNOWN | UNKNOWN | UNKNOWN | UNKNOWN | AVS Request timed out |
Account Number | Create Transaction Response | Error Description | ||
---|---|---|---|---|
Status Code | Network Response Code | Resource Status | ||
100000000...111111111 | 200 | 000 | COMPLETED | N/A |
111111112 | 200 | P03 | ERROR | Invalid Account |
111111113 | 200 | P11 | ERROR | Sender not authorized |
111111114 | 200 | P07 | ERROR | Participant blocked |
111111115 | 200 | P02 | ERROR | Invalid Account |
111111116 | 200 | P11 | ERROR | Transaction forbidden on this account |
111111117 | 200 | P23 | ERROR | Amount received is not the amount agreed or expected |
111111118 | 200 | P23 | ERROR | Amount exceeds limits |
111111120 | 200 | P21 | ERROR | Incorrect routing number |
111111121 | 200 | P14 | ERROR | Participant deceased |
You should be using Test Card Numbers when testing in the Sandbox Environment. You should never use a real Card Number in the Sandbox Environment. See Samples - Test Cards where we provide various Test Card Numbers...
Some companies require us to be PCI Level 1 and SOC Compliant (SOC1 Type 1 and SOC2 Type 2). And then some of those same companies still expect us to do things for them immediately (and on Production). Here is a real life example that recently occurred:
Not everything is or can be an emergency...
Schedule for Production changes:
Our IT department frowns upon rapid-fire changes to the PCI environment.
So I hope everyone understands the restrictions and constraints of being in a PCI Environment.
Funny, we previously have used the same word: "frown" when a Client asks us to do something outside of our normal policies and procedures.
Also, please see the Coding FAQ.
If your Client is LOCKed, please contact TabaPay support.
If we do remove an IP Address, you have to resubmit a request to reenable the IP Address, so please contact TabaPay support.
You should be using Test Card Numbers when testing in the Sandbox and UAT Environments. You should never use a real Card Number in the Sandbox and UAT Environments. See Samples - Test Cards where we provide various Test Card Numbers...
TLS 1.3 is now available on all Environments.
We also removed some WEAK TLS 1.2 Cipher Suites:
We configure our Servers to the Recommended Cipher Suites as recommended by RFC 7525 and Mozilla Server Side TLS.
If you are authorized to create a Customized SSO, see SSO FAQ for additional details; but, you must follow the procedures exactly, no deviations, and understand the timelines, no deviations.
At this point you should QA (Test) your HTML Page and you can call the TabaPay API.
How long this takes will depend upon when we receive a working HTML Page. So how long is up to you. Deviating from our requirements will only cause delays.
Please Keep it SIMPLE, the more complex your SSO Web Page is, the harder it is for us to Add our Changes and Test our Changes. And having an abnormal SSO Web Page that is hard to Test will eventually be unTested and we will have to leave it to you to test the changes. So in the future, if you do have a difficult SSO Web Page, you will need to tell us how to test it or even give us tools to test it.
Just think, how many different SSO Web Pages we get, and each so very different, so far, none are similar. Just think how hard it is for us to try to change that code and then try to test it... Just think... Be in our shoes... So this is one reason why we will suspend the fully Customization of the SSO.
--compilation_level ADVANCED_OPTIMIZATIONSWe use Advanced Optimizations for reasons other than for size. Size is just a nice side benefit.
Just like the HTML and CSS, we actually do not minify the HTML and CSS, but we pack them.
Also, previously, we had Clients who were creating multiple Keys per Day and expiring the Keys in a Year. So we were holding a lot of active Keys for some Clients and the assumption is that most, if not all, of the Keys were no longer in use, see the Anti-Pattern FAQ
Also, we have engineers with at least 5 years of mobile app development in the past for both iOS and Android, and they have built PCI Level 1 Compliant financial mobile apps.
While not required, including the Browser/Device data is strongly recommended. Doing so ensures the transaction will still be of 3DS 2.0, even if the Device Data Collection fails. The Device Data Collection may be done through the (Cardinal recommended) Songbird.js library or POSTing to the DDU returned in TabaPay’s 3D Secure Initialize.
Option 1: Cardinal Cruise Hybrid
The Cardinal Cruise Hybrid utilizes the Songbird.js library. Below are URLs a client can use to test various environments. Each build of Songbird is directly tied to an environment. To change environments simply edit the URL you are using.
Production: https://songbird.cardinalcommerce.com/edge/v1/songbird.js Staging: https://songbirdstag.cardinalcommerce.com/edge/v1/songbird.js
Cardinal setup:
Setting up a transaction flow includes the following:
<script src="https://songbirdstag.cardinalcommerce.com/edge/v1/songbird.js"></script>
Cardinal.setup("init", { jwt: “{{Please insert JWT string here}}” });
Cardinal.on('payments.setupComplete', function (setupCompleteData) { // handle set up complete event });
Option 2: POSTing to the Device Data Collection URL
If you do not want to include a 3rd party library, POST the jwt object to the Device Data Collection URL that was returned in the TabaPay's 3D Secure Initialize response:
<iframe name="collectionFrame" height="10" width="10" style="visibility: hidden; position: absolute; top: -1000px; left: -1000px;"> </iframe> <form id="collectionForm" target='collectionFrame' name="devicedata" method="POST" action="https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect"> <!-- POST Parameters: is the JWT which is the Authentication JWT with the ReferenceId from the BIN Intelligence API Response --> <input type="hidden" name="JWT" value="…" /> </form> <script>window.onload = function () { // Auto submit form on page load document.getElementById('collectionForm').submit(); } </script>
Our Google Pay Processor Page may help answer additional integration questions.
gatewayMerchantId
you register for at Google for Google Pay must be "G"
with your 6-digit clientID (and if applicable 4-8 digit subclientID) appended.For example:
gatewayMerchantId G1234560001
gatewayMerchantId G123456
"tabapay"
(case-sensitive) as your gatewayId
.authMethod
should I use for Google Pay?PAN_ONLY
and/or CRYPTOGRAM_3DS
. While the merchant can choose their authMethod
, TabaPay strongly encourages the sole use of authMethod CRYPTOGRAM_3DS
to mitigate fraud.PaymentMethodToken
?PaymentMethodToken
that is produced from a Google Pay transaction.authMethod
is CRYPTOGRAM_3DS
, then the PaymentMethodToken
will be mapped to TabaPay's card.mobilePay
fields. See the mapping below:Google Pay PaymentMethodToken | TabaPay card.mobilePay |
---|---|
pan | accountNumber |
expirationMonth expirationYear | expirationDate YYYYMM |
cryptogram | cryptogram |
eciIndicator (optional) | eciIndicator (optional) |
network
in the card.mobilePay
. The type of card (debit, credit, prepaid, etc.) is mapped to the type
in card.mobilePay
.authMethod
is PAN_ONLY
, then the Google Pay PaymentMethodToken
will be mapped to TabaPay's card.accountNumber
and card.expirationDate
fields.Google Pay PaymentMethodToken | TabaPay card |
---|---|
pan | accountNumber |
expirationMonth expirationYear | expirationDate YYYYMM |
If the merchant's PCI-compliance does not allow card-handling then the merchant will rely entirely on TabaPay to decrypt the PaymentMethodToken
.
PaymentMethodToken
for Create Transaction?card.device
objectcard.device
:card.device field | Value | Notes |
---|---|---|
id | "GooglePay|GooglePayMerchantID" | GooglePayis a static value GooglePayMerchantID is the Google Pay merchantId you registered with Google |
blob | unaltered, URL-safe base64 encoded, fully encrypted Google Pay PaymentMethodToken | No padding or spaces in your blob, remove any trailing =before sending the request |
You can test in our Sandbox today if you are enabled by our support and operations teams. Ensure any PaymentMethodToken
s you send are produced in the ENVIRONMENT_TEST
.
If you are enabled to test Google Pay in Sandbox, but are not a registered (and approved) Google Pay merchant, use
or GooglePayVisa
piped with (GooglePayMasterCard
) the Google Pay merchantId you will register (or have registered and waiting for approval) as the |
id
in the card.device
object. See examples below:
GooglePayVisa|GooglePayMerchantId
GooglePayMasterCard|GooglePayMerchantId
Refer to the above FAQ: How do I support Google Pay as a merchant? for formatting your Google Pay merchantId.
card.device.blob
?PaymentMethodToken
:{"signature":"MEUCIHDD0DQ9XYJrerxeI0LpCQyFmqFqpJgHeeLqJDhF0z8TAiEA20LF0JUwEmE1dz2BFUgii3NFHzXDDmgsvBTHcdLVZ30\u003d","intermediateSigningKey":{"signedKey":"{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEr6dAac0eKNSjPE4er6DsMA4oTaoUXMERhL+7OOISIKhvo8K5OVrIuWfvKHYE2DNAmZkHSwitRs49gMHs5Q7aeA\\u003d\\u003d\",\"keyExpiration\":\"1606934885430\"}","signatures":["MEYCIQC/uS8hLRz8eZ2aQ4gi50HFW4IxEZcZ8Jj1hJwjaMCCHQIhAI0ry1VEAzGBu0hHrtGfvT11ZqnqFSjEupYS59+lG7NB"]},"protocolVersion":"ECv2","signedMessage":"{\"encryptedMessage\":\"aew8n0SadRGeorqyYSQCcufpnUU1d0+9D0TaCA+WIvSmY8IKtsVzXIJ0Wzsy2dIFHABzlaO5QpB+afyBZpqxET1v5t5bdjPhIREBDL3alkL2Hpteaz5xev+MD2e+JjCpwxhsKk0c8K/7uUDMUeu5Qt4sF+GvrPw4MheAWimNUb2JF+sqEGWmlmNxkOkz0D12xFH43avRkjlctcnNDWLGYhxiROBxePd1Hc5n6O5Nfc+nfx5HhjfNwm3R2Ey2WfVTwzd9pJ7xxXS/nd71C+cCSuIdMRDqgZxzjvSIMvkA8BBDSPTIAaurXo04uQRbqt+XW1JKOGSJkv7YccEUvnYnyDhP9YFCV6K8B7iCIMsvoKy1uaCVXNosjUKb3GuS3XvB8O8pylvuOWy0WMWK7zP3hGW8k5ruKTLadr2cytaBVt+5/oe7xkH8epjoVnuaNGgzZFl0blKwVtidLxKZ5S518oaZ6wu/+KkIDXR/2gCRk+oTPO2J9w8HoFJXuGWN1wLpdJ2nWdg4U3p83w/MEx7pUHGjcMDAdKvjnYrIMJwhRJBdqSyvCPdb574Uqbp1VUstDaBmHUR5xWVV8tBEj4lPq9C93nJdK3vsK078tAPmUwCyRkX2YwCbPrF7g8kVMuVwG7bgw4pn6BtgLaqkUD2xajWweRk\\u003d\",\"ephemeralPublicKey\":\"BOhQaWVgF2TAnFeypb/wxVGGSaSGlPfprP/ajMOI59VP6P/coWpWmMHrzi3IXI2AhaIHHrwM7xhsBheb6sxh8lQ\\u003d\",\"tag\":\"BGdAtaVKKP5vv6kTw9uJCZASdy8M0BAIUdTl/y/0vgU\\u003d\"}"}
card.device.blob
eyJzaWduYXR1cmUiOiJNRVVDSUhERDBEUTlYWUpyZXJ4ZUkwTHBDUXlGbXFGcXBKZ0hlZUxxSkRoRjB6OFRBaUVBMjBMRjBKVXdFbUUxZHoyQkZVZ2lpM05GSHpYRERtZ3N2QlRIY2RMVlozMFx1MDAzZCIsImludGVybWVkaWF0ZVNpZ25pbmdLZXkiOnsic2lnbmVkS2V5Ijoie1wia2V5VmFsdWVcIjpcIk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRXI2ZEFhYzBlS05TalBFNGVyNkRzTUE0b1Rhb1VYTUVSaEwrN09PSVNJS2h2bzhLNU9Wckl1V2Z2S0hZRTJETkFtWmtIU3dpdFJzNDlnTUhzNVE3YWVBXFx1MDAzZFxcdTAwM2RcIixcImtleUV4cGlyYXRpb25cIjpcIjE2MDY5MzQ4ODU0MzBcIn0iLCJzaWduYXR1cmVzIjpbIk1FWUNJUUMvdVM4aExSejhlWjJhUTRnaTUwSEZXNEl4RVpjWjhKajFoSndqYU1DQ0hRSWhBSTByeTFWRUF6R0J1MGhIcnRHZnZUMTFacW5xRlNqRXVwWVM1OStsRzdOQiJdfSwicHJvdG9jb2xWZXJzaW9uIjoiRUN2MiIsInNpZ25lZE1lc3NhZ2UiOiJ7XCJlbmNyeXB0ZWRNZXNzYWdlXCI6XCJhZXc4bjBTYWRSR2VvcnF5WVNRQ2N1ZnBuVVUxZDArOUQwVGFDQStXSXZTbVk4SUt0c1Z6WElKMFd6c3kyZElGSEFCemxhTzVRcEIrYWZ5QlpwcXhFVDF2NXQ1YmRqUGhJUkVCREwzYWxrTDJIcHRlYXo1eGV2K01EMmUrSmpDcHd4aHNLazBjOEsvN3VVRE1VZXU1UXQ0c0YrR3ZyUHc0TWhlQVdpbU5VYjJKRitzcUVHV21sbU54a09rejBEMTJ4Rkg0M2F2UmtqbGN0Y25ORFdMR1loeGlST0J4ZVBkMUhjNW42TzVOZmMrbmZ4NUhoamZOd20zUjJFeTJXZlZUd3pkOXBKN3h4WFMvbmQ3MUMrY0NTdUlkTVJEcWdaeHpqdlNJTXZrQThCQkRTUFRJQWF1clhvMDR1UVJicXQrWFcxSktPR1NKa3Y3WWNjRVV2bllueURoUDlZRkNWNks4QjdpQ0lNc3ZvS3kxdWFDVlhOb3NqVUtiM0d1UzNYdkI4TzhweWx2dU9XeTBXTVdLN3pQM2hHVzhrNXJ1S1RMYWRyMmN5dGFCVnQrNS9vZTd4a0g4ZXBqb1ZudWFOR2d6WkZsMGJsS3dWdGlkTHhLWjVTNTE4b2FaNnd1LytLa0lEWFIvMmdDUmsrb1RQTzJKOXc4SG9GSlh1R1dOMXdMcGRKMm5XZGc0VTNwODN3L01FeDdwVUhHamNNREFkS3ZqbllySU1Kd2hSSkJkcVN5dkNQZGI1NzRVcWJwMVZVc3REYUJtSFVSNXhXVlY4dEJFajRsUHE5QzkzbkpkSzN2c0swNzh0QVBtVXdDeVJrWDJZd0NiUHJGN2c4a1ZNdVZ3RzdiZ3c0cG42QnRnTGFxa1VEMnhhald3ZVJrXFx1MDAzZFwiLFwiZXBoZW1lcmFsUHVibGljS2V5XCI6XCJCT2hRYVdWZ0YyVEFuRmV5cGIvd3hWR0dTYVNHbFBmcHJQL2FqTU9JNTlWUDZQL2NvV3BXbU1IcnppM0lYSTJBaGFJSEhyd003eGhzQmhlYjZzeGg4bFFcXHUwMDNkXCIsXCJ0YWdcIjpcIkJHZEF0YVZLS1A1dnY2a1R3OXVKQ1pBU2R5OE0wQkFJVWRUbC95LzB2Z1VcXHUwMDNkXCJ9In0
See our Google Pay Processor Page.
Bank Statement Field | TabaPay default | Override |
---|---|---|
Company Name | Merchant Name Configured during on-boarding | Soft Descriptor Name |
Bank Statement Field | TabaPay default | Configurable? | Override |
---|---|---|---|
Reference Number | referenceID | No | N/A |
Date | Date of RTP Request | No | N/A |
Name of Sender | Merchant Name Configured during on-boarding | Yes | Soft Descriptor Name |
Name of Ultimate Sender | N/A | Yes | Corresponding Name |
Amount | amount | N | N/A |
Repeating trying to refresh Transaction Data may cause our WAF and/or IDS/IPS to blacklist you and eventually your access will be revoked.
WebSite | Operational Times |
---|---|
Clients WebSite | Mon - Fri between 6am PT - 9pm PT |
ClientsOps WebSite | Mon - Fri between 9am PT - 6pm PT |
So what are some Anti-Patterns we have seen from Clients while using the TabaPay API?
You should always use:
API | Expected Usage |
---|---|
Retrieve Client | 0 % |
Create Key | 0 to 1 % |
Retrieve Key | 0 % |
Delete Key | 0 % |
Query Card | 39 % |
Create Account | 5 % |
Retrieve Account | 0 to 1 % |
Update Account | 0 to 1 % |
Delete Account | 0 to 1 % |
Create Transaction | 47 % |
Retrieve Transaction | 0 % |
Delete Transaction | 6 % |
If you are outside these expected usage, your ClientID may be detected to be performing Anti-Pattern behavior and is subject to our Anti-Pattern Behavior Detection. You might want to consider using our future TabaPay PayFac Platform, see Future FAQ.
Our Anti-Pattern Behavior Detection has actually already caught numerous bugs in a few of our clients' code. So it does really work, but unfortunately we will need to protect our Systems from a runaway bug, so we will have to stop this behavior before it causes any issues... This means:
A client doesn't know what transactions they sent to us, so they were sending a Retrieve Transaction with ReferenceID for all the possible Transactions they have Created even those not processed by us, so >99% of all this traffic was a Retrieve Transaction failure with SC=404, Not Found. That was >99%...
A client doesn't know what transactions they sent to us, so they were sending us 10 calls to Retrieve Transaction with ReferenceID (not actual but just an example) of:
What was incorrect?
A client was using us to determine if an account was already added or not, so they were sending us a Create Account and expecting:
Another client was using us to determine if an account was already added or not, so they were sending us a Retrieve Account with ReferenceID (not actual but just an example) of:
What was incorrect?
This same client was also doing this behavior:
From a Real Life Example described above:
Just think if all the clients where sending us requests where >90% of all these requests were basically useless.
No
If you do, then the Duplicate Card Check feature might no longer be valid.
So, if you decide to do this (mixing), you might as well NOT use this feature, since using this feature will incur an extra charge (fee)...
Status Code | Account Created? | Duplicate Card Check |
---|---|---|
200 | ✔ Yes | ✔ Yes, No Match |
207 | ✔ Yes | ✘ Processing Error |
409 | ✘ No | ✔ Yes, Match |
Status Code | Account Updated? | Duplicate Card Check |
---|---|---|
200 | ✔ Yes | ✔ Yes, No Match |
207 | ✔ Yes | ✘ Processing Error |
409 | ✘ No | ✔ Yes, Match |
Status Code | Account Deleted? | Duplicate Card Check |
---|---|---|
200 | ✔ Yes | ✔ Yes |
207 | ✔ Yes | ✘ Processing Error |