Notices and Versions
Come here often and look for important information, including information about current and future releases...Notices
Important Notice regarding Sandbox Environment
Network Connectivity to the Sandbox Environment should be restored as of 12/07/2018. In the future, inactive IP Addresses will be disabled in the Sandbox Environment. Contact TabaPay Support if you need to reenable a disabled IP Address. If you need more IP Addresses whitelisted, consider using a Proxy (or our Proxy).
4th Quarter is always time for our many Annual (and Quarterly) PCI Tasks. So we will be busy working on our many PCI Tasks. Also, every Quarter as part of our PCI Tasks, we will be trimming the Sandbox Database. We have noticed that some are creating:
- too many Keys
- too many Accounts (a lot seem to be just Duplicates)
- too many Active Keys
- too many Duplicate Accounts
We are trying to have a code freeze (blackout) period between 12/10/2018-01/02/2019 for the holidays.
Release v0.16.20181205 was deployed on 12/05/2018 in the Sandbox Environment and (planned) on 12/09/2018 in the Production Environment.
There should be no expectations on the Sandbox Environment, see the FAQ for the Sandbox Environment. The Sandbox Environment uses Simulators, so the accuracy of these Simulators may not be exactly the same as you will see in Production. For example, AVS calls will most likely always return a Network Response Code of 85, we will change the Simulator in the near future to reflect this.
Ready for Production? Please read the Production FAQ.
We have multiple Environments:
- Production
- Sandbox
- QA
- Dev
We will try not to update this WebSite before the corresponding Code Release to the Sandbox Environment. However, this WebSite might be slightly ahead of the Code Release to the Sandbox and Production Environments. So some things that are described on this WebSite may not yet be available and working in the Environment you are using.
Operations Notes
On Sandbox Environment, your Client will now be limited to the IPs Whitelisted for that Client. If you have more than one Client, you will need to specify the IPs to be Whitelisted for each Client separately. This will also be implemented on the Production Environment soon...
Questions of the Month (or Answers of the Month):
Creating unused and/or inactive Accounts will result in:
- These Accounts incurring an extra charge (fee)
- These Accounts being automatically deleted
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
If you need help, please contact support@TabaPay.com with the following:
- Date and Time of the Request and Time Zone (we have many Clients in many different parts of the world)
- URL
- Request Data
- HTTP Status Code
- Response Data (if any, JSON or HTML)
WebSite Updates
This WebSite was last updated on 12/05/2018 at 17:35 PST.Versions
View details of the major changes for all Versions.| Version | Environment | ||
|---|---|---|---|
| Dev / QA | Sandbox | Production | |
| 0.17 | v0.17.2018XXXX | ||
| 0.16 | v0.16.20181205 | ||
| 0.15 | v0.15.20180920 | ||
| 0.14 | v0.14.20180628 | ||
| 0.13 0.09 | v0.13.20180416 v0.09.20180416 | ||
| 0.12 0.08 | v0.12.20180212 v0.08.20180212 | ||
| 0.11 0.07 | v0.11.20180125 v0.07.20180125 | ||
| 0.10 0.06 | v0.10.20171215 v0.06.20171215 | ||
| 0.05 | v0.05.20171015 | ||
| 0.04 | v0.04.20170920 | ||
| 0.03 | v0.03.20170823 | ||
| 0.02 | v0.02.20170805 | ||
| 0.01 | v0.01.20170711 | ||
Developers WebSite
This WebSite is a SPA (Single Page Application), which means:- the Back button will not work as expected, navigation will require the use of the links on:
- the top right hand side of the page
- and the left hand side of the page
- the complete WebSite can be used when you are offline (not connected to the internet)
Terms and Conditions
By using this WebSite and/or using the software (API), you agree that neither this WebSite nor the information disclosed therein nor the software nor any part thereof shall be reproduced or transferred to other WebSites or documents nor used or disclosed for any purpose except as specifically authorized in writing by TabaPay.This WebSite is preliminary and is subject to change.
TabaPay makes no representation or warranties, expressed or implied, as to the truth or accuracy of any information contain herein. This WebSite may include typographical errors and technical inaccuracies. This WebSite is provided "as is" and all expressed or implied conditions, representations and warranties, including any implied warranty of merchantability, fitness for a particular purpose, or non-infringement, are disclaimed; except to the extent that such disclaimers are held to be legally invalid.
The URLs and ResourceIDs specified on this WebSite are only used for illustrative purposes (temporary place holders and/or samples) and does not reflect the actual URLs and ResourceIDs to be used (in Sandbox or Production). Please contact TabaPay Support for the actual URLs and ResourceIDs to be used for your situation.
Overview
The TabaPay Web Service (API) is just a simple RESTful Web Service that uses standard HTTPS to:- connect
- send request
- receive response
- disconnect
HTTP Header
Authorization: Bearer <TokenValue>Content-type: application/json
HTTP Cookies
No cookies are used.IP Whitelisting
Only the IP Addresses that you specify to us will work. Our Firewalls will block all non-whitelisted IP Addresses.You will need to reverify your IP Addresses every year, otherwise they will be removed.
Client Certificate
Possible future support, but from past experience, no one really wanted to use Client Certificates.Resources
The TabaPay Web Service (API) consist of the following resources and operations (methods):Some characteristics of a Resource are:- A Resource cannot be shared across Clients
- A Resource is identified by a ResourceID
- A Resource can be identified by multiple different ResourceIDs
Resource IDs
Some characteristics of a ResourceID are:- A ResourceID identifies a Resource
- A ResourceID can expire (by the number of days since creation)
- A ResourceID is 22 characters in length
- A ResourceID is made up of only Base64 URL-Safe characters:● A-ZUppercase alphabetic characters● a-zLowercase alphabetic characters● 0-9Digits● -Minus Sign● _Underscore
Client
This resource represents a Client.The only operation available for this resource is:
● Retrieve
Retrieves the attributes of a Client
Only TabaPay can:
● Create
● Update
including locking a Client
● Delete
Retrieve Client
Retrieves the attributes of a Client.URL
https://<FQDN>/v1/clients/<ClientID>
HTTP Method
GET
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Client's Attributes are returned. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| 200 | Other | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | O | |||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | O | |||
| EM | String | Error Message | O | ||||
| label | String (no whitespaces) | Client Label | ✔ | ||||
| networks | object | List of Available Networks | ✔ | ||||
| pull | array of Strings | For Pull Transactions Array can be empty or is a List of Network Names | ✔ | ||||
| push | array of Strings | For Push Transactions Array can be empty or is a List of Network Names | ✔ | ||||
| limits | object | ✔ | |||||
| currency | String 3-digits | ISO 4217 Currency Number | ✔ | ||||
| pull | object | ✔ | |||||
| transaction | String Amount | Pull Transaction Limit | ✔ | ||||
| daily | String Amount | Approximate Pull Daily Limit | ✔ | ||||
| networks | array of objects | List of Network Limits Network is listed only if different from above Pull Limits | O | ||||
| network | String | Network Name | ✔ | ||||
| transaction | String Amount | Network Pull Transaction Limit | ✔ | ||||
| daily | String Amount | Approximate Network Pull Daily Limit | ✔ | ||||
| push | object | ✔ | |||||
| transaction | String Amount | Push Transaction Limit | ✔ | ||||
| daily | String Amount | Approximate Push Daily Limit | ✔ | ||||
| networks | array of objects | List of Network Limits Network is listed only if different from above Push Limits | O | ||||
| network | String | Network Name | ✔ | ||||
| transaction | String Amount | Network Push Transaction Limit | ✔ | ||||
| daily | String Amount | Approximate Network Push Daily Limit | ✔ | ||||
View
Hide
Samples Client's Attributes returned:
Client not found:
Client locked:
{
"SC": 200,
"EC": "0",
"label": "ClientLabel",
"networks":
{
"pull":
[
"STAR",
"Visa"
],
"push":
[
"STAR",
"CU24",
"Visa"
]
},
"limits":
{
"currency": "840",
"pull":
{
"transaction": "0.25",
"daily": "1.00"
},
"push":
{
"transaction": "0.25",
"daily": "1.00",
"networks":
[
{
"network": "CU24",
"transaction": "0.20",
"daily": "1.00"
}
]
}
}
}
Client not found:
{
"SC": 404,
"EC": "3A100000",
"EM": "Not Found"
}
Client locked:
{
"SC": 423,
"EC": "3A100000",
"EM": "Locked"
}
Notes
The Client Label is the human readable identifier used to identify you versus using your ClientID. It may be used:
- in part of the file name for various Reports we generate for you, and
- in part of the URL for access to the Client WebSite.
Key
This resource represents a RSA Encryption Key.The operations that are available for this resource are:
Create Key
Creates a Key.URL
https://<FQDN>/v1/clients/<ClientID>/keys
HTTP Method
POST
Request
Request Data
| JSON Name | Value | Required | Default | Description | ||
|---|---|---|---|---|---|---|
| format | String | R | Public Key Response Format, either:
| |||
| expiration | Integer Between 1 and 365 | R | Key Expiration Time:
| |||
View
Hide
Samples ASN.1
{
"format": "ASN.1",
"expiration": 365
}
Raw (Modulus and Public Exponent)
{
"format": "Raw",
"expiration": 365
}
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | A Key is created. |
| 429 | Too Many Requests | Created too many Keys See Notes Below... |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| ASN.1 | Raw | Other | |||||
| 200 | 200 | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | O | ||
| EM | String | Error Message | O | ||||
| keyID | String 22-characters | KeyID | ✔ | ✔ | |||
| key | String | ASN.1 encoded in Base64 URL-Safe Character Set | ✔ | ||||
| keyModulus | String | Modulus encoded in Base64 URL-Safe Character Set | ✔ | ||||
| keyExponent | String | Public Exponent encoded in Base64 URL-Safe Character Set | ✔ | ||||
| expiration | String | Key Expiration in yyyy-MM-ddTHH:mm:ssZ Format. | ✔ | ✔ | |||
View
Hide
Samples Key created returned in ASN.1 format:
{
"SC": 200,
"EC": "0",
"keyID": "TabaPay_KeyID_22-chars",
"key": "Base64_Encoded_Key",
"expiration": "2017-04-03T00:00:00Z"
}
Key created returned in Raw format:
{
"SC": 200,
"EC": "0",
"keyID": "TabaPay_KeyID_22-chars",
"keyModulus": "Base64_Encoded_Modulus",
"keyExponent": "Base64_Encoded_Exponent",
"expiration": "2017-04-03T00:00:00Z"
}
Notes
You should have at most 2 keys active at any one time. If you create more than 2 keys that are currently active (expiration date), you might get a return of SC=429, Too Many Requests. However, if the system detects that there are more than 2 keys that are currently active (expiration date), the system may automatically delete the older keys until there are at most 2 keys that are currently active.
Retrieve Key
Retrieves the Key.URL
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>?Format=ASN.1
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>?Format=Raw
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>?Format=ASN.1
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>?Format=Raw
HTTP Method
GET
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Key is returned. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| ASN.1 | Raw | Other | |||||
| 200 | 200 | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | O | ||
| EM | String | Error Message | O | ||||
| key | String | ASN.1 encoded in Base64 URL-Safe Character Set | ✔ | ||||
| keyModulus | String | Modulus encoded in Base64 URL-Safe Character Set | ✔ | ||||
| keyExponent | String | Public Exponent encoded in Base64 URL-Safe Character Set | ✔ | ||||
| expiration | String | Key Expiration in yyyy-MM-ddTHH:mm:ssZ Format. | ✔ | ✔ | |||
View
Hide
Samples Key returned in ASN.1 format:
{
"SC": 200,
"EC": "0",
"keyID": "TabaPay_KeyID_22-chars",
"key": "Base64_Encoded_Key",
"expiration": "2017-04-03T00:00:00Z"
}
Key returned in Raw format:
{
"SC": 200,
"EC": "0",
"keyID": "TabaPay_KeyID_22-chars",
"keyModulus": "Base64_Encoded_Modulus",
"keyExponent": "Base64_Encoded_Exponent",
"expiration": "2017-04-03T00:00:00Z"
}
Notes
The default Format is Raw.
Delete Key
Deletes a Key.URL
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>
HTTP Method
DELETE
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Key is marked for deletion. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | |||
|---|---|---|---|---|---|---|
| 200 | Other | |||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | O | ||
| EM | String | Error Message | O | |||
View
Hide
Samples Key deleted:
Key not found:
Key already marked for deletion:
{
"SC": 200,
"EC": "0"
}
Key not found:
{
"SC": 404,
"EC": "10000000"
}
Key already marked for deletion:
{
"SC": 410,
"EC": "50000000"
}
Notes
Keys are automatically deleted after their expiration.
Card
This resource represents a Payment Card (Debit Card, PrePaid Card, or Credit Card).The only operation available for this resource is:
● Query
Returns the attributes for the requested Payment Card
Query Card
Returns the attributes for the requested Payment Card. Optionally:- AVS Check (Address Verification)
- Fees Check
- Verify Name with Phone Number
If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/cards
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS
https://<FQDN>/v1/clients/<ClientIDISO>/cards?Verify
https://<FQDN>/v1/clients/<ClientIDISO>/cards?Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS+Verify
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS+Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?Verify+Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS+Verify+Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS
https://<FQDN>/v1/clients/<ClientIDISO>/cards?Verify
https://<FQDN>/v1/clients/<ClientIDISO>/cards?Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS+Verify
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS+Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?Verify+Fees
https://<FQDN>/v1/clients/<ClientIDISO>/cards?AVS+Verify+Fees
HTTP Method
POST
Request
Request Data
| JSON Name | Value | Required | Default | Description | Conditional | ||
|---|---|---|---|---|---|---|---|
| networks | String | O | List of Network Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||
| cardTypesPull | String | O | List of Card Type Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||
| cardTypesPush | String | O | |||||
| account | object | CR | Either Account or Card | Account | |||
| accountID | String 22 characters | R | AccountID | Account | |||
| securityCode | String 3-4 digits | O | CVV2 | Account AVS | |||
| card | object | CR | Either Account or Card Either Payment Card Not Encrypted:
| Card Data Encrypted? | |||
| accountNumber | String 13-19 digits | R n | Payment Card Account Number | Card Not Encrypted | |||
| expirationDate | String YYYYMM Format | O n RAVS | Expiration Date | Card Not Encrypted AVS | |||
| securityCode | String 3-4 digits | O n | CVV2 | Card Not Encrypted AVS | |||
| keyID | String 22 characters | R e | KeyID | Card Encrypted | |||
| mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | Card Encrypted | ||
| data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | Card Encrypted | |||
| token | String | ® t | Card Token (from SSO) Restricted Usage | Card Token | |||
| device | object | ® d | Card Data from P2PE Device Restricted Usage | Device | |||
| id | String | ® d | Device Identifier | Device | |||
| blob | Hex String | ® d | Blob in Hex | Device | |||
| owner | object | C | Card Holder | AVS / Verify | |||
| name | object | C | Name on Card | Verify | |||
| first | String | R | First Name | Verify | |||
| middle | String | O | Middle Name or Initial | Verify | |||
| last | String | R | Last Name | Verify | |||
| suffix | String | O | Suffix | Verify | |||
| address | object | C | Billing Address | AVS | |||
| line1 | String | O | Address Line 1, for AVS, see notes below | AVS | |||
| line2 | String | O | Address Line 2 | AVS | |||
| city | String | O | City | AVS | |||
| state | String 2-character code | O | State Code | AVS | |||
| zipcode | String | R | Zip Code | AVS | |||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | AVS | ||
| phone | object | C | Phone Number (E.164 Numbering) | Verify | |||
| countryCode | String 1-3 digits | O | 1 | Country Calling Code | Verify | ||
| number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | Verify | |||
| currency | String 3-digits | O | 840 | ISO 4217 Currency Number | Fees Check | ||
| amount | String Amount | C | Amount of Transaction | Fees Check | |||
| timeout | Number Between 15 and 50 | O | 39 | Maximum time to wait for AVS and/or Verify Response | AVS / Verify | ||
(Encrypted) Card Data
| Field | Required | Description | UnEncrypted Card Data Format |
|---|---|---|---|
| Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | Security Code (no spaces, pipe symbol separated) see samples |
| Expiration Date | O RAVS | Expiration date in YYYYMM Format | |
| Security Code | O | 3 or 4 digit CVV2 |
View
Hide
Samples Query Card:
Query Card and Fees Check:
Unencrypted Card Data:
{
"card":
{
"accountNumber": "9999999999999999"
}
}
Query Card using Encrypted Data:
{
"card":
{
"keyID": "TabaPay_KeyID_22-chars",
"data": "Base64_Encoded_Encrypted_Data"
}
}
Query Card using AccountID:
{
"account":
{
"accountID": "TabaPay_AccountID_22ch"
}
}
Query Card and Fees Check:
{
"card":
{
"accountNumber": "9999999999999999"
},
"amount": "0.50"
}
Unencrypted Card Data:
1111111111111111|| where Card Number: 1111111111111111 Expiration Date: None Security Code: None
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: None
1111111111111111|203001|333 where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: 333
1111111111111111||333 where Card Number: 1111111111111111 Expiration Date: None Security Code: 333
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Payment Card's Attributes are returned. |
| 207 | Multi-Status | One or more Failures occurred while processing the Request. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | Conditional | ||||
|---|---|---|---|---|---|---|---|---|
| 200 | 207 | Other | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | O | |||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | O | |||
| EM | String | Error Message | O | |||||
| card | object | Card Attributes | ✔ | ✔ | ||||
| pull | object | Debit Transaction | ✔ | ✔ | ||||
| enabled | Boolean | ✔ | ✔ | |||||
| network | String | O | O | |||||
| type | String | Credit, Debit, Prepaid | O | O | ||||
| regulated | Boolean | O | O | |||||
| currency | String 3-digits | ISO 4217 Currency Number | O | O | ||||
| country | String 3-digit code | ISO 3166-1 Country Code | O | O | ||||
| push | object | Credit Transaction | ✔ | ✔ | ||||
| enabled | Boolean | ✔ | ✔ | |||||
| network | String | O | O | |||||
| type | String | Credit, Debit, Prepaid | O | O | ||||
| availability | String | Estimated Funds Availability | O | O | ||||
| regulated | Boolean | O | O | |||||
| currency | String 3-digits | ISO 4217 Currency Number | O | O | ||||
| country | String 3-digit code | ISO 3166-1 Country Code | O | O | ||||
| AVS | object | AVS Results | C | C | AVS | |||
| networkRC | String 2 or 3-character code | Network Response Code | ✔ | O | AVS | |||
| authorizeID | String | ID | ✔ | O | AVS | |||
| resultText | String | AVS Result Text | ✔ | O | AVS | |||
| codeAVS | String | AVS Response Code | ✔ | O | AVS | |||
| codeSecurityCode | String | Security Code Response Code | ✔ | O | AVS | |||
| EC | String 1 or 8-characters | Internal Error Code | O | AVS | ||||
| fees | object | Fees Check | C | C | Fees Check | |||
| pull | object | Debit Transaction | O | O | Fees Check | |||
| interchange | String Amount | Interchange Fees | ✔ | ✔ | Fees Check | |||
| network | String Amount | Network Fees | ✔ | ✔ | Fees Check | |||
| tabapay | String Amount | TabaPay Fees | ✔ | ✔ | Fees Check | |||
| push | object | Credit Transaction | O | O | Fees Check | |||
| interchange | String Amount | Interchange Fees | ✔ | ✔ | Fees Check | |||
| network | String Amount | Network Fees | ✔ | ✔ | Fees Check | |||
| tabapay | String Amount | TabaPay Fees | ✔ | ✔ | Fees Check | |||
View
Hide
Samples Query Card:
Query Card (pull disabled):
Query Card (push disabled):
Query Card (disabled/unsupported):
{
"SC": 200,
"EC": "0",
"card":
{
"pull":
{
"enabled": true,
"network": "Visa",
"type": "Debit",
"regulated": true,
"currency": "840",
"country": "840"
},
"push":
{
"enabled": true,
"network": "Visa",
"type": "Debit",
"regulated": true,
"currency": "840",
"country": "840",
"availability": "Immediate"
}
}
}
Query Card (pull disabled):
{
"SC": 200,
"EC": "0",
"card":
{
"pull":
{
"enabled": false
},
"push":
{
"enabled": true,
"network": "Visa",
"type": "Debit",
"regulated": true,
"currency": "840",
"country": "840",
"availability": "Immediate"
}
}
}
Query Card (push disabled):
{
"SC": 200,
"EC": "0",
"card":
{
"pull":
{
"enabled": true,
"network": "Visa",
"type": "Debit",
"regulated": true,
"currency": "840",
"country": "840"
},
"push":
{
"enabled": false
}
}
}
Query Card (disabled/unsupported):
{
"SC": 200,
"EC": "0",
"card":
{
"pull":
{
"enabled": false
},
"push":
{
"enabled": false
}
}
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
There is an extra charge (fee) for using Query Card and there is also an additional charge (fee) for using AVS.
Creating an Account just to do a Query Card is not the valid way to use our API (it is an Anti-Pattern). As we try to show in the Sample Flows: Query Card should be done first before Creating an Account, this is the correct Pattern (or use of our API).
If using Account, only:
For AVS, Address Line 1 is optional, but you will get an AVS Code that says only Zip Code was matched (or not) and Address was not matched.
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
There is an extra charge (fee) for using Query Card and there is also an additional charge (fee) for using AVS.
Creating an Account just to do a Query Card is not the valid way to use our API (it is an Anti-Pattern). As we try to show in the Sample Flows: Query Card should be done first before Creating an Account, this is the correct Pattern (or use of our API).
Creating unused and/or inactive Accounts will result in:
- These Accounts incurring an extra charge (fee)
- These Accounts being automatically deleted
- Your Requests failing
- Your Client being locked
If using Account, only:
- Card Account Number
- Expiration Date (for AVS)
For AVS:
- Security Code
- Owner Address
For Verify:
- Owner Name
- Owner Phone
For AVS, Address Line 1 is optional, but you will get an AVS Code that says only Zip Code was matched (or not) and Address was not matched.
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
| card.mode | Description |
|---|---|
| 0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
| 1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
| 2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.
Account
This resource represents a Client's Account.The operations that are available for this resource are:
● Create
Creates an Account containing a Payment Card Account Number
● Retrieve
Retrieves an Account, but the full Payment Card Account Number is never returned
● Update
Updates an Account
● Delete
Deletes an Account
Create Account
Creates an Account.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/accounts
HTTP Method
POST
Request
Request Data
| JSON Name | Value | Required | Default | Description | Conditional | ||
|---|---|---|---|---|---|---|---|
| referenceID | String 1-15 characters | R | Your unique Reference ID | ||||
| card | object | R | Either Payment Card Not Encrypted:
| Payment Card | |||
| accountNumber | String 13-19 digits | R n | Payment Card Account Number | Payment Card Not Encrypted | |||
| expirationDate | String YYYYMM Format | R n | Expiration Date | Payment Card Not Encrypted | |||
| keyID | String 22 characters | R e | KeyID | Payment Card Encrypted | |||
| mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | Payment Card Encrypted | ||
| data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | Payment Card Encrypted | |||
| token | String | ® t | Card Token (from SSO) Restricted Usage | Card Token | |||
| device | object | ® d | Card Data from P2PE Device Restricted Usage | Device | |||
| id | String | ® d | Device Identifier | Device | |||
| blob | Hex String | ® d | Blob in Hex | Device | |||
| owner | object | R | Account Owner | ||||
| name | object | R | Name | ||||
| first | String | R | First Name | ||||
| middle | String | O | Middle Name or Initial | ||||
| last | String | R | Last Name | ||||
| suffix | String | O | Suffix | ||||
| address | object | O | Address | ||||
| line1 | String | R | Address Line 1 | ||||
| line2 | String | O | Address Line 2 | ||||
| city | String | R | City | ||||
| state | String 2-character code | R | State Code | 840 | |||
| zipcode | String | R | Zip Code | 840 | |||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | 840 | ||
| phone | object | O | Phone Number (E.164 Numbering) | 840 | |||
| countryCode | String 1-3 digits | O | 1 | Country Calling Code | 840 | ||
| number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | 840 | |||
(Encrypted) Card Data
| Field | Required | Description | UnEncrypted Card Data Format |
|---|---|---|---|
| Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | (no spaces, pipe symbol separated) see samples |
| Expiration Date | R | Expiration date in YYYYMM Format |
View
Hide
Samples Create Payment Card Account:
Unencrypted Card Data:
{
"referenceID": "1",
"card":
{
"accountNumber": "9999999999999999",
"expirationDate": "202012"
},
"owner":
{
"name":
{
"first": "John",
"last": "Customer"
},
"address":
{
"line1": "465 Fairchild Drive",
"line2": "Suite #222",
"city": "Mountain View",
"state": "CA",
"zipcode": "94043"
},
"phone":
{
"number": "4159808222"
}
}
}
Unencrypted Card Data:
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | An Account is Created. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | |||
|---|---|---|---|---|---|---|
| 200 | Other | |||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | O | ||
| EM | String | Error Message | O | |||
| accountID | String 22-characters | AccountID | ✔ | |||
View
Hide
Samples Account created:
{
"SC": 200,
"EC": "0",
"accountID": "TabaPay_AccountID_22ch"
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
Creating an Account just to do a Query Card is not the valid way to use our API (it is an Anti-Pattern). As we try to show in the Sample Flows: Query Card should be done first before Creating an Account, this is the correct Pattern (or use of our API).
Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
Creating an Account just to do a Query Card is not the valid way to use our API (it is an Anti-Pattern). As we try to show in the Sample Flows: Query Card should be done first before Creating an Account, this is the correct Pattern (or use of our API).
Creating unused and/or inactive Accounts will result in:
- These Account incurring an extra charge (fee)
- These Account being automatically deleted
- Your Requests failing
- Your Client being locked
| card.mode | Description |
|---|---|
| 0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
| 1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
| 2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Retrieve Account
Retrieves the Account.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/accounts/<AccountID>
https://<FQDN>/v1/clients/<ClientIDISO>/accounts?referenceID=<ReferenceID>
https://<FQDN>/v1/clients/<ClientIDISO>/accounts?referenceID=<ReferenceID>
HTTP Method
GET
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Account is retrieved. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| AID | RID | Other | |||||
| 200 | 200 | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | O | ||
| EM | String | Error Message | O | ||||
| referenceID | String | ReferenceID | ✔ | ||||
| accountID | String 22-characters | AccountID | ✔ | ||||
| card | object | Card | O | O | |||
| last4 | String 4-digits | Last 4 of Card Number | O | O | |||
| expirationDate | String 6-digits | Expiration Date | O | O | |||
| owner | object | Account Owner | ✔ | ✔ | |||
| name | object | Name | ✔ | ✔ | |||
| first | String | First Name | ✔ | ✔ | |||
| middle | String | Middle Name or Initial | O | O | |||
| last | String | Last Name | ✔ | ✔ | |||
| suffix | String | Suffix | O | O | |||
| address | object | Address | O | O | |||
| line1 | String | Address Line 1 | ✔ | ✔ | |||
| line2 | String | Address Line 2 | O | O | |||
| city | String | City | ✔ | ✔ | |||
| state | String 2-character code | State Code | ✔ | ✔ | |||
| zipcode | String | Zip Code | ✔ | ✔ | |||
| country | String 3-digit code | ISO 3166-1 Country Code | O | O | |||
| phone | object | Phone Number (E.164 Numbering) | O | O | |||
| countryCode | String 1-3 digits | Country Calling Code | O | O | |||
| number | String Min: 4 digits Max: 12-14 digits | Phone Number | ✔ | ✔ | |||
View
Hide
Samples Account retrieved using AccountID:
Account retrieved using ReferenceID:
{
"SC": 200,
"EC": "0",
"referenceID": "1",
"card":
{
"last4": "9990",
"expirationDate": "202012"
},
"owner":
{
"name":
{
"first": "John",
"last": "Customer"
},
"address":
{
"line1": "465 Fairchild Drive",
"line2": "Suite #222",
"city": "Mountain View",
"state": "CA",
"zipcode": "94043"
},
"phone":
{
"number": "4159808222"
}
}
}
Account retrieved using ReferenceID:
{
"SC": 200,
"EC": "0",
"accountID": "TabaPay_AccountID_22ch",
"owner":
{
"name":
{
"first": "John",
"last": "Customer"
},
"address":
{
"line1": "465 Fairchild Drive",
"line2": "Suite #222",
"city": "Mountain View",
"state": "CA",
"zipcode": "94043"
},
"phone":
{
"number": "4159808222"
}
}
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
Update Account
Updates the Account.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/accounts/<AccountID>
HTTP Method
PUT
Request
Request Data
| JSON Name | Value | Required | Default | Description | Conditional | ||
|---|---|---|---|---|---|---|---|
| card | object | R | Either Payment Card Not Encrypted:
| Payment Card | |||
| accountNumber | String 13-19 digits | R n | Payment Card Account Number | Payment Card Not Encrypted | |||
| expirationDate | String YYYYMM Format | R n | ExpirationDate | Payment Card Not Encrypted | |||
| keyID | String 22 characters | R e | KeyID | Payment Card Encrypted | |||
| mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | Payment Card Encrypted | ||
| data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | Payment Card Encrypted | |||
| token | String | ® t | Card Token (from SSO) Restricted Usage | Card Token | |||
| device | object | ® d | Card Data from P2PE Device Restricted Usage | Device | |||
| id | String | ® d | Device Identifier | Device | |||
| blob | Hex String | ® d | Blob in Hex | Device | |||
| owner | object | R | Account Owner | ||||
| name | object | R | Name | ||||
| first | String | R | First Name | ||||
| middle | String | O | Middle Name or Initial | ||||
| last | String | R | Last Name | ||||
| suffix | String | O | Suffix | ||||
| address | object | O | Address | ||||
| line1 | String | R | Address Line 1 | ||||
| line2 | String | O | Address Line 2 | ||||
| city | String | R | City | ||||
| state | String 2-character code | R | State Code | 840 | |||
| zipcode | String | R | Zip Code | 840 | |||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | 840 | ||
| phone | object | O | Phone Number (E.164 Numbering) | 840 | |||
| countryCode | String 1-3 digits | O | 1 | Country Calling Code | 840 | ||
| number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | 840 | |||
(Encrypted) Card Data
| Field | Required | Description | UnEncrypted Card Data Format |
|---|---|---|---|
| Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | (no spaces, pipe symbol separated) see samples |
| Expiration Date | R | Expiration date in YYYYMM Format |
View
Hide
Samples Update Payment Card Account:
Unencrypted Card Data:
{
"card":
{
"accountNumber": "9999999999999999",
"expirationDate": "202012"
},
"owner":
{
"name":
{
"first": "John",
"last": "Customer"
},
"address":
{
"line1": "465 Fairchild Drive",
"line2": "Suite #222",
"city": "Mountain View",
"state": "CA",
"zipcode": "94043"
},
"phone":
{
"number": "4159808222"
}
}
}
Unencrypted Card Data:
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Account is Updated. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | |||
|---|---|---|---|---|---|---|
| 200 | Other | |||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | O | ||
| EM | String | Error Message | O | |||
View
Hide
Samples Account updated:
{
"SC": 200,
"EC": "0"
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
Update will delete the previous Account Data and replace the Account Data with the new Data in the Request. An Update Account is basically a Create Account but reusing the AccountID and the ReferenceID. The previous Account Data is deleted and is no longer usable or recoverable.
Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
Update will delete the previous Account Data and replace the Account Data with the new Data in the Request. An Update Account is basically a Create Account but reusing the AccountID and the ReferenceID. The previous Account Data is deleted and is no longer usable or recoverable.
| card.mode | Description |
|---|---|
| 0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
| 1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
| 2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Delete Account
The Account is marked for Deletion.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/accounts/<AccountID>
HTTP Method
DELETE
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Account is marked for deletion. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| 200 | Other | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | O | |||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | O | |||
| EM | String | Error Message | O | ||||
View
Hide
Samples Account marked for deletion:
{
"SC": 200,
"EC": "0"
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
Transaction
This resource represents a Client's Transaction.The operations that are available for this resource are:
Create Transaction
Creates a Transaction.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/transactions
HTTP Method
POST
Request
Request Data
| JSON Name | Value | Required | Default | Description | Choice | ||||
|---|---|---|---|---|---|---|---|---|---|
| referenceID | String 1-15 characters | R | Your unique Reference ID | ||||||
| correspondingID | String 22 characters | O | Corresponding TransactionID (For a Pull Transaction, this would be the corresponding Push Transaction) | ||||||
| type | String 4 characters Either push or pull | R | Transaction Type This is used to verify that your Source and Destination Accounts are valid. | ||||||
| networks | String | O | List of Network Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||||
| cardTypes | String | O | List of Card Type Codes For ISOs, please contact TabaPay Support for details on when and how to use. | ||||||
| accounts | object | R | Accounts | ||||||
| sourceAccountID | String 22 characters | CR | Either Source AccountID or Source Account | SAID | |||||
| sourceAccount | object | CR | Either Source AccountID or Source Account | SA | |||||
| card | object | R | Either Payment Card Not Encrypted:
| SA PC | |||||
| accountNumber | String 13-19 digits | R n | Payment Card Account Number | SA PC Not Encrypted | |||||
| expirationDate | String YYYYMM Format | R n | Expiration Date | SA PC Not Encrypted | |||||
| securityCode | String 3-4 digits | O n | Security Code | SA PC Not Encrypted | |||||
| keyID | String 22 characters | R e | KeyID | SA PC Encrypted | |||||
| mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | SA PC Encrypted | ||||
| data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | SA PC Encrypted | |||||
| token | String | ® t | Card Token (from SSO) Restricted Usage | Card Token | |||||
| device | object | ® d | Card Data from P2PE Device Restricted Usage | Device | |||||
| id | String | ® d | Device Identifier | Device | |||||
| blob | Hex String | ® d | Blob in Hex | Device | |||||
| owner | object | R | Account Owner | SA | |||||
| name | object | R | Name | SA | |||||
| first | String | R | First Name | SA | |||||
| middle | String | O | Middle Name or Initial | SA | |||||
| last | String | R | Last Name | SA | |||||
| suffix | String | O | Suffix | SA | |||||
| address | object | O | Address | SA | |||||
| line1 | String | O | Address Line 1 | SA | |||||
| line2 | String | O | Address Line 2 | SA | |||||
| city | String | O | City | SA | |||||
| state | String 2-character code | O | State Code | SA | |||||
| zipcode | String | O | Zip Code | SA | |||||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | SA | ||||
| phone | object | O | Phone Number (E.164 Numbering) | SA | |||||
| countryCode | String 1-3 digits | O | 1 | Country Calling Code | SA | ||||
| number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | SA | |||||
| destinationAccountID | String 22 characters | CR | Either Destination AccountID or Destination Account | DAID | |||||
| destinationAccount | object | CR | Either Destination AccountID or Destination Account | DA PC | |||||
| card | object | R | Either Payment Card Not Encrypted:
| DA PC | |||||
| accountNumber | String 13-19 digits | R n | Payment Card Account Number | DA PC Not Encrypted | |||||
| expirationDate | String YYYYMM Format | R n | Expiration Date | DA PC Not Encrypted | |||||
| securityCode | String 3-4 digits | O n | CVV2 | DA PC Not Encrypted | |||||
| keyID | String 22 characters | R e | KeyID | DA PC Encrypted | |||||
| mode | Integer 0, 1, or 2 | D e | 2 | Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256 | DA PC Encrypted | ||||
| data | String | R e | Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set | DA PC Encrypted | |||||
| token | String | ® t | Card Token (from SSO) Restricted Usage | Card Token | |||||
| device | object | ® d | Card Data from P2PE Device Restricted Usage | Device | |||||
| id | String | ® d | Device Identifier | Device | |||||
| blob | Hex String | ® d | Blob in Hex | Device | |||||
| owner | object | R | Account Owner | DA | |||||
| name | object | R | Name | DA | |||||
| first | String | R | First Name | DA | |||||
| middle | String | O | Middle Name or Initial | DA | |||||
| last | String | R | Last Name | DA | |||||
| suffix | String | O | Suffix | DA | |||||
| address | object | O | Address | DA | |||||
| line1 | String | O | Address Line 1 | DA | |||||
| line2 | String | O | Address Line 2 | DA | |||||
| city | String | O | City | DA | |||||
| state | String 2-character code | O | State Code | DA | |||||
| zipcode | String | O | Zip Code | DA | |||||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | DA | ||||
| phone | object | O | Phone Number (E.164 Numbering) | DA | |||||
| countryCode | String 1-3 digits | O | 1 | Country Calling Code | DA | ||||
| number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | DA | |||||
| currency | String 3-digits | O | 840 | ISO 4217 Currency Number | |||||
| amount | String Amount | R | Transaction Amount | ||||||
| memo | String Max of 32 characters | O | Memo | ||||||
| regionals | String | O | Regionals Override For ISOs, please contact TabaPay Support for details on when and how to use. | ||||||
| pullOptions | object | O | Additional Pull Options | ||||||
| lender | Boolean | O | Lender | ||||||
| quasiCash | Boolean | O | Quasi-Cash | ||||||
| securityCode | String 3-4 digits | O | CVV2 Valid only when using sourceAccountID (Pull) | ||||||
| recurring | Boolean | O | Recurring Pull Transaction | ||||||
| 3dsECI | String | O | 3d Secure ECI (Electronic Commerce Indicator) | ||||||
| 3dsUCAF | String | O | 3d Secure UCAF (Universal Cardholder Authentication Field)
| ||||||
| 3dsXID | String | O | 3d Secure XID (Transaction ID) | ||||||
| softDescriptor | object | ® | Soft Descriptor Restricted Usage | ® | |||||
| name | String | R | Name | ® | |||||
| address | object | R | Address | ® | |||||
| line1 | String | R | Address Line 1 | ® | |||||
| line2 | String | O | Address Line 2 | ® | |||||
| city | String | R | City | ® | |||||
| county | String 3-characters | R | County | ® | |||||
| state | String 2-character code | R | State Code | ® | |||||
| zipcode | String | R | Zip Code | ® | |||||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | ® | ||||
| phone | object | O | Phone Number (E.164 Numbering) | ® | |||||
| countryCode | String 1-3 digits | O | 1 | Country Calling Code | ® | ||||
| number | String Min: 4 digits Max: 12-14 digits | R | Phone Number | ® | |||||
| location | object | O | Location of the Origination of Transaction | ||||||
| name | String | R | Location Name | ||||||
| address | object | R | Location Address | ||||||
| line1 | String | R | Address Line 1 | ||||||
| line2 | String | O | Address Line 2 | ||||||
| city | String | R | City | ||||||
| state | String 2-character code | R | State Code | ||||||
| zipcode | String | R | Zip Code | ||||||
| country | String 3-digit code | O | 840 | ISO 3166-1 Country Code | |||||
| timeout | Integer Between 15 and 39 | O | 39 | Time to wait for a response Default is 39 seconds See Notes Below... | |||||
(Encrypted) Card Data
| Field | Required | Description | UnEncrypted Card Data Format |
|---|---|---|---|
| Card Number | R | 13-19 digit Card Number | CardNumber | Expiration Date | Security Code (no spaces, pipe symbol separated) see samples |
| Expiration Date | R | Expiration date in YYYYMM Format | |
| Security Code | O | 3 or 4 digit CVV2 |
View
Hide
Samples Create Transaction:
Unencrypted Card Data:
{
"referenceID": "1",
"type": "push",
"accounts":
{
"sourceAccountID": "TabaPay_AccountID_22-c",
"destinationAccountID": "TabaPay_AccountID_22-c"
},
"amount": "1.00",
"currency": "840"
}
Create Pull Transaction:
{
"referenceID": "1",
"type": "pull",
"accounts":
{
"sourceAccount":
{
"card":
{
"accountNumber": "9999999999999999",
"expirationDate": "202012"
},
"owner":
{
"name":
{
"first": "John",
"last": "Benson"
},
"address":
{
"line1": "465 Fairchild Drive",
"line2": "Suite #222",
"city": "Mountain View",
"state": "CA",
"zipcode": "94043"
},
"phone":
{
"number": "4159808222"
}
}
},
"destinationAccountID": "TabaPay_AccountID_22-c"
},
"currency": "840",
"amount": "0.10"
}
Create Push Transaction:
{
"referenceID": "1",
"type": "push",
"accounts":
{
"sourceAccountID": "TabaPay_AccountID_22-c",
"destinationAccount":
{
"card":
{
"accountNumber": "9999999999999999",
"expirationDate": "202012"
},
"owner":
{
"name":
{
"first": "John",
"last": "Benson"
},
"address":
{
"line1": "465 Fairchild Drive",
"line2": "Suite #222",
"city": "Mountain View",
"state": "CA",
"zipcode": "94043"
},
"phone":
{
"number": "4159808222"
}
}
}
},
"currency": "840",
"amount": "0.10"
}
Unencrypted Card Data:
1111111111111111|203001| where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: None
1111111111111111|203001|333 where Card Number: 1111111111111111 Expiration Date: January 2030 Security Code: 333
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | A Transaction is created and processing is completed. |
| 201 | Created | A Transaction is created, but the transaction is waiting to be processed (batch). |
| 207 | Multi-Status | One or more Failures occurred while processing the Request. |
| 429 | Too Many Requests | Over your Daily (24-hour rolling) Approximation Limit. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | |||||
|---|---|---|---|---|---|---|---|---|
| 200 | 201 | 207 | Other | |||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | ✔ | O | ||
| EM | String | Error Message | O | O | ||||
| transactionID | String 22-characters | TransactionID | ✔ | ✔ | ✔ | |||
| network | String | Network | ✔ | ✔ | ✔ | |||
| networkRC | String 2 or 3-character code | Network Response Code | ✔ | O | ||||
| status | String | Status | ✔ | ✔ | ✔ | |||
| approvalCode | String 6-characters | Approval Code | ✔ | O | ||||
| errors | Array of 8-characters Strings | Array of Internal Error Codes | ✔ | |||||
| AVS | object | AVS Results | C | |||||
| codeAVS | String | AVS Response Code | O | |||||
| codeSecurityCode | String | Security Code Response Code | O | |||||
| fees | object | Estimated Fees | O | O | ||||
| interchange | String Amount | Interchange Fees | ✔ | ✔ | ||||
| network | String Amount | Network Fees | ✔ | ✔ | ||||
| tabapay | String Amount | TabaPay Fees | ✔ | ✔ | ||||
View
Hide
Samples Transaction created:
{
"SC": 200,
"EC": "0",
"transactionID": "TabaPay_TransactionID_",
"network": "Visa",
"networkRC": "00",
"status": "COMPLETED",
"approvalCode": "000000"
}
Transaction created but waiting to be processing (batch):
{
"SC": 201,
"EC": "0",
"transactionID": "TabaPay_TransactionID_",
"network": "CreditCards",
"status": "PENDING"
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
One of the accounts in the Request, Source Account or Destination Account, must be your Settlement Account. If disbursing funds (push) the Source Account should be your Settlement Account. If collecting funds (pull) the Destination Account should be your Settlement Account.
A Timeout does not STOP the Transaction from continuing to be processed. It does mean that the Transaction Status will be temporarily in an UNKNOWN status. The SC (Status Code) in the Response will be 207.
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
One of the accounts in the Request, Source Account or Destination Account, must be your Settlement Account. If disbursing funds (push) the Source Account should be your Settlement Account. If collecting funds (pull) the Destination Account should be your Settlement Account.
On a Pull Transaction, specifying at least the Owner Address Line 1 and/or Owner Zip Code will result in an automatic AVS check which may result in lower fees. However, a bad AVS will not stop the Transaction. You should have previously done a Query Card with AVS to check the Card.
A Timeout does not STOP the Transaction from continuing to be processed. It does mean that the Transaction Status will be temporarily in an UNKNOWN status. The SC (Status Code) in the Response will be 207.
Once the Transaction finished processing, the Actual Status of the Transaction will be reflected. You can do a Retrieve Transaction to check on the actual Transaction Status. However, do not poll, otherwise you will get SC=429.
After 90 seconds, the Transaction Status will NOT change. We have given up waiting for a response. Most likely, the Transaction Status will remain in an UNKNOWN status. Contact TabaPay Support if you need us to investigate what really happened with this Transaction.
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
| card.mode | Description |
|---|---|
| 0 | RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure |
| 1 | Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
| 2 | (non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding |
Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.
Retrieve Transaction
Retrieves the Transaction.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/transactions/<TransactionID>
https://<FQDN>/v1/clients/<ClientIDISO>/transactions?referenceID=<ReferenceID>
https://<FQDN>/v1/clients/<ClientIDISO>/transactions?referenceID=<ReferenceID>
HTTP Method
GET
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The Transaction is retrieved. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| TID | RID | Other | |||||
| 200 | 200 | ||||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | O | ||
| EM | String | Error Message | O | ||||
| transactionID | String 22-characters | TransactionID | ✔ | ||||
| referenceID | String | ReferenceID | ✔ | ||||
| network | String | Network | O | O | |||
| networkRC | String 2 or 3-character code | Network Response Code | O | O | |||
| status | String | Status | ✔ | ✔ | |||
| originally | String | Original Status | O | O | |||
| approvalCode | String 6-characters | Approval Code | O | O | |||
| errors | Array of 8-characters Strings | Array of Internal Error Codes | O | O | |||
| amount | String | Amount | ✔ | ✔ | |||
| currency | String 3-digits | ISO 4217 Currency Number | O | O | |||
| last4 | String | Last 4 of Card Account Number (PAN) | ✔ | ✔ | |||
| memo | String | Memo | O | O | |||
| fees | object | Fees | O | O | |||
| interchange | String Amount | Interchange Fees | ✔ | ✔ | |||
| network | String Amount | Network Fees | ✔ | ✔ | |||
| tabapay | String Amount | TabaPay Fees | ✔ | ✔ | |||
| reversalStatus | String | Reversal Status | O | O | |||
| reversal | object | Reversal | O | O | |||
| networkRC | String 2 or 3-character code | Network Response Code | O | O | |||
| networkRC2 | String 2 or 3-character code | Network Response Code | O | O | |||
| error | String 1 or 8-characters | Internal Error Code | O | O | |||
View
Hide
Samples Transaction retrieved using TransactionID:
Transaction retrieved using ReferenceID:
{
"SC": 200,
"EC": "0",
"referenceID": "1",
"network": "Visa",
"networkRC": "00",
"status": "COMPLETED",
"approvalCode": "000000",
"amount": "0.10",
"fees":
{
"interchange": "0.50",
"network": "0.50",
"tabapay": "0.25"
}
}
Transaction retrieved using ReferenceID:
{
"SC": 200,
"EC": "0",
"transactionID": "TransactionID_22chars_",
"network": "Visa",
"networkRC": "00",
"status": "COMPLETED",
"approvalCode": "000000",
"amount": "0.10",
"fees":
{
"interchange": "0.50",
"network": "0.50",
"tabapay": "0.25"
}
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.
Delete Transaction
Try to request a reverse of a previous Pull Transaction.If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.
URL
https://<FQDN>/v1/clients/<ClientIDISO>/transactions/<TransactionID>?reversal
https://<FQDN>/v1/clients/<ClientIDISO>/transactions/<TransactionID>?void
https://<FQDN>/v1/clients/<ClientIDISO>/transactions/<TransactionID>?void
HTTP Method
DELETE
Request
No Request Data
Response
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | A Request for a Reversal of the previous Transaction is successful. |
| 207 | Multi-Status | One or more Failures occurred while processing the Request. |
See Status Codes for other possible Status Codes that might be returned.
Response Data
| JSON Name | Value | Description | Status Code | ||||
|---|---|---|---|---|---|---|---|
| 200 | 207 | Other | |||||
| SC | Integer 3-digits | HTTP Status Code | ✔ | ✔ | O | ||
| EC | String 1 or 8-characters | Internal Error Code | ✔ | ✔ | O | ||
| EM | String | Error Message | O | O | |||
| status | String | Status | ✔ | ✔ | |||
| reversal | object | Reversal | ✔ | O | |||
| networkRC | String 2 or 3-character code | Void Network Response Code | ✔ | O | |||
| networkRC2 | String 2 or 3-character code | Refund after failed Void Network Response Code | ✔ | O | |||
View
Hide
Samples Transaction reversed:
{
"SC": 200,
"EC": "0",
"status": "COMPLETED",
"reversal":
{
"networkRC": "00"
}
}
Dual Message Network:
{
"SC": 200,
"EC": "0",
"status": "COMPLETED",
"reversal":
{
"networkRC": "21",
"networkRC2": "00"
}
}
Notes
For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:
You can only Delete (reverse) a Pull Transaction. A Delete is just only a request for a reversal. Dual Message Networks may cause a networkRC2 if the networkRC is either a Network Response Code of 21 or E9.
- ClientID is your unique 22-character string and
- SubClientID is an assigned 4 or 6-digit value.
You can only Delete (reverse) a Pull Transaction. A Delete is just only a request for a reversal. Dual Message Networks may cause a networkRC2 if the networkRC is either a Network Response Code of 21 or E9.
Networks
| Network Name | Network Code | |
|---|---|---|
| STAR | S |  |
| Pulse | P |  |
| NYCE | N |  |
| CU24 | C |  |
| Accel | A |  |
| Visa | V |  |
| MasterCard | M |  |
| MoneySend | Y | |
| Discover | D |  |
Card Types
| Card Type | Card Type Code |
|---|---|
| Debit | D |
| PrePaid | P |
| Credit | C |
Network Response Codes
- ISO (International Organization for Standardization) Network Response Codes
- Accel Network Response Codes
A Financial Institution may decide to return a Network Response Code that may not match the ISO Code meaning.
| ISO CODE | Description |
|---|---|
| 00 | Approved or completed successfully |
| 01 | Refer to card issuer |
| 02 | Refer to card issuers special conditions |
| 03 | Invalid merchant |
| 04 | Pick-up |
| 05 | Do not honor |
| 06 | Error |
| 07 | Pick-up card, special conditions |
| 08 | Honor with identification |
| 09 | Request in progress |
| 10 | Approved for partial amount |
| 11 | Approved (VIP) |
| 12 | Invalid transaction |
| 13 | Invalid amount |
| 14 | Invalid card number (no such number) |
| 15 | No such issuer |
| 16 | Approved, update track 3 |
| 17 | Customer cancellation, reversal (unsupported) |
| 18 | Customer dispute, chargeback (future) |
| 19 | Re-enter transaction |
| 20 | Invalid response |
| 21 | No action taken, reversal (unsupported) |
| 22 | Suspected malfunction, reversal (unsupported) |
| 23 | Unacceptable transaction fee |
| 24 | File update not supported by receiver |
| 25 | Unable to locate record on file |
| 26 | Duplicate file update record, no action |
| 27 | File update field edit error |
| 28 | File update record locked out |
| 29 | File update not successful, contact acquirer |
| 30 | Format error (may also be a reversal) |
| 31 | Bank not supported by switch |
| 32 | Completed partially, reversal (unsupported) |
| 33 | Expired card, pick-up |
| 34 | Suspected fraud, pick-up |
| 35 | Card acceptor contact acquirer, pick-up |
| 36 | Restricted card, pick-up |
| 37 | Card acceptor call acquirer security, pick-up |
| 38 | Allowable PIN tries exceeded, pick-up |
| 39 | No credit account |
| 40 | Requested function not supported |
| 41 | Lost card, pick-up |
| 42 | No universal account |
| 43 | Stolen card, pick-up |
| 44 | No investment account |
| 45 | Reserved for ISO use |
| 46 | Reserved for ISO use |
| 47 | Reserved for ISO use |
| 48 | Reserved for ISO use |
| 49 | Reserved for ISO use |
| 50 | Reserved for ISO use |
| 51 | Insufficient funds |
| 52 | No checking account |
| 53 | No savings account |
| 54 | Expired card |
| 55 | Incorrect PIN |
| 56 | No card record |
| 57 | Transaction not permitted to cardholder |
| 58 | Transaction not permitted to terminal (may also be a chargeback) |
| 59 | Suspected fraud |
| 60 | Card acceptor contact acquirer |
| 61 | Exceeds withdrawal amount limit |
| 62 | Restricted card |
| 63 | Security violation (may also be a chargeback) |
| 64 | Original amount incorrect, reversal (unsupported) |
| 65 | Exceeds withdrawal frequency limit |
| 66 | Card acceptor call acquirer security |
| 67 | Hard capture, pick-up |
| 68 | Response received too late, reversal (unsupported) |
| 69 | Reserved for ISO |
| 70 | Reserved for ISO |
| 71 | Reserved for ISO |
| 72 | Reserved for ISO |
| 73 | Reserved for ISO |
| 74 | Reserved for ISO |
| 75 | Allowable number of PIN tries exceeded |
| 76 | Key synchronization error (FIS) |
| 77 | Reserved for private use |
| 78 | Customer not eligible for POS (Star SM ) |
| 79 | Invalid digital signature |
| 80 | Stale dated transaction (Star SM ) |
| 81 | Issuer requested standin |
| 82 | Count exceeds limit (VISANet) |
| 83 | Reserved for private use |
| 84 | Time limit for pre-authorization reached (VISANet) |
| 85* | Issuer has no reason to decline the transaction (Account Verification) |
| 86 | Cannot verify PIN (VISANet) |
| 87 | Check already posted |
| 88 | Information not on file |
| 89 | Card verification value (CVV) verification failed (no pickup) |
| 90 | Cutoff is in progress |
| 91 | Issuer or switch is inoperative |
| 92 | Financial institution or intermediate network unknown for routing |
| 93 | Transaction cannot be completed, violation of law |
| 94 | Duplication transaction |
| 95 | Reconcile error |
| 96 | System malfunction |
| 97 | Reserved for national use |
| 98 | Reserved for national use |
| 99* | Card network fault error |
| 0Z-9Z | Reserved for ISO use |
| C2-E0 | Reserved for national use (X9.2) |
| E1* | Invalid or unsupported SEC |
| E2* | AVS data required |
| E3* | CVV2 data required |
| E4* | Service not allowed. Transaction not permitted to cardholder. |
| E5* | Service not allowed. Transaction not permitted to cardholder. |
| E6* | Issuer country is blocked |
| E7* | Incorrect MAC was sent |
| E8* | Standard Entry Class requirements were not met |
| E9* | System time out |
| EA* | Account length error |
| EB* | Check digit error |
| EC* | CID format error |
| ED* | Authorization is too old to capture |
| EE* | Card product code is blocked Card product code is blocked |
| EF* | Attempt to process a BRIC transaction on a prior PIN based transaction |
| EG* | CyberSource Time Out Connection to CyberSource timed out |
| EH* | CARD_ENT_METH supplied is not valid or required additional data not provided as defined |
| EI* | CARD_ID is not valid |
| EJ* | Required PIN block not present |
| EK* | Bin is not valid for pinless routing |
| EL* | Signature store did not complete |
| EM* | Debit PIN transactions must be swiped |
| EN* | DB proxy response was not processed within the time out period |
| EO* | Transaction was declined by merchant due to mismatch of CVV2 data |
| EP* | Transaction not allowed as per a validation rule |
| EQ* | There were no available gateway nodes to route transaction |
| EZ-MZ | Reserved for national use (X9.2) |
| N0 | Authorization life cycle unacceptable |
| N1 | Authorization life cycle expired |
| N2 | Non-receipt of requested item (future) |
| N3 | Non-receipt of requested item, illegible copy (future) |
| N4 | Transaction exceeds floor limit (future) |
| N5 | Declined authorization (future) |
| N6 | Non-matching account numbers (future) |
| N7 | Error in addition (future) |
| N8 | Altered amount (future) |
| N9 | Incorrect account number (future) |
| P0 | Missing signature (future) |
| P1 | Slip without card imprint (future) |
| P2 | Imprinting of multiple slips (future) |
| P3 | Canceled pre-authorization transaction (future) |
| P4 | Delinquent settlement (future) |
| P5 | Currency conversion error (future) |
| P6 | Credit posted as a debit (sale) (future) |
| P7 | Claim or defense (future) |
| P8 | Non-receipt of goods (future) |
| P9 | Defective merchandise (future) |
| Q1* | Card authentication failed |
| R0 | Fraudulent transaction prior to embossed valid date (future) |
| R1 | Credit not received (future) |
| R2 | Allowable PAN entries warning -- approved |
| R3 | Approved with overdraft protection |
| R4 | Bad CVV3 |
| RR* | Unknown Backend Processing Error |
| S0 | Check not acceptable for cash |
| S1 | Check not acceptable |
| S2 | Check deposit limit exceeded |
| S3 | Cash back limit exceeded |
| S4 | Check amount does not match courtesy amount |
| S5 | PIN not selected |
| S6 | PIN already selected |
| S7 | Unmatched voucher information |
| S8 | Allowable PAN entries exceeded -- denial |
| S9 | Expiration date mismatch |
| SA | Inactive card |
| SB | Expiration date mismatch (card pickup) |
| SC | Item suspected for stop pay |
| SD | Account closed |
| SE | Ineligible account |
| SF | Item submitted more than two times |
| SG | No account on file - absolute |
| SH | Unable to locate |
| SI | General denial |
| SJ | Item settled via ACH |
| SK | Cross-reference card not found |
| SL | Category limit exceeded |
| SM | Transaction limit exceeded |
| SN | Daily limit exceeded |
| SO | Monthly limit exceeded |
| SP | Invalid secret code |
| SQ | PIN key sync error |
| SR | Bad CVV2 |
| SS | Stop payment order |
| ST | Revocation of authorization order |
| SV | Stop reoccurring payments |
| T3 | Lost card (no pickup) |
| T4 | Closed account |
| T5 | Dormant account |
| T6 | Special conditions (no pick-up) |
| T7 | Purchase only approval for purchase with cash back transaction. |
| T9 | Insufficient funds for fees |
| TA | ARQC validation failed for chip card |
| TB | Unsafe PIN |
| U0-YZ | Reserved for private use |
| ZD* | MasterCard MoneySend Error due to Expiration Date |
| ZN* | MasterCard MoneySend Decline due to Card was Declined |
| ZR* | MasterCard MoneySend Decline due to Unsupported Card |
| ZU* | MasterCard MoneySend Error due to an Unknown Reason |
| ZX* | MasterCard MoneySend Decline due to an Unknown Reason |
| ZY* | MasterCard MoneySend Request in Unknown Status |
| ZZ* | Used by TabaPay for Testing |
Notes:
* Not all Networks may return this Network Response Code.
| Accel Action Code | Description |
|---|---|
| 000 | Approved |
| 001 | Approved with identification |
| 002 | Approved for partial amount |
| 003 | Approved (VIP) |
| 100, 200 | Do not honor |
| 101, 201 | Expired card |
| 102, 202 | Suspected fraud |
| 103, 203 | Card acceptor contact acquirer |
| 104, 204 | Restricted card |
| 105, 205 | Card acceptor call acquirer’s security department |
| 106, 206 | Allowable PIN tries exceeded |
| 107 | Refer to card issuer |
| 108 | Refer to card issuer’s special condition |
| 109 | Invalid merchant |
| 110 | Invalid amount |
| 111 | Invalid card number |
| 112 | PIN data required |
| 113 | Unacceptable fee |
| 114, 214 | No account of type requested |
| 115 | Requested function not supported (invalid transaction) |
| 116, 216 | Insufficient funds |
| 117, 217 | Incorrect PIN |
| 118 | No card record |
| 119 | Transaction not permitted to cardholder |
| 120 | Transaction not permitted to terminal |
| 121 | Exceeds withdrawal amount limit |
| 122 | Security violation |
| 123 | Exceeds withdrawal limit frequency |
| 124 | Violation of law |
| 126 | Invalid PIN block |
| 127 | PIN length error |
| 128 | PIN key synchronization error (sanity error) |
| 129 | Suspected counterfeit card |
| 130 | Transaction failed OFAC check |
| 131 | Check not acceptable |
| 180 | Limit exceeded due to cashback amount |
| 181 | Enter lesser amount |
| 182 | Institution not supported by switch |
| 183 | Balances not available for inquiry |
| 184 | Resubmission in violation of network rules |
| 185 | Stop payment on check (shared branch only) |
| 207 | Special conditions |
| 208 | Lost card |
| 209 | Stolen card |
| 210 | Suspected counterfeit card |
| 907 | Card issuer or switch inoperative |
| 908 | Transaction destination cannot be found for routing |
| 909 | System malfunction |
| 999 | Used by TabaPay for Testing |
AVS Response Codes
| Response Code for AVS | Description |
|---|---|
| Y | Zip Code and Address were matched |
| Z | Zip Code was matched |
| N | Zip Code and Address were not matched |
| A | Zip Code was not matched but Address was matched |
| U | AVS Information not available |
| R | AVS unavailable, can retry later |
Security Code Response Codes
| Response Code for Securtiy Code | Description |
|---|---|
| M | Security Code was matched |
| N | Security Code was not matched |
Internal Error Codes
| EC | Description |
|---|---|
| 0 | OK |
| 3A100000 | Retrieve Client |
| 3C300000 | Query Card |
| 3C400000 | Create Account |
| 3A400000 | Retrieve Account |
| 3B400000 | Update Account |
| 3D400000 | Delete Account |
| 3C500000 | Create Transaction |
| 3A500000 | Retrieve Transaction |
| 3B500000 | Update Transaction |
| 3D500000 | Delete Transaction |
Status Codes
| Status Code | Description | |
|---|---|---|
| 200 | OK | The API Request was successfully processed. |
| 201 | Created | Transaction Created, but Transaction Processing is Pending (batch). |
| 207 | Multi-Status | One or more upstream processing failed. |
| 400 | Bad Request | The ResourceID is invalid or The Request Data is invalid. |
| 401 | UnAuthorized | The Authorization Token is invalid or The IP Address is invalid (not whitelisted). |
| 403 | Forbidden | Invalid permissions to access the Resource, please contact TabaPay support. |
| 404 | Not Found | The ResourceID does not point to a valid Resource. |
| 405 | Method Not Allowed | Request Method Not Allowed for the Requested Resource. |
| 406 | Not Acceptable | Our Web Application Firewall (WAF) found something invalid in your request. |
| 409 | Conflict | ReferenceID already used or Conflicting Request Parameters. |
| 410 | Gone | The Resource pointed to by the ResourceID has been marked for deletion. |
| 415 | Unsupported Media Type | Content-type must be application/json. |
| 422 | Unprocessable Entity | The Resource pointed to by the ResourceID is in an invalid state or The Transaction Amount exceeded one or more Limits. |
| 423 | Locked | The Resource pointed to by the ResourceID is locked. |
| 429 | Too Many Requests | Retrieve: Too many requests, please do not poll. Create Transaction: Over your Daily (24-hour rolling) Approximation Limit. |
| 431 | Request Header Fields Too Large | Too many HTTP Header Lines and/or HTTP Header Lines too big. |
| 500 | Server Error | There was a problem processing the Request. |
| 502 | Bad Gateway | Problem connecting to an Application Server. |
| 503 | Service Unavailable | Your request cannot be processed, should be only a Temporary Condition. |
| 504 | Gateway Timeout | Connection to an Application Server timed out. |
A 400 Series Error is usually something that you can fix by changing something in your request. A 500 Series Error is usually something that you need to contact us (support@TabaPay.com) to look at. If we determine that a 500 Series Error can be fixed by you, we will try to change this error situation to a 400 Series Error in a future code release.
Currency Numbers
We are using ISO 4217 Currency Numbers.| Currency Number | Currency Code | Currency Name |
|---|---|---|
| 784 | AED | United Arab Emirates dirham |
| 971 | AFN | Afghan afghani |
| 008 | ALL | Albanian lek |
| 051 | AMD | Armenian dram |
| 532 | ANG | Netherlands Antillean guilder |
| 973 | AOA | Angolan kwanza |
| 032 | ARS | Argentine peso |
| 036 | AUD | Australian dollar |
| 533 | AWG | Aruban florin |
| 944 | AZN | Azerbaijani manat |
| 977 | BAM | Bosnia and Herzegovina convertible mark |
| 052 | BBD | Barbados dollar |
| 050 | BDT | Bangladeshi taka |
| 975 | BGN | Bulgarian lev |
| 048 | BHD | Bahraini dinar |
| 108 | BIF | Burundian franc |
| 060 | BMD | Bermudian dollar |
| 096 | BND | Brunei dollar |
| 068 | BOB | Boliviano |
| 984 | BOV | Bolivian Mvdol (funds code) |
| 986 | BRL | Brazilian real |
| 044 | BSD | Bahamian dollar |
| 064 | BTN | Bhutanese ngultrum |
| 072 | BWP | Botswana pula |
| 933 | BYN | Belarusian ruble |
| 084 | BZD | Belize dollar |
| 124 | CAD | Canadian dollar |
| 976 | CDF | Congolese franc |
| 947 | CHE | WIR Euro (complementary currency) |
| 756 | CHF | Swiss franc |
| 948 | CHW | WIR Franc (complementary currency) |
| 990 | CLF | Unidad de Fomento (funds code) |
| 152 | CLP | Chilean peso |
| 156 | CNY | Chinese yuan |
| 170 | COP | Colombian peso |
| 970 | COU | Unidad de Valor Real (UVR) (funds code)[7] |
| 188 | CRC | Costa Rican colon |
| 931 | CUC | Cuban convertible peso |
| 192 | CUP | Cuban peso |
| 132 | CVE | Cape Verde escudo |
| 203 | CZK | Czech koruna |
| 262 | DJF | Djiboutian franc |
| 208 | DKK | Danish krone |
| 214 | DOP | Dominican peso |
| 012 | DZD | Algerian dinar |
| 818 | EGP | Egyptian pound |
| 232 | ERN | Eritrean nakfa |
| 230 | ETB | Ethiopian birr |
| 978 | EUR | Euro |
| 242 | FJD | Fiji dollar |
| 238 | FKP | Falkland Islands pound |
| 826 | GBP | Pound sterling |
| 981 | GEL | Georgian lari |
| 936 | GHS | Ghanaian cedi |
| 292 | GIP | Gibraltar pound |
| 270 | GMD | Gambian dalasi |
| 324 | GNF | Guinean franc |
| 320 | GTQ | Guatemalan quetzal |
| 328 | GYD | Guyanese dollar |
| 344 | HKD | Hong Kong dollar |
| 340 | HNL | Honduran lempira |
| 191 | HRK | Croatian kuna |
| 332 | HTG | Haitian gourde |
| 348 | HUF | Hungarian forint |
| 360 | IDR | Indonesian rupiah |
| 376 | ILS | Israeli new shekel |
| 356 | INR | Indian rupee |
| 368 | IQD | Iraqi dinar |
| 364 | IRR | Iranian rial |
| 352 | ISK | Icelandic króna |
| 388 | JMD | Jamaican dollar |
| 400 | JOD | Jordanian dinar |
| 392 | JPY | Japanese yen |
| 404 | KES | Kenyan shilling |
| 417 | KGS | Kyrgyzstani som |
| 116 | KHR | Cambodian riel |
| 174 | KMF | Comoro franc |
| 408 | KPW | North Korean won |
| 410 | KRW | South Korean won |
| 414 | KWD | Kuwaiti dinar |
| 136 | KYD | Cayman Islands dollar |
| 398 | KZT | Kazakhstani tenge |
| 418 | LAK | Lao kip |
| 422 | LBP | Lebanese pound |
| 144 | LKR | Sri Lankan rupee |
| 430 | LRD | Liberian dollar |
| 426 | LSL | Lesotho loti |
| 434 | LYD | Libyan dinar |
| 504 | MAD | Moroccan dirham |
| 498 | MDL | Moldovan leu |
| 969 | MGA | Malagasy ariary |
| 807 | MKD | Macedonian denar |
| 104 | MMK | Myanmar kyat |
| 496 | MNT | Mongolian tögrög |
| 446 | MOP | Macanese pataca |
| 478 | MRO | Mauritanian ouguiya |
| 480 | MUR | Mauritian rupee |
| 462 | MVR | Maldivian rufiyaa |
| 454 | MWK | Malawian kwacha |
| 484 | MXN | Mexican peso |
| 979 | MXV | Mexican Unidad de Inversion (UDI) (funds code) |
| 458 | MYR | Malaysian ringgit |
| 943 | MZN | Mozambican metical |
| 516 | NAD | Namibian dollar |
| 566 | NGN | Nigerian naira |
| 558 | NIO | Nicaraguan córdoba |
| 578 | NOK | Norwegian krone |
| 524 | NPR | Nepalese rupee |
| 554 | NZD | New Zealand dollar |
| 512 | OMR | Omani rial |
| 590 | PAB | Panamanian balboa |
| 604 | PEN | Peruvian Sol |
| 598 | PGK | Papua New Guinean kina |
| 608 | PHP | Philippine peso |
| 586 | PKR | Pakistani rupee |
| 985 | PLN | Polish złoty |
| 600 | PYG | Paraguayan guaraní |
| 634 | QAR | Qatari riyal |
| 946 | RON | Romanian leu |
| 941 | RSD | Serbian dinar |
| 643 | RUB | Russian ruble |
| 646 | RWF | Rwandan franc |
| 682 | SAR | Saudi riyal |
| 090 | SBD | Solomon Islands dollar |
| 690 | SCR | Seychelles rupee |
| 938 | SDG | Sudanese pound |
| 752 | SEK | Swedish krona/kronor |
| 702 | SGD | Singapore dollar |
| 654 | SHP | Saint Helena pound |
| 694 | SLL | Sierra Leonean leone |
| 706 | SOS | Somali shilling |
| 968 | SRD | Surinamese dollar |
| 728 | SSP | South Sudanese pound |
| 678 | STD | São Tomé and Príncipe dobra |
| 222 | SVC | Salvadoran colón |
| 760 | SYP | Syrian pound |
| 748 | SZL | Swazi lilangeni |
| 764 | THB | Thai baht |
| 972 | TJS | Tajikistani somoni |
| 934 | TMT | Turkmenistani manat |
| 788 | TND | Tunisian dinar |
| 776 | TOP | Tongan paʻanga |
| 949 | TRY | Turkish lira |
| 780 | TTD | Trinidad and Tobago dollar |
| 901 | TWD | New Taiwan dollar |
| 834 | TZS | Tanzanian shilling |
| 980 | UAH | Ukrainian hryvnia |
| 800 | UGX | Ugandan shilling |
| 840 | USD | United States dollar |
| 997 | USN | United States dollar (next day) (funds code) |
| 940 | UYI | Uruguay Peso en Unidades Indexadas (URUIURUI) (funds code) |
| 858 | UYU | Uruguayan peso |
| 860 | UZS | Uzbekistan som |
| 937 | VEF | Venezuelan bolívar |
| 704 | VND | Vietnamese đồng |
| 548 | VUV | Vanuatu vatu |
| 882 | WST | Samoan tala |
| 950 | XAF | CFA franc BEAC |
| 961 | XAG | Silver (one troy ounce) |
| 959 | XAU | Gold (one troy ounce) |
| 955 | XBA | European Composite Unit (EURCO) (bond market unit) |
| 956 | XBB | European Monetary Unit (E.M.U.-6) (bond market unit) |
| 957 | XBC | European Unit of Account 9 (E.U.A.-9) (bond market unit) |
| 958 | XBD | European Unit of Account 17 (E.U.A.-17) (bond market unit) |
| 951 | XCD | East Caribbean dollar |
| 960 | XDR | Special drawing rights |
| 952 | XOF | CFA franc BCEAO |
| 964 | XPD | Palladium (one troy ounce) |
| 953 | XPF | CFP franc (franc Pacifique) |
| 962 | XPT | Platinum (one troy ounce) |
| 994 | XSU | SUCRE |
| 963 | XTS | Code reserved for testing purposes |
| 965 | XUA | ADB Unit of Account |
| 999 | XXX | No currency |
| 886 | YER | Yemeni rial |
| 710 | ZAR | South African rand |
| 967 | ZMW | Zambian kwacha |
| 932 | ZWL | Zimbabwean dollar A/10 |
Country Codes
We are using ISO 3166-1 numeric (or numeric-3) codes.| Country Code | Country Name |
|---|---|
| 004 | Afghanistan |
| 248 | Åland Islands |
| 008 | Albania |
| 012 | Algeria |
| 016 | American Samoa |
| 020 | Andorra |
| 024 | Angola |
| 660 | Anguilla |
| 010 | Antarctica |
| 028 | Antigua and Barbuda |
| 032 | Argentina |
| 051 | Armenia |
| 533 | Aruba |
| 036 | Australia |
| 040 | Austria |
| 031 | Azerbaijan |
| 044 | Bahamas |
| 048 | Bahrain |
| 050 | Bangladesh |
| 052 | Barbados |
| 112 | Belarus |
| 056 | Belgium |
| 084 | Belize |
| 204 | Benin |
| 060 | Bermuda |
| 064 | Bhutan |
| 068 | Bolivia, Plurinational State of |
| 535 | Bonaire, Sint Eustatius and Saba |
| 070 | Bosnia and Herzegovina |
| 072 | Botswana |
| 074 | Bouvet Island |
| 076 | Brazil |
| 086 | British Indian Ocean Territory |
| 096 | Brunei Darussalam |
| 100 | Bulgaria |
| 854 | Burkina Faso |
| 108 | Burundi |
| 132 | Cabo Verde |
| 116 | Cambodia |
| 120 | Cameroon |
| 124 | Canada |
| 136 | Cayman Islands |
| 140 | Central African Republic |
| 148 | Chad |
| 152 | Chile |
| 156 | China |
| 162 | Christmas Island |
| 166 | Cocos (Keeling) Islands |
| 170 | Colombia |
| 174 | Comoros |
| 178 | Congo |
| 180 | Congo, the Democratic Republic of the |
| 184 | Cook Islands |
| 188 | Costa Rica |
| 384 | Côte d'Ivoire |
| 191 | Croatia |
| 192 | Cuba |
| 531 | Curaçao |
| 196 | Cyprus |
| 203 | Czechia |
| 208 | Denmark |
| 262 | Djibouti |
| 212 | Dominica |
| 214 | Dominican Republic |
| 218 | Ecuador |
| 818 | Egypt |
| 222 | El Salvador |
| 226 | Equatorial Guinea |
| 232 | Eritrea |
| 233 | Estonia |
| 231 | Ethiopia |
| 238 | Falkland Islands (Malvinas) |
| 234 | Faroe Islands |
| 242 | Fiji |
| 246 | Finland |
| 250 | France |
| 254 | French Guiana |
| 258 | French Polynesia |
| 260 | French Southern Territories |
| 266 | Gabon |
| 270 | Gambia |
| 268 | Georgia |
| 276 | Germany |
| 288 | Ghana |
| 292 | Gibraltar |
| 300 | Greece |
| 304 | Greenland |
| 308 | Grenada |
| 312 | Guadeloupe |
| 316 | Guam |
| 320 | Guatemala |
| 831 | Guernsey |
| 324 | Guinea |
| 624 | Guinea-Bissau |
| 328 | Guyana |
| 332 | Haiti |
| 334 | Heard Island and McDonald Islands |
| 336 | Holy See |
| 340 | Honduras |
| 344 | Hong Kong |
| 348 | Hungary |
| 352 | Iceland |
| 356 | India |
| 360 | Indonesia |
| 364 | Iran, Islamic Republic of |
| 368 | Iraq |
| 372 | Ireland |
| 833 | Isle of Man |
| 376 | Israel |
| 380 | Italy |
| 388 | Jamaica |
| 392 | Japan |
| 832 | Jersey |
| 400 | Jordan |
| 398 | Kazakhstan |
| 404 | Kenya |
| 296 | Kiribati |
| 408 | Korea, Democratic People's Republic of |
| 410 | Korea, Republic of |
| 414 | Kuwait |
| 417 | Kyrgyzstan |
| 418 | Lao People's Democratic Republic |
| 428 | Latvia |
| 422 | Lebanon |
| 426 | Lesotho |
| 430 | Liberia |
| 434 | Libya |
| 438 | Liechtenstein |
| 440 | Lithuania |
| 442 | Luxembourg |
| 446 | Macao |
| 807 | Macedonia, the former Yugoslav Republic of |
| 450 | Madagascar |
| 454 | Malawi |
| 458 | Malaysia |
| 462 | Maldives |
| 466 | Mali |
| 470 | Malta |
| 584 | Marshall Islands |
| 474 | Martinique |
| 478 | Mauritania |
| 480 | Mauritius |
| 175 | Mayotte |
| 484 | Mexico |
| 583 | Micronesia, Federated States of |
| 498 | Moldova, Republic of |
| 492 | Monaco |
| 496 | Mongolia |
| 499 | Montenegro |
| 500 | Montserrat |
| 504 | Morocco |
| 508 | Mozambique |
| 104 | Myanmar |
| 516 | Namibia |
| 520 | Nauru |
| 524 | Nepal |
| 528 | Netherlands |
| 540 | New Caledonia |
| 554 | New Zealand |
| 558 | Nicaragua |
| 562 | Niger |
| 566 | Nigeria |
| 570 | Niue |
| 574 | Norfolk Island |
| 580 | Northern Mariana Islands |
| 578 | Norway |
| 512 | Oman |
| 586 | Pakistan |
| 585 | Palau |
| 275 | Palestine, State of |
| 591 | Panama |
| 598 | Papua New Guinea |
| 600 | Paraguay |
| 604 | Peru |
| 608 | Philippines |
| 612 | Pitcairn |
| 616 | Poland |
| 620 | Portugal |
| 630 | Puerto Rico |
| 634 | Qatar |
| 638 | Réunion |
| 642 | Romania |
| 643 | Russian Federation |
| 646 | Rwanda |
| 652 | Saint Barthélemy |
| 654 | Saint Helena, Ascension and Tristan da Cunha |
| 659 | Saint Kitts and Nevis |
| 662 | Saint Lucia |
| 663 | Saint Martin (French part) |
| 666 | Saint Pierre and Miquelon |
| 670 | Saint Vincent and the Grenadines |
| 882 | Samoa |
| 674 | San Marino |
| 678 | Sao Tome and Principe |
| 682 | Saudi Arabia |
| 686 | Senegal |
| 688 | Serbia |
| 690 | Seychelles |
| 694 | Sierra Leone |
| 702 | Singapore |
| 534 | Sint Maarten (Dutch part) |
| 703 | Slovakia |
| 705 | Slovenia |
| 090 | Solomon Islands |
| 706 | Somalia |
| 710 | South Africa |
| 239 | South Georgia and the South Sandwich Islands |
| 728 | South Sudan |
| 724 | Spain |
| 144 | Sri Lanka |
| 729 | Sudan |
| 740 | Suriname |
| 744 | Svalbard and Jan Mayen |
| 748 | Swaziland |
| 752 | Sweden |
| 756 | Switzerland |
| 760 | Syrian Arab Republic |
| 158 | Taiwan, Province of China |
| 762 | Tajikistan |
| 834 | Tanzania, United Republic of |
| 764 | Thailand |
| 626 | Timor-Leste |
| 768 | Togo |
| 772 | Tokelau |
| 776 | Tonga |
| 780 | Trinidad and Tobago |
| 788 | Tunisia |
| 792 | Turkey |
| 795 | Turkmenistan |
| 796 | Turks and Caicos Islands |
| 798 | Tuvalu |
| 800 | Uganda |
| 804 | Ukraine |
| 784 | United Arab Emirates |
| 826 | United Kingdom |
| 581 | United States Minor Outlying Islands |
| 840 | United States of America |
| 858 | Uruguay |
| 860 | Uzbekistan |
| 548 | Vanuatu |
| 862 | Venezuela, Bolivarian Republic of |
| 704 | Viet Nam |
| 092 | Virgin Islands, British |
| 850 | Virgin Islands, U.S. |
| 876 | Wallis and Futuna |
| 732 | Western Sahara |
| 887 | Yemen |
| 894 | Zambia |
| 716 | Zimbabwe |
State Codes
We are using the United States Postal Service 2-letter codes.| State Code | State Name | State Numeric Code |
|---|---|---|
| AL | Alabama | 01 |
| AK | Alaska | 02 |
| AZ | Arizona | 04 |
| AR | Arkansas | 05 |
| CA | California | 06 |
| CO | Colorado | 08 |
| CT | Connecticut | 09 |
| DE | Delaware | 10 |
| DC | District of Columbia | 11 |
| FL | Florida | 12 |
| GA | Georgia | 13 |
| HI | Hawaii | 15 |
| ID | Idaho | 16 |
| IL | Illinois | 17 |
| IN | Indiana | 18 |
| IA | Iowa | 19 |
| KS | Kansas | 20 |
| KY | Kentucky | 21 |
| LA | Louisiana | 22 |
| ME | Maine | 23 |
| MD | Maryland | 24 |
| MA | Massachusetts | 25 |
| MI | Michigan | 26 |
| MN | Minnesota | 27 |
| MS | Mississippi | 28 |
| MO | Missouri | 29 |
| MT | Montana | 30 |
| NE | Nebraska | 31 |
| NV | Nevada | 32 |
| NH | New Hampshire | 33 |
| NJ | New Jersey | 34 |
| NM | New Mexico | 35 |
| NY | New York | 36 |
| NC | North Carolina | 37 |
| ND | North Dakota | 38 |
| OH | Ohio | 39 |
| OK | Oklahoma | 40 |
| OR | Oregon | 41 |
| PA | Pennsylvania | 42 |
| RI | Rhode Island | 44 |
| SC | South Carolina | 45 |
| SD | South Dakota | 46 |
| TN | Tennessee | 47 |
| TX | Texas | 48 |
| UT | Utah | 49 |
| VT | Vermont | 50 |
| VA | Virginia | 51 |
| WA | Washington | 53 |
| WV | West Virginia | 54 |
| WI | Wisconsin | 55 |
| WY | Wyoming | 56 |
| AS | American Samoa | 00 |
| GU | Guam | 00 |
| MP | Northern Mariana Islands | 00 |
| PR | Puerto Rico | 00 |
| UM | United States Minor Outlying Islands | 00 |
| VI | Virgin Islands | 00 |
Resource Statuses
| Resource's Status | Any Resource | Transaction | Description |
|---|---|---|---|
| OK | ✔ | ✔ | Resource is in normal status. |
| LOCKED | ✔ | ✔ | Resource is locked. |
| DELETED | ✔ | ✔ | Resource is marked for deletion. |
| PENDING | ✔ | Transaction processing started or waiting to be processed (batch). | |
| FAILED | ✔ | Transaction processing failed. | |
| UNKNOWN | ✔ | Transaction processing result is unknown. | |
| ERROR | ✔ | Transaction processing error. | |
| COMPLETED | ✔ | Transaction completed processing successfully. | |
| REVERSED | ✔ | A Request to Reverse a previous PULL Transaction was requested. | |
| REVERSAL | ✔ | A Request to Reverse a previous PULL Transaction was tried, however the status is unknown. |
Transactions
The following tables shows the various statuses a Transaction Resource undergoes:Transaction Successful
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started or waiting to be processed (batch). |
| COMPLETED | Transaction processed successfully. |
Transaction Error
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started. |
| ERROR | Transaction processing error, see Network Response Code. |
Transaction Processing returned a non-successful Network Response Code from a Card Network.
Transaction Failed
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started. |
| FAILED | Transaction processing failed. |
Transaction Processing failed. The Transaction was unsuccessful.
Transaction Result is Unknown
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started. |
| UNKNOWN | Transaction processing result is unknown. |
The Transaction could have been successful or not. Manual intervention is required to determine the status of the Transaction. Please contact support@TabaPay.com.
Transaction Timed Out so Result was originally Unknown but actually Successful
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started. |
| UNKNOWN | Transaction processing result is unknown. |
| COMPLETED | Transaction processed successfully. |
The Transaction timed out so the Transaction Status was originally set to UNKNOWN. Your request returned a Status Code of 207. The Transaction Processing continue to be processed. The final and actual Transaction is COMPLETED.
Transaction Timed Out so Result was originally Unknown but actually Failed
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started. |
| UNKNOWN | Transaction processing result is unknown. |
| FAILED | Transaction processing failed. |
The Transaction timed out so the Transaction Status was originally set to UNKNOWN. Your request returned a Status Code of 207. The Transaction Processing continue to be processed. Something did go wrong and so the final and actual Transaction is FAILED.
Transaction Successful but a Request to Reverse the Transaction was requested
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started or waiting to be processed (batch). |
| COMPLETED | Transaction processed successfully. |
| REVERSED | Transaction Reversal was requested. |
Transaction Successful but a Request to Reverse the Transaction was tried
| Status | Description |
|---|---|
| OK | Transaction created. |
| PENDING | Transaction processing started or waiting to be processed (batch). |
| COMPLETED | Transaction processed successfully. |
| REVERSAL | Transaction Reversal was tried, however the status is unknown. |
Test Cards
PCI requires us and you to use Test Card Numbers when testing. You should never use a real Card Number in the Sandbox Environment. The following Card Numbers were randomly created, if they happen by chance to be a real Card Number, it is purely by coincidence only. Sample Card Numbers by Networks:- Single Network:
- Multiple Networks:
- Other Networks:
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| STAR | 9010100999999995 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9010101999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010102999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010103999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010110999999994 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9010111999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010112999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010113999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010200999999993 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9010201999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010202999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010203999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010210999999992 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9010211999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010212999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010213999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010300999999991 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9010301999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010302999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010303999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9010310999999990 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9010311999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010312999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9010313999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9011100999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9011101999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011102999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011103999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011110999999993 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9011111999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011112999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011113999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011200999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9011201999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011202999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011203999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011210999999991 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9011211999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011212999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011213999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011300999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9011301999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011302999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011303999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9011310999999999 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9011311999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011312999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9011313999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| Pulse | 9020100999999993 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9020101999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020102999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020103999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020110999999992 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9020111999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020112999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020113999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020200999999991 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9020201999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020202999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020203999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020210999999990 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9020211999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020212999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020213999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020300999999999 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9020301999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020302999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020303999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9020310999999998 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9020311999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020312999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9020313999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9021100999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9021101999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021102999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021103999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021110999999991 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9021111999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021112999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021113999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021200999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9021201999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021202999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021203999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021210999999999 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9021211999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021212999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021213999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021300999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9021301999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021302999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021303999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9021310999999997 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9021311999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021312999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9021313999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| NYCE | 9030100999999991 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9030101999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030102999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030103999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030110999999990 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9030111999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030112999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030113999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030200999999999 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9030201999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030202999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030203999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030210999999998 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9030211999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030212999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030213999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030300999999997 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9030301999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030302999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030303999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9030310999999996 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9030311999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030312999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9030313999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9031100999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9031101999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031102999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031103999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031110999999999 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9031111999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031112999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031113999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031200999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9031201999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031202999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031203999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031210999999997 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9031211999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031212999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031213999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031300999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9031301999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031302999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031303999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9031310999999995 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9031311999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031312999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9031313999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| CU24 | 9050100999999996 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9050101999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050102999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050103999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050110999999995 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9050111999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050112999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050113999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050200999999994 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9050201999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050202999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050203999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050210999999993 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9050211999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050212999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050213999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050300999999992 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9050301999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050302999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050303999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9050310999999991 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9050311999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050312999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9050313999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9051100999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9051101999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051102999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051103999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051110999999994 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9051111999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051112999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051113999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051200999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9051201999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051202999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051203999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051210999999992 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9051211999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051212999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051213999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051300999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9051301999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051302999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051303999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9051310999999990 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9051311999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051312999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9051313999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| Accel | 9080100999999990 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9080101999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080102999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080103999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080110999999999 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9080111999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080112999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080113999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080200999999998 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9080201999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080202999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080203999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080210999999997 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9080211999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080212999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080213999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080300999999996 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9080301999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080302999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080303999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9080310999999995 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9080311999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080312999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9080313999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9081100999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9081101999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081102999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081103999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081110999999998 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9081111999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081112999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081113999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081200999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9081201999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081202999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081203999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081210999999996 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9081211999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081212999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081213999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081300999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9081301999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081302999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081303999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9081310999999994 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9081311999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081312999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9081313999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| Visa | 9400100999999993 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9400101999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400102999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400103999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400110999999992 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9400111999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400112999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400113999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400120999999991 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9400121999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400122999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400123999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400200999999991 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9400201999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400202999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400203999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400210999999990 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9400211999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400212999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400213999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400220999999999 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9400221999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400222999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400223999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400300999999999 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9400301999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400302999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400303999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9400310999999998 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9400311999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400312999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400313999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400320999999997 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9400321999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400322999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9400323999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9401100999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9401101999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401102999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401103999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401110999999991 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9401111999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401112999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401113999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401120999999990 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9401121999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401122999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401123999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401200999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9401201999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401202999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401203999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401210999999999 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9401211999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401212999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401213999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401220999999998 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9401221999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401222999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401223999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401300999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9401301999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401302999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401303999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9401310999999997 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9401311999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401312999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401313999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401320999999996 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9401321999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401322999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9401323999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| VisaFF | 9940101999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | |||||
| 9940201999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9940301999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9941101999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9941201999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9941301999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| MasterCard | 9500100999999992 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9500110999999991 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9500120999999990 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9500200999999990 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9500210999999999 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9500220999999998 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9500300999999998 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9500310999999997 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9500320999999996 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9501100999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9501110999999990 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9501120999999999 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9501200999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9501210999999998 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9501220999999997 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9501300999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9501310999999996 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9501320999999995 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| MoneySend | 9950101999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | |||||
| 9950201999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950301999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950102999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950202999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950302999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950103999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950203999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9950303999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951101999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951201999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951301999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951102999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951202999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951302999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951103999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951203999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9951303999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| STAR Visa | 9410100999999991 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9410101999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410102999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410103999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410110999999990 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9410111999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410112999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410113999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410200999999999 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9410201999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410202999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410203999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410210999999998 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9410211999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410212999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410213999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410300999999997 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9410301999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410302999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410303999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9410310999999996 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9410311999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410312999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9410313999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9411100999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9411101999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411102999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411103999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411110999999999 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9411111999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411112999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411113999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411200999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9411201999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411202999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411203999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411210999999997 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9411211999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411212999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411213999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411300999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9411301999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411302999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411303999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9411310999999995 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9411311999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411312999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9411313999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| Pulse Visa | 9420100999999999 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9420101999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420102999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420103999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420110999999998 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9420111999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420112999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420113999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420200999999997 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9420201999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420202999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420203999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420210999999996 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9420211999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420212999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420213999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420300999999995 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9420301999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420302999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420303999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9420310999999994 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9420311999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420312999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9420313999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9421100999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9421101999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421102999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421103999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421110999999997 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9421111999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421112999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421113999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421200999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9421201999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421202999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421203999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421210999999995 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9421211999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421212999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421213999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421300999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9421301999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421302999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421303999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9421310999999993 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9421311999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421312999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9421313999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| NYCE Visa | 9430100999999997 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9430101999999995 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430102999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430103999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430110999999996 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9430111999999994 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430112999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430113999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430200999999995 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9430201999999993 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430202999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430203999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430210999999994 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9430211999999992 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430212999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430213999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430300999999993 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9430301999999991 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430302999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430303999999997 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9430310999999992 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9430311999999990 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430312999999998 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9430313999999996 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9431100999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9431101999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431102999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431103999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431110999999995 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9431111999999993 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431112999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431113999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431200999999994 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9431201999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431202999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431203999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431210999999993 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9431211999999991 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431212999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431213999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431300999999992 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9431301999999990 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431302999999998 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431303999999996 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9431310999999991 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9431311999999999 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431312999999997 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9431313999999995 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| CU24 Visa | 9450100999999992 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9450101999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450102999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450103999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450110999999991 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9450111999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450112999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450113999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450200999999990 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9450201999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450202999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450203999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450210999999999 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9450211999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450212999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450213999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450300999999998 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9450301999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450302999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450303999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9450310999999997 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9450311999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450312999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9450313999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9451100999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9451101999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451102999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451103999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451110999999990 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9451111999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451112999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451113999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451200999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9451201999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451202999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451203999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451210999999998 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9451211999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451212999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451213999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451300999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9451301999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451302999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451303999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9451310999999996 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9451311999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451312999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9451313999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| Accel Visa | 9480100999999996 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9480101999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480102999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480103999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480110999999995 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9480111999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480112999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480113999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480200999999994 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9480201999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480202999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480203999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480210999999993 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9480211999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480212999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480213999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480300999999992 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9480301999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480302999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480303999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9480310999999991 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9480311999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480312999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9480313999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9481100999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9481101999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481102999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481103999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481110999999994 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9481111999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481112999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481113999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481200999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9481201999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481202999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481203999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481210999999992 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9481211999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481212999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481213999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481300999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9481301999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481302999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481303999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9481310999999990 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9481311999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481312999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9481313999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| STAR Pulse Visa | 9710100999999998 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | |||||
| 9710101999999996 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710102999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710103999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710110999999997 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9710111999999995 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710112999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710113999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710200999999996 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9710201999999994 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710202999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710203999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710210999999995 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9710211999999993 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710212999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710213999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710300999999994 | ✘ No | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9710301999999992 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710302999999990 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710303999999998 | ✘ No | ✔ | ✘ Not Valid | ✔ | ||||||
| 9710310999999993 | ✘ No | ✔ | ✔ | ✘ Not Valid | ||||||
| 9710311999999991 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710312999999999 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9710313999999997 | ✘ No | ✔ | ✔ | ✔ | ||||||
| 9711100999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9711101999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711102999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711103999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711110999999996 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9711111999999994 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711112999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711113999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711200999999995 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9711201999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711202999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711203999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711210999999994 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9711211999999992 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711212999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711213999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711300999999993 | ✔ Yes | ✔ | ✘ Not Valid | ✘ Not Valid | ||||||
| 9711301999999991 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711302999999999 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711303999999997 | ✔ Yes | ✔ | ✘ Not Valid | ✔ | ||||||
| 9711310999999992 | ✔ Yes | ✔ | ✔ | ✘ Not Valid | ||||||
| 9711311999999990 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711312999999998 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| 9711313999999996 | ✔ Yes | ✔ | ✔ | ✔ | ||||||
| top Network | Card Number | Regulated | Card Type | Pull (Type) | Push (Availability) | |||||
| Debit | Credit | PrePaid | Single | Dual | Immediate | Next | Few | |||
| Credit Cards | 9810203999999999 | ✘ No | ✔ | ✘ Not Valid | ✔ | |||||
Sample Flows
There are only a few simple flows:Retrieve Client's Attributes (Information) | |||||||
|---|---|---|---|---|---|---|---|
| API Call | Description | ||||||
| 1 | Retrieve Client | Client Attributes:
| |||||
| Create Key (optional) | |||||||
| API Call | Description | ||||||
| 2 | Create Key | Encryption Key RSA Public Key | |||||
| Transaction using an Account (Tokenization) | |||||||
| API Call | Description | ||||||
| 3 | Query Card | Card Attributes | |||||
| API Call | Description | ||||||
| 4 | Create Account | Type: Card | |||||
| API Call | Description | ||||||
| 5 | Create Transaction Push | Transaction:
| |||||
| API Call | Description | ||||||
| 6 | Create Transaction Pull | Transaction:
| |||||
| One Time Transaction | |||||||
| API Call | Description | ||||||
| 7 | Query Card | Card Attributes | |||||
| API Call | Description | ||||||
| 8 | Create Transaction Push | Transaction:
| |||||
| API Call | Description | ||||||
| 9 | Create Transaction Pull | Transaction:
| |||||
| Optionally Retrieve an Account, Update an Account, or Delete an Account | |||||||
| API Call | Description | ||||||
| 10 | Retrieve Account | ||||||
| API Call | Description | ||||||
| 11 | Update Account | Type: Card | |||||
| API Call | Description | ||||||
| 12 | Delete Account | ||||||
| Optionally Retrieve Transaction Information | |||||||
| API Call | Description | ||||||
| 13 | Retrieve Transaction | ||||||
| API Call | Description | ||||||
| 14 | Retrieve Transaction | ||||||
- Retrieve Client
- Create Key (optional)
- Query Card
- Create Account
- Create Transaction - Push
- Create Transaction - Pull
- Query Card
- Create Transaction - Push
- Create Transaction - Pull
- Retrieve Account
- Update Account
- Delete Account
- Retrieve Transaction
- Retrieve Transaction
Code Samples
There is no SDK because the TabaPay Web Service (API) is just a simple RESTful Web Service that uses standard HTTPS to:- connect
- send request
- receive response
- disconnect
Therefore, you can use almost any programming language. We assume that you are an expert in the language you have selected to use.
You can also use command line utilities such as:
If you need help in using the TabaPay Web Service (API), we recommend using one of the command line utilities first. By doing this first, it eliminates any language specific issues or uniquenesses, and since there are so many programming languages available today, we may not be an expert in (or even have used) the language you are trying to use. Also, by doing this first, it can help eliminate networking issues such as firewalls blocking the requests and/or responses.We do provide some simple samples in various common programming languages:
- Java
- JavaScript under node.js
- Go
- Python
- Ruby
curl
A GET Request (Retrieve Client):curl https://<FQDN>/v1/clients/<ClientID> -H "Authorization: Bearer <TokenValue>"A POST Request (Query Card):
curl https://<FQDN>/v1/clients/<ClientID>/cards -H "Authorization: Bearer <TokenValue>" -H "Content-type: application/json" -X POST -d "{\"card\":{\"accountNumber\":\"9999999999999999\"}}"These were last tested successfully using:
- curl 7.51.0 on a Mac OSX System on 05/29/2017
- curl 7.47.0 on a Ubuntu 16.04 System on 05/29/2017
- curl 7.54.0 on a Windows System on 05/29/2017
wget
A GET Request (Retrieve Client):
wget -qO-
https://<FQDN>/v1/clients/<ClientID>
--header "Authorization: Bearer <TokenValue>"
A POST Request (Query Card):
wget -qO-
https://<FQDN>/v1/clients/<ClientID>/cards
--header "Authorization: Bearer <TokenValue>"
--header "Content-type: application/json"
--post-data "{\"card\":{\"accountNumber\":\"9999999999999999\"}}"
These were last tested successfully using:- wget 1.17.1 on a Ubuntu 16.04 System on 05/29/2017
- wget 1.19.1 on a Windows System on 05/29/2017
openssl s_client
A GET Request (Retrieve Client):openssl s_client -connect <FQDN>:443 GET /v1/clients/<ClientID> HTTP/1.0 Authorization: Bearer <TokenValue>A POST Request (Query Card):
openssl s_client -connect <FQDN>:443 POST /v1/clients/<ClientID>/cards HTTP/1.0 Authorization: Bearer <TokenValue> Content-type: application/json Content-length: 45 {"card":{"accountNumber":"9999999999999999"}}These were last tested successfully using:
- OpenSSL 0.9.8zh on a Mac OSX System on 05/29/2017
- OpenSSL 1.0.2g on a Ubuntu 16.04 System on 05/29/2017
- OpenSSL 1.0.2g on a Windows System on 05/29/2017
Java
A GET Request (Retrieve Client):
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class Sample
{
public static void main( String[] asArgs )
{
try
{
URL urlService = new URL( "https://<FQDN>/v1/clients/<ClientID>" );
HttpsURLConnection connectionService =
(HttpsURLConnection) urlService.openConnection();
connectionService.setRequestMethod( "GET" );
connectionService.setRequestProperty(
"Authorization", "Bearer " + "<TokenValue>"
);
int iStatusCode = connectionService.getResponseCode();
System.out.println( "TabaPay API Call, SC=" + iStatusCode );
InputStream insResponse = iStatusCode == 200
? connectionService.getInputStream()
: connectionService.getErrorStream();
byte[] abResponse = new byte[1024];
int iLengthRead = insResponse.read( abResponse );
insResponse.close();
System.out.println( new String( abResponse, 0, iLengthRead, "UTF-8" ) );
}
catch ( Throwable t )
{
t.printStackTrace();
}
}
}
A POST Request (Query Card):
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class Sample
{
public static void main( String[] asArgs )
{
try
{
URL urlService = new URL( "https://<FQDN>/v1/clients/<ClientID>/cards" );
HttpsURLConnection connectionService =
(HttpsURLConnection) urlService.openConnection();
connectionService.setRequestMethod( "POST" );
connectionService.setRequestProperty(
"Authorization", "Bearer " + "<TokenValue>"
);
connectionService.setRequestProperty(
"Content-type", "application/json"
);
byte[] abDataRequest =
"{\"card\":{\"accountNumber\":\"9999999999999999\"}}".getBytes( "UTF-8" );
connectionService.setDoOutput( true );
OutputStream outsRequest = connectionService.getOutputStream();
outsRequest.write( abDataRequest, 0, abDataRequest.length );
outsRequest.close();
int iStatusCode = connectionService.getResponseCode();
System.out.println( "TabaPay API Call, SC=" + iStatusCode );
InputStream insResponse = iStatusCode == 200
? connectionService.getInputStream()
: connectionService.getErrorStream();
byte[] abResponse = new byte[1024];
int iLengthRead = insResponse.read( abResponse );
insResponse.close();
System.out.println( new String( abResponse, 0, iLengthRead, "UTF-8" ) );
}
catch ( Throwable t )
{
t.printStackTrace();
}
}
}
These were last tested successfully using Java 1.8 on 05/30/2017 and reverified on 08/08/2017.RSA Encryption using CryptoRSA Class in TabaPayAPIHelpers.jar:
import com.tabapay.api.helpers.security.rsa.CryptoRSA;
import com.tabapay.samples.CallTabaPay;
import com.tabapay.samples.CallTabaPay.KeyData;
public class APIHelpers
{
public static void main( String[] asArgs )
{
String sCardData = "9999999999999999|202012|"; // Card Number | Expiration Date | CVV2
try
{
int iExpirationInDays = 365;
KeyData dataKey = CallTabaPay.CreateKey( iExpirationInDays ); // You Provide
String sEncodedEncryptedData = CryptoRSA.encryptUsingPublicKey( // TabaPayAPIHelpers.jar
dataKey.m_sPublicKey, // Public Key from Create Key
sCardData // Card Data
);
CallTabaPay.QueryCard( dataKey.m_sKeyID, sEncodedEncryptedData ); // You provide
}
catch ( Throwable t )
{
t.printStackTrace();
}
}
}
JavaScript
A GET Request (Retrieve Client):
var https = require( "https" );
var options =
{
host: "<FQDN>",
port: 443,
path: "/v1/clients/<ClientID>",
method: "GET",
headers:
{
"Authorization": " Bearer <TokenValue>"
}
};
var req = https.request( options, function( res )
{
console.log( "statusCode: ", res.statusCode );
res.on( "data", function( d )
{
process.stdout.write( d );
});
}).on( "error", function( e )
{
console.error( e );
});
req.end();
A POST Request (Query Card):
var https = require( "https" );
var options =
{
host: "<FQDN>",
port: 443,
path: "/v1/clients/<ClientID>/cards",
method: "POST",
headers:
{
"Authorization": " Bearer <TokenValue>",
"Content-type": "application/json",
"Content-length": "45"
}
};
var req = https.request( options, function( res )
{
console.log( "statusCode: ", res.statusCode );
res.on( "data", function( d )
{
process.stdout.write( d );
});
}).on( "error", function( e )
{
console.error( e );
});
req.write( '{"card":{"accountNumber":"9999999999999999"}}' );
req.end();
These were last tested successfully using NodeJS 6.10.3 on 05/31/2017.Go
A GET Request (Retrieve Client):
package main
import (
"fmt"
"io/ioutil"
"net/http"
)
func main() {
client := &http.Client{}
req, err := http.NewRequest(
"GET",
"https://<FQDN>/v1/clients/<ClientID>",
nil)
if err != nil {
panic(err)
}
req.Header.Add("Authorization", "Bearer <TokenValue>")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println(string(body))
}
A POST Request (Query Card):
package main
import (
"fmt"
"io/ioutil"
"net/http"
"strings"
)
func main() {
client := &http.Client{}
req, err := http.NewRequest(
"POST",
"https://<FQDN>/v1/clients/<ClientID>/cards",
strings.NewReader("{\"card\":{\"accountNumber\":\"9999999999999999\"}}"))
if err != nil {
panic(err)
}
req.Header.Add("Authorization", "Bearer <TokenValue>")
req.Header.Add("Content-type", "application/json")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println(string(body))
}
These were last tested successfully using go 1.9.2 on 11/30/2017.Python
A GET Request (Retrieve Client):import httplib conn = httplib.HTTPSConnection( '<FQDN>' ) conn.putrequest( 'GET', '/v1/clients/<ClientID>' ) conn.putheader( 'Authorization', 'Bearer <TokenValue>' ) conn.endheaders() response = conn.getresponse() print response.read()A POST Request (Query Card):
import httplib conn = httplib.HTTPSConnection( '<FQDN>' ) conn.putrequest( 'POST', '/v1/clients/<ClientID>/cards' ) conn.putheader( 'Authorization', 'Bearer <TokenValue>' ) conn.putheader( 'Content-type', 'application/json' ) conn.putheader( 'Content-length', '45' ) conn.endheaders() conn.send( '{"card":{"accountNumber":"9999999999999999"}}' ) response = conn.getresponse() print response.read()These were tested successfully using Python 2.7.10 on 05/30/2017.
Ruby
A GET Request (Retrieve Client):require 'net/https' uri = URI.parse( 'https://<FQDN>/v1/clients/<ClientID>' ) http = Net::HTTP.new( uri.host, uri.port ) http.use_ssl = true request = Net::HTTP::Get.new( uri.request_uri ) request.add_field( "Authorization", "Bearer <TokenValue>") response = http.request( request ) puts response.bodyA POST Request (Query Card):
require 'net/https' require 'json' uri = URI.parse( 'https://<FQDN>/v1/clients/<ClientID>/cards' ) http = Net::HTTP.new( uri.host, uri.port ) http.use_ssl = true request = Net::HTTP::Post.new( uri.request_uri, 'Content-Type' => 'application/json' ) request.add_field( "Authorization", "Bearer <TokenValue>") request.body = {card:{accountNumber: '9999999999999999'}}.to_json response = http.request( request ) puts response.bodyThese were tested successfully using Ruby 2.0.0p648 on 05/31/2017.
PCI Helpers
These sections are still a Work in progress...
These TabaPay features are to help our Clients with PCI, but it does not remove the PCI requirements for the Client.
PCI Helper - SSO
This section is still a Work in progress... Also see the PCI Helper - SSO FAQ. The samples and examples decribed here are now running in the Sandbox Environment.
How SSO works
See some working samples on how this might work.
The samples are only samples. We can provide a generic (plain/simple) SSO HTML Web Page; but, we think that allowing you to customize it to match your WebSite (colors, layout, errors handling, etc...) would be a much better solution, however, that means you will need to provide the HTML, CSS, and JavaScript.
The Imbedded Form Sample (currently) only shows one input method:
- Keyboard Entry
while the Modal Dialog Box Overlay shows 3 possible input methods:
- Keyboard Entry
- KeyPad Entry
- Card Swipe Entry
- Card Account Number
- Expiration Date
- Security Code - CVV2 (optional)
- Google Chrome 65
- Mozilla FireFox 55
- Apple Safari 11.1
- Microsoft Edge 38
View Addtional Details
Hide Addtional Details
The following is meant to be only a simple sample on how this may work and is not meant for production use or imply that it is production ready.
Client BackEnd Server
Customization of SSO
Other Notes:
Client Web Page
Add a Listener for the Return from TabaPay SSO
window.addEventListener( "message", pfReceivedMessage, false );
Function to handle Return from TabaPay SSO
var pfReceivedMessage = function( event )
{
if ( event.data != "Close" )
{
if ( event.data.slice( 0, 7 ) == "Error: " )
{
// Error
}
else
{
var asData = event.data.split( "|" );
if ( asData.length == 3 )
{
// asData[ 0 ] contains the Last 4
// asData[ 1 ] contains the Expiration Date in YYYYMM Format
// asData[ 2 ] contains the Card Token
}
else
{
// Data Error
}
}
}
else
{
// Close or Cancel
}
}
JavaScript Code to load TabaPay SSO when needed
document.getElementById( "sso" ).src = "https://<FQDN>/<PageName>.html?<Unique>";
HTML to include TabaPay SSO
<div><iframe id="sso"></iframe></div>
Client BackEnd Server
Can use the Card Token in the following TabaPay API Calls:
Customization of SSO
If you are providing the HTML, CSS, and JavaScript to us:
- HTML must be minifiable
- CSS must be minifiable
- JavaScript must be compilable (with no warnings or errors) with the Google Closure Compiler
- No External JavaScript Libraries, No External JavaScript Frameworks
- The Results will be a single HTML file
- Any external images will be hosted from your servers
- We will control and own the HTML, CSS, and JavaScript (please check with your legal department)
Clarifications (feedback from Early Users):
- You will provide us with the HTML, CSS, JavaScript:
- Formatted as for Development (leave spaces, indentation, whitespace, blank lines, etc...)
- Leave Comments in as for Development
- We have to understand the code you send to us, so keep it (very) simple...
- We (TabaPay) will minify the HTML, CSS, JavaScript:
- If there are issues, we will try to fix...
- If we can't fix (easily), we may ask you to revise it...
- Due to PCI, we cannot include external libraries or frameworks...
- And again due to PCI, we have to own the code (HTML, CSS, JavaScript), so please check with your Legal Department...
Also see the Step-by-Step Example below of this process including our expectations of the expected file (or 3 files: HTML, CSS, and JavaScript) that we will be receiving from you.
Common sense (real world) facts about this customization:
- Take advantage of this (almost) complete control of this customization and the ability for you to customize it, but:
- Be Simple
- Be Reasonable
- Understand some of the Restrictions, if any
- If we say we cannot do something, show us how to do it simply and we will take another look
- If we say no, please accept that it can't be done or we can't do it
- Due to time constraints, we can only do minor tweaks after the initial delivery of the HTML, CSS, and JavaScript.
Other Notes:
- Expiration of the Card Token?
View Step-by-Step Example
Hide Step-by-Step Example
The following is only a very simple example and is not meant for production use or imply that it is production ready. Also see the PCI Helper - SSO FAQ.
(1) My Custom SSO Web Page
It is:
- (Very) Simple
- Reasonable (in complexity and size)
- Easy to understand
- No External Libraries or Frameworks
and it is nicely formatted for a developer to read:
- Code is Indented
- Source is Commented
<!DOCTYPE html>
<html>
<head>
<style>
/*
* Table Header
* 1st Column
*/
th
{
text-align: right;
padding-right: 10px;
}
/*
* Form Button(s) Row
*/
.b
{
padding-top: 10px;
text-align: center;
}
</style>
<script>
function fCheckCardNumber( psCardNumber )
{
//
// Code to Check Card Number
//
if ( psCardNumber.length < 13 || psCardNumber.length > 19 )
{
return false;
}
//
// More Checks?
// Card Range?
// All Digits?
// Luhn Checksum?
//
//
// If you want use TabaPay's Common Utils,
// (1) remove the above check
// (2) and add the following if statement
//
// if ( ! TabaPayCommonUtils.fCheckCardNumber( psCardNumber ) )
// {
// return false;
// }
//
return true;
}
function fCheckExpirationDate( psExpirationDate )
{
//
// Code to Check Expiration Date
//
if ( psExpirationDate.length != 5 || psExpirationDate.slice( 2, 3 ) != "/" )
{
return false;
}
//
// More Checks?
// Check Month and Year
//
//
// If you want use TabaPay's Common Utils,
// (1) remove the above check
// (2) and add the following if statement
//
// if ( ! TabaPayCommonUtils.fCheckCardExpirationDate( psExpirationDate ) )
// {
// return false;
// }
return true;
}
function fCheckSecurityCode( psSecurityCode )
{
//
// Code to Check Security Code
//
if ( psSecurityCode.length < 3 || psSecurityCode.length > 4 )
{
return false;
}
//
// More Checks?
// Check Number
//
//
// If you want use TabaPay's Common Utils,
// (1) remove the above check
// (2) and add the following if statement
//
// // Currently this only does minimal checking
// // If you want a more thourogh Security Code check,
// // feel free to replace this with your own function
//
// if ( ! TabaPayCommonUtils.fCheckSecurityCode( psSecurityCode ) )
// {
// return false;
// }
//
return true;
}
function fClear()
{
document.getElementById("c").value="";
document.getElementById("e").value="";
document.getElementById("s").value="";
}
function fSubmit()
{
var sCardNumber = document.getElementById("c").value.trim();
var sExpirationDate = document.getElementById("e").value.trim();
var sSecurityCode = document.getElementById("s").value.trim();
//
// Check Card Number
//
if ( sCardNumber.length == 0 )
{
alert( "Missing Card Number" );
return;
}
if ( ! fCheckCardNumber( sCardNumber ) )
{
alert( "Bad Card Number" );
return;
}
//
// Check Expiration Date
//
if ( sExpirationDate.length == 0 )
{
alert( "Missing Expiration Date" );
return;
}
if ( ! fCheckExpirationDate( sExpirationDate ) )
{
alert( "Bad Expiration Date" );
return;
}
//
// Check Security Code (optional)
//
if ( sSecurityCode.length > 0 )
{
if ( ! fCheckSecurityCode( sSecurityCode ) )
{
alert( "Bad Security Code" );
return;
}
}
//
// All Checks ok
//
// TabaPay will add code here
// temporarily use an alert to display the values
alert( sCardNumber + "," + sExpirationDate + "," + sSecurityCode );
}
function fCancel()
{
// TabaPay will add code here
// temporarily use an alert to indicate Cancel
alert( "Cancelled" );
}
</script>
</head>
<body>
<form>
<table>
<tr>
<th>Card Number</th>
<td><input id="c" type="password" placeholder="13-19 digits"></td>
</tr>
<tr>
<th>Expiration Date</th>
<td><input id="e" placeholder="MM/YY Format"></td>
</tr>
<tr>
<th>Security Code</th>
<td><input id="s" placeholder="3-4 digits"></td>
</tr>
<tr>
<td class="b" colspan="2">
<input type="button" value="Clear" onclick="fClear()"/>
<input type="button" value="Use Card Data" onclick="fSubmit()"/>
</td>
</tr>
<tr>
<td class="b" colspan="2"><input type="button" value="Cancel" onclick="fCancel()"/></td>
</tr>
</table>
</form>
</body>
</html>
The use of Alerts in the above example was only used to simplify the example and not clutter the JavaScript Code in the example. We recommend that you change the usage of Alerts to something more appropriate that matches your WebSite. Again, the above example is not meant for production use or imply that it is production ready.
(2) Please QA the My Custom SSO Web Page before (3)
(2a) TabaPay QA will only do a cursory check
(2b) There will be a very limited number of back and forth
(2c) It will be your responsibility for your Custom SSO Web Page
(3) Submit My Custom SSO Web Page to TabaPay
(4) Wait for TabaPay to complete the modifications to the Custom SSO Web Page
(5) TabaPay will make your Custom SSO Web Page available
(6) Test using TabaPay's Test your SSO Web Page
Goto the See some working samples link above
Use the filename: MyCustomSSOExample
and be sure to set the desired width and height
also this Example has an image that is hosted externally
(7) Include in your Web Page
Goto the View Additional Details link above on how to do this...
PCI Helper - RSA
This section is still a Work in progress... Also see the PCI Helper - RSA FAQ.
How to use RSA
Due to the number of computer languages available today, we will be using OpenSSL, the well-known and widely used cryptography library, to show how to use RSA to create the value for the data parameter in the following TabaPay API Calls:
The data contains:
- Card Account Number
- Card Expiration Date
- Card Security Code
Here are the steps in creating the data parameter for the TabaPay API Calls:
Create a Key
- Use the TabaPay API Call: Create Key
- The returned format of the Public Key depends upon what language you are using and what libraries (in the language) you are using, however:
- RAW Format (consisting of exponent and modulus) can be easily converted to ASN.1 Format
- ASN.1 Format can be easily converted to RAW Format (consisting of exponent and modulus)
- The returned format of the Public Key depends upon what language you are using and what libraries (in the language) you are using, however:
- OpenSSL, for this example, will be using ASN.1 Format
- Use the TabaPay API Call: Create Key
Save the keyID
Convert the key (in ASN.1 Format) from Base64 URL-Safe to regular Base64 Encoding
Create a file containing the Public Key, we will use PEM Format, but we could have also use DER Format instead:
- Use an editor, like vi, and create a public.key
- First Line contains: -----BEGIN PUBLIC KEY-----
- Next Line contains the Base64 (not URL-Safe) Encoded Key: MIIBI...AQAB
- Last Line contains: -----END PUBLIC KEY-----
Create a file containing the Card Data, separated by "|" (pipe symbol):
- Card Account Number
- Card Expiration Date
- Card Security Code
Example is: 9400100999999993|209912|123
Use OpenSSL to encrypt the Card Data, RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding:
openssl pkeyutl -in card.data -out encrypted.data -inkey public.key -keyform PEM -pubin -encrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
Convert the Encrypted Data in the file to Base64 URL-Safe Encoding
- You can now use:
- keyID from (2)
- data, Base64 URL-Safe Encoding, from (7)
in the following TabaPay API Calls:
Make sure the version of OpenSSL that you are using is at least 1.0.2k.
If you are having problems, hopefully this example can help you in the language you are using... Some languages, such as:
- Python
- Ruby
General FAQ
Need help?
Contact us at support@TabaPay.com and someone from our support team will get back to you as quickly as possible.
Why is there no SDK?
The API is just a simple RESTful Web Service that uses standard HTTPS to:
- connect
- send request
- receive response
- disconnect
Therefore, you can use almost any programming language; however, there are so many programming languages available today, we may not be an expert in (or even have used) the language you are trying to use. We assume that you are an expert in the language you have selected to use.
Having connection issues?
Try using one of the command line utilities first. Usually it can help diagnose networking issues such as firewall configurations, IP whitelisting, etc... Also it helps in eliminating any language specific issues or uniquenesses, and since there are so many programming languages available today, we may not be an expert in (or even have used) the language you are trying to use.
Curious? What do we use?
ISO
Unfortunately this acronym stands for:Hopefully the context where it is being used will make the definition of the acronym obvious.
Data FAQ
Is there a JSON Schema?
We allow additional JSON pairs (NVPs) to be added in a request (though we don't recommend this) and we may return back additional JSON pairs (NVPs) in a response (optional JSON pairs (NVPs) that you may not be using but another client may be using). We also allow JSON pairs (NVPs) to be sent in a request in any order and we may return back JSON pairs (NVPs) in a response in any order.
Be sure you can handle "freeform" JSON responses.
What is the type of a Data Value? Is it a String, an Integer, an Amount, a Boolean, or what?
We treat all Data Values initially as Strings. We then apply a Value Restriction to the String. So for example:
- an Integer, we look for a string with only digits
- an Amount, for currency number 840, USD, we look for a string with only digits and a single decimal point with two decimal digits but no commas nor currency sign
- a Boolean, we look for a string with the value of either true or false
How to specify an Amount Value?
In order to handle international currencies, an Amount is a String. International currencies:
- use either a point or a comma as their decimal mark and
- might have a maximum of 0, 1, 2, 3, or 4 decimal places.
1000.20
Valid
1.20
Valid
0.20
Valid
.20
Valid
.4
Invalid, 2 decimal digits are required
1.4
Invalid, 2 decimal digits are required
1,000.21
Invalid, comma not needed
$10.21
Invalid, dollar sign not needed
Is there a size limitation to String Values?
Unless specified in the Value column, String Values can be of any reasonable size. However there is a limitation to the total number of bytes in your request. And remember, some Unicode characters, especially international characters, are more than one byte.
Are null Values valid?
JSON Values that are null are accepted, according to the JSON Specifications, but it is preferred that you just leave out the pair (NVP):
Works:
{
"NameA": "Test",
"NameB": null,
"NameC": "Test"
}
Preferred:
{
"NameA": "Test",
"NameC": "Test"
}
What valid characters can be used for fields such as Reference IDs, Memo, Names (first and last), etc...?
The API can accept any UTF-8 character; however, to be safe for other processes that may be using this data, we recommend the use of only the Base64 URL-Safe Character Set. We will also explicitly restrict the use of these characters:We do recommend the use of only the Base64 URL-Safe Character Set.
● ,
Comma (used in csv files)
● "
Double Quotes (used in csv files)
● ~
Tilde
● ^
Caret
Base64 Encoding
Binary Data and some Strings, that are beyond Alphanumeric, should be encoded in Base64 with no padding and using the URL-Safe Character Set:
● A-Z
Uppercase alphabetic characters
● a-z
Lowercase alphabetic characters
● 0-9
Digits
● -
Minus Sign
● _
Underscore
Format of the JSON Request and Response Data?
We recommend deleting all whitespaces from the JSON Request. We will return a JSON Response in a packed format where all whitespaces are removed.
Nice for human:
{
"NameA": "Test",
"NameB": 1
}
But not so much for our Application and also it clutters our logs, so preferably:
{"NameA":"Test","NameB":1}
Errors FAQ
HTTP Status Codes?
See Status Codes for a list of HTTP Status Codes that might be returned.
A 400 Series Error is usually something that you can fix by changing something in your request. A 500 Series Error is usually something that you need to contact us (support@TabaPay.com) to look at. If we determine that a 500 Series Error can be fixed by you, we will try to change this error situation to a 400 Series Error in a future code release.
PCI does require us to be cryptic in the Error Messages that we return back; but for certain 400 Series Errors, we may return back something in the Error Message (EM) field of the JSON Response that indicates what might be wrong.
You should never get a HTTP Status Code of 400 on Production
If you are getting a HTTP Status Code of 400 on the Production Environment, that usually means you are not handling these errors correctly on your end. We strongly recommend completing the Production Certification Test in its entirety, specifically the portion where we recommend integrating your application with our API calls.
Also, please see the Coding FAQ.
Use of HTTP Status Code 207?
You might get HTTP Status Code 207, when there is an Error while processing your Transaction due to some Upstream Process.
Everything on our end processed successfully:
- Your request passed all our checks
- Configuration is available to process your request
- A record is created for your request (Transaction)
Customer Facing Error Messages?
We are a Server-to-Server Web Services (API) and we are not Customer Facing, so:
- We do not provide User Friendly Error Messages.
- We do not provide Error Details (because of PCI).
- We do not recommend showing your Customers our Error Messages or Error Codes.
Also, please see the Coding FAQ.
Sandbox Environment FAQ
Are there Test Card Numbers to use in the Sandbox Environment?
PCI requires us and you to use Test Card Numbers when testing. You should never use a real Card Number in the Sandbox Environment. See Samples - Test Cards where we provide various Test Card Numbers...
How to generate an error in the Sandbox Environment?
For Create Transaction, the Amount is used to trigger various errors while processing the Create Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):
| Amount | Response | Actual Response | Error Description | |||
|---|---|---|---|---|---|---|
| Status Code | Network Response Code | Resource Status | Network Response Code | Resource Status | ||
| 0.01 | 200 | ZZ (or 999) | ERROR | ZZ (or 999) | ERROR | Transaction Error |
| 0.02 | 207 | UNKNOWN | UNKNOWN | Transaction Processing Failed | ||
| 0.03 | 200 | 00 (or 000) | COMPLETED | 00 (or 000) | COMPLETED | Transaction Successful, but upstream processing was delayed for 30 seconds |
| 0.04 | 207 | UNKNOWN | 00 (or 000) | COMPLETED | Transaction Successful, but upstream processing was delayed for 40 seconds | |
For Delete Transaction, the Create Transaction Amount is used to trigger various errors while processing the Delete Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):
| Amount | Create Transaction Response | Delete Transaction Response | Error Description | ||||
|---|---|---|---|---|---|---|---|
| Status Code | Network Response Code | Resource Status | Status Code | Reversal Network Response Code | Resource Status | ||
| 0.07 | 200 | 00 (or 000) | COMPLETED | 200 | ZZ (or 999) | UNKNOWN | Reversal Request failed |
| 0.08 | 200 | 00 (or 000) | COMPLETED | 200 | 21 | UNKNOWN | Reversal Request failed, the Reversal was too late. Not available when routed to any Regional Network: Currently only STAR and Accel. |
For AVS, Query Card, the Zip Code, Address, and Security Code are used to trigger various conditions while processing an AVS request in the Sandbox Environment:
| Request | Response | Comments | ||||||
|---|---|---|---|---|---|---|---|---|
| Zip Code | Address | Security Code | Response Text | Network Response Code | Code AVS Results | Code Security Code Results | ||
| Any* | Any* | None | NOT DECLINED | 85 | Y | Zip Code and Address were matched | ||
| Any* | None | None | NOT DECLINED | 85 | Z | Zip Code was matched | ||
| Any* | Any or None | Any* | DEPENDS | DEPENDS | DEPENDS | M | Depends upon if Zip Code and Address matches or not, but Security Code was matched | |
| Any* | Any or None | 999 | DECLINE | 05 | DEPENDS | N | Depends upon if Zip Code and Address matches or not, but Security Code was not matched | |
| 99990 | Any or None | Any or None | DECLINE | 05 | U | Information not available | ||
| 99991 | Any or None | Any or None | DECLINE | 05 | R | AVS unavailable, retry | ||
| 99992 | Any* | None | DECLINE | 05 | A | Zip Code was not matched, but Address was matched | ||
| 99992 | None or 999 Bad | None | DECLINE | 05 | N | Zip Code and Address were not matched | ||
| 99993 | Any or None | Any or None | DEPENDS | DEPENDS | DEPENDS | DEPENDS | AVS Request delayed for 30 seconds | |
| 99994 | Any or None | Any or None | UNKNOWN | UNKNOWN | UNKNOWN | UNKNOWN | AVS Request timed out | |
- Any* - Any Zip Code that is not explicitly used to trigger a condition (99990-99994)
- Any* - Any Address that is not explicitly used to trigger a condition (999...) - Address only checks the Street Number
- Any* - Any Security Code that is not explicitly used to trigger a condition (999)
Is the Sandbox Environment PCI Compliant?
No.
You should be using Test Card Numbers when testing in the Sandbox Environment. You should never use a real Card Number in the Sandbox Environment. See Samples - Test Cards where we provide various Test Card Numbers...
What is the Sandbox Environment SLA?
There should be no expectations on the Sandbox Environment.
Production Environment FAQ
What is the maintenance window for the Production Environment?
There should be no outage during normal maintenance. We have activity 24x7x365 and the low points seem to be around mid-week.
How quickly can we do a change (configuration) on the Production Environment?
We are PCI Level 1 and SOC2 Type 2 Compliant. So, what does that mean? We are procedure and process controlled.
Some companies require us to be PCI Level 1 and SOC2 Type 2 Compliant. And then some of those same companies still expect us to do things for them immediately (and on Production). Here is a real life example that recently occurred:
- A Client demanded to change their limit on a weekend night immediately
- After changing their Limit, the same Client later demanded to change their limit again and again on a weekend night immediately
- After changing their Limit again, we see they never reached the Limits they demanded, in fact, they never even reached their original Limit
Not everything is or can be an emergency...
Schedule for Production changes:
- Have your request by Friday morning
- Changes will be implemented by end of day Monday (or Tuesday, if Monday is a Holiday)
Why? (in regards to the above question)
Here is a quote from one of our Clients about their PCI Environment (not ours but theirs):
Our IT department frowns upon rapid-fire changes to the PCI environment.
So I hope everyone understands the restrictions and constraints of being in a PCI Environment.
Funny, we previously have used the same word: "frown" when a Client asks us to do something outside of our normal policies and procedures.
Ready to go into Production?
In order to go into Production, we need the following things to be completed:
- PCI
- AOC or
- SAQ (select the correct questionnaire)
- Certification Test on Sandbox
- Just run your normal QA Tests against your Application connected to our backend (API)
- And run various Error Conditions/Scenarios, see the Certification Test document from TabaPay Support
- TabaPay Boarding Sheet
- Your Support Contact Information
- Your Financial (Accounting) Information
Certification Test?
- We want you to run your full QA tests on your Application that is connected to our backend (API).
- We want to see the different types of requests that you may be sending us.
- We can provide feedback on what we are seeing in your requests.
- We want to catch issues during this testing versus on Production.
- We can catch problems, here are some of the real issues we have seen before we revised our Certification Test:
- Security Code was misspelled, so they (CVV2s) showed up in the clear in our logs which exposes us (PCI) and your customer.
- Amounts were incorrectly formatted, so some requests were failing (.4) and others were not (0.40).
You should never get a HTTP Status Code of 400 on Production
If you are getting a HTTP Status Code of 400 on the Production Environment, that usually means you are not handling these errors correctly on your end. We strongly recommend completing the Production Certification Test in its entirety, specifically the portion where we recommend integrating your application with our API calls.
Also, please see the Coding FAQ.
Locking your Client?
If the Bank and/or TabaPay detect something funny happening:
- in your API Requests, or
- with your Limits, or
- with your Settlement Account
If your Client is LOCKed, please contact TabaPay support.
Disabling your IP Address?
If TabaPay detects something funny coming from one of your IP Addresses that you requested to be whitelisted, we may have to remove that IP Address. We have WAFs and IDS/IPSs protecting all Internet Facing Systems. We shouldn't be receiving any kind of probes from your systems, so all probes will be detected as a hack attempt and will be shutdown.
If we do remove an IP Address, you have to resubmit a request to reenable the IP Address, so please contact TabaPay support.
A reason for disabling?
“Insanity is doing the same thing, over and over again, but expecting different results.”
PCI / SOC2 FAQ
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. Also see PCI Security Standards Council.
What is SOC2 Type 2?
SOC stands for System and Organization Controls.
Are we PCI Compliant? SOC2 Type 2 Compliant?
Is the Sandbox Environment PCI Compliant?
No.
You should be using Test Card Numbers when testing in the Sandbox Environment. You should never use a real Card Number in the Sandbox Environment. See Samples - Test Cards where we provide various Test Card Numbers...
SSL/TLS Configuration?
We use Qualys SSL Server Test to check our SSL/TLS configuration on all internet facing systems:
WAF, Web Application Firewall, protection?
We have a WAF, Web Applicaiton Firewall, in front of all internet facing systems. So if our WAF detects something funny, such as something in the OWASP Top 10, your request will get rejected with SC=406.
Coding FAQ
As mentioned elsewhere multiple times:We may not be an expert in (or even have used) the language you are trying to use. We assume that you are an expert in the language you have selected to use.
With that said, here are some questions that we have encountered that might be helpful to you:
My Program doesn't work?
Please provide the full Request and Response. If there was an error, the full error message (exception) and if available any stack trace. The more details, the better we can help you, and the faster we can help you.
If you contact TabaPay support, please send your Request and Response:
Request should include:
- Date and Time of the Request and Time Zone (we have many Clients in many different parts of the world)
- URL
- Request Method (Get, Post, Put, or Delete)
- Request Data (JSON), if any
Response should include:
- HTTP Status Code
- Response Data, if any
- (usually) JSON
- (but can be) HTML
- Exception and Stack Trace, if any
SC=406
We have a WAF, Web Applicaiton Firewall, in front of all internet facing systems. So if our WAF detects something funny, such as something in the OWASP Top 10, your request will get rejected with SC=406.
SC=400
If you are getting a HTTP Status Code of 400 on the Production Environment, that usually means you are not handling these errors correctly on your end. We strongly recommend completing the Production Certification Test in its entirety, specifically the portion where we recommend integrating your application with our API calls.
Why you should never see SC=400 in Production?
All errors with a HTTP Status Code of 400 should have been caught before the API request is sent to us. We shouldn't have to return back a HTTP Status Code of 400. A HTTP Status Code of 400 means that something in your request is bad: Bad Request. You should not use us (API Request) to check for Customer entered data errors.
For example:
- Card Account Number
- Card Expiration Date
- Amount
- the Customer's Device
- to your Servers
- to our Servers
- negative response (400) back to your Servers
- and then finally some error message back to the Customer's Device
- Card Account Number
- or Card Expiration Date
- or Amount
- Immediate
- Interactive
- Responsive
- JavaScript code
- Swift (or Objective-C) code on iOS
- or Java code on Android
Even if an error gets past the code on the Customer's Device and goes up to your Servers, your BackEnd Code on your Servers should also catch these obvious errors. That is two layers of code that should have caught the error, so that is why we say:
We should never have to return back a SC=400 in Production...
That is why you should test on the Sandbox Environment and pass the Certification Test completely.
PCI Helper - SSO FAQ
Is it possible to customize the SSO?
We have temporarily suspended the fully Customization of the SSO. We will provide a generic SSO that you can modify only a few things like:
- Font
- Color
What is the process of submitting a customized SSO?
See PCI Helper - SSO in Samples... But to summarize:
- You need to create a fully working HTML Page that meets our requirements (see PCI Helper - SSO in Samples...)
- Our QA will only do a cursory check and will reject any HTML Page that doesn't do the basic error checking:
- Check Card Number
- Check Expiration Date
- Check Security Code
- Going to your Servers or even going to our Servers to do basic error checking, in our belief, is not the correct way to handle this, see the Coding FAQ.
- We prefer not to have to do a lot of back and forth, so please QA your HTML Page before submitting to us
- You can contact us if you want our QA to help QA your HTML
- Remember that this is your HTML Page that you are presenting to your Customers.
- Our QA will only do a cursory check and will reject any HTML Page that doesn't do the basic error checking:
- Once our QA ok your HTML, your HTML Page is sent to our Build/Operations Department:
- Add the TabaPay specific code
- Move HTML Page to Sandbox Environment
- Again, our QA will do a cursory check
At this point you should QA (Test) your HTML Page and you can call the TabaPay API.
How long this takes will depend upon when we receive a working HTML Page. So how long is up to you. Deviating from our requirements will only cause delays.
Customization timeline and availability?
The reason why we will suspend the fully Customization of the SSO is Client Expectations... and our Expectations for the submitted SSO Web Page. Unfortunately there is a mismatch, so trying to clarify this mismatch, here are some points to consider beforehand to avoid the frustration by all sides with the process:
- Normally we only do a build of a Client's SSO Web Page on the weekends and have it available by End-of-Day Monday, Tuesday if Monday is a holiday
- We expect the Client to QA their own SSO Web Page
- We will reject a Client's SSO Web Page if we find a problem
- Like previously mention elsewhere, we do not want a lot of back and forth with the SSO Web Page
- We hope this would be the sequence of events:
- The Client reads the Developers WebSite to understand the SSO Web Page
- The Client can ask support for any clarification
- The Client develops their SSO Web Page
- The Client tests (QA) their SSO Web Page
- When the Client completes their testing, the Client submits their SSO Web Page
- TabaPay only does a cursory QA of the Client's SSO Web Page
- If TabaPay QA finds a problem with the Client's SSO Web Page, it will be rejected
- TabaPay builds the SSO Web Page
- TabaPay makes the SSO Web Page available by End-of-Day Monday (Tuesday if Monday is a holiday)
- The Clients can now test the completed SSO Web Page
Please Keep it SIMPLE, the more complex your SSO Web Page is, the harder it is for us to Add our Changes and Test our Changes. And having an abnormal SSO Web Page that is hard to Test will eventually be unTested and we will have to leave it to you to test the changes. So in the future, if you do have a difficult SSO Web Page, you will need to tell us how to test it or even give us tools to test it.
Just think, how many different SSO Web Pages we get, and each so very different, so far, none are similar. Just think how hard it is for us to try to change that code and then try to test it... Just think... Be in our shoes... So this is one reason why we will suspend the fully Customization of the SSO.
Compiling with the Google Closure Compiler?
We use the following options:
--compilation_level ADVANCED_OPTIMIZATIONS
We use Advanced Optimizations for reasons other than for size. Size is just a nice side benefit.Just like the HTML and CSS, we actually do not minify the HTML and CSS, but we pack them.
PCI Helper - RSA FAQ
RSA?
RSA is the most widely used asymmetric algorithm.
Using Encrypted Data in the TabaPay API Calls don't seem to be working?
Make sure you are using RSA with the Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding and the language you are using supports the correct (common usage) implementation of that transform.
Receiving a SC=500?
If you pass in an Encrypted Data that was encrypted incorrectly, you will get a SC=500.
What languages (and libraries, if any) work (or tested)?
We have first hand knowledge that the following languages (and libraries, if any) works:
- Java with a slight tweak using the built in RSA encryption
- Go using the built in RSA encryption
- JavaScript on a browser using the Web Cryptography API which is available in (all) modern browsers
- .NET
Is there an example, a working example?
See PCI Helper - RSA in Samples...
Clients WebSite FAQ
Limited availability coming soon...Passphrase
Refreshing Transaction Data
Refreshing the Transactions Web Page at intervals below 60 seconds does not do anything and just results in the same data being returned. Transaction Data is updated on the backends every 60 seconds.
Repeating trying to refresh Transaction Data may cause our WAF and/or IDS/IPS to blacklist you and eventually your access will be revoked.
Future FAQ
What are our Future Feature Plans?Clients WebSite
See Clients WebSite FAQ...
SSO
- Web Page to capture Card Number, Expiration Date, and Security Code
- Use a secure Keypad to enter the Card Number and Expiration Date
- Use a secure Card Swipe to capture the Card Number and Expiration Date
Authorization Tokens
- Authorization Tokens can Expire
- You will be able to change your Authorization Token