TabaPay Developers

Notices and Versions

Come here often and look for important information, including information about current and future releases...

Notices

Release v0.15.20180920 was deployed on 09/20/2018 and 09/29/2018 on the Sandbox Environment and Production Environment, respectvely.

There should be no expectations on the Sandbox Environment, see the FAQ for the Sandbox Environment. The Sandbox Environment uses Simulators, so the accuracy of these Simulators may not be exactly the same as you will see in Production. For example, AVS calls will most likely always return a Network Response Code of 85, we will change the Simulator in the near future to reflect this.

Ready for Production? Please read the Production FAQ.

We have multiple Environments:

Production
Sandbox
QA
Dev

The last two Environments are for TabaPay Internal Use Only.

We will try not to update this WebSite before the corresponding Code Release to the Sandbox Environment. However, this WebSite might be slightly ahead of the Code Release to the Sandbox and Production Environments. So some things that are described on this WebSite may not yet be available and working in the Environment you are using.

Operations Notes

On Sandbox Environment, your Client will now be limited to the IPs Whitelisted for that Client. If you have more than one Client, you will need to specify the IPs to be Whitelisted for each Client separately. This will also be implemented on the Production Environment soon...

Questions of the Month (or Answers of the Month):

The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.

If you need help, please contact support@TabaPay.com with the following:

Date and Time of the Request and Time Zone (we have many Clients in many different parts of the world)
URL
Request Data
HTTP Status Code
Response Data (if any, JSON or HTML)

In order to help us help you, please be as accurate as possible. Also, see the Coding FAQ.

WebSite Updates

This WebSite was last updated on 10/16/2018 at 08:39 PDT.

Versions

Click View Version Changes to see the major changes that were made for that version.

Version	Description	Environment
Version	Description	Dev / QA	Sandbox	Production
0.16	View possible Version Changes Hide Version Changes Clients Portal Limited/Restricted Clients Access Internal Changes Networks STAR Pulse MasterCard MoneySend Go	v0.16.201810XX ✔ Testing	v0.16.201810XX ✘ Not Yet	v0.16.201810XX ✘ Not Yet
0.15	View Version Changes Hide Version Changes Delete Transaction Reversal - Try a Void, if Void fails, try a Refund Void - Try a Void Only Use of either a 4-digit or 6-digit SubClientID... PCI Data Permissions for entering Card Numbers: In the Clear Using Encrypted Data from (API) Keys Using Card Tokens from SSO Using Device Blobs from P2PE Devices So for example, if you are not authorized to enter Card Numbers in the Clear, you won't be able to do that. Support for P2PE (Point-to-Point Encryption) Devices for the following API calls: Query Card Create Account Update Account Create Transaction AVS and Security Code (CVV2) Return Codes will now be returned when available (even on Error Conditions): Query Card Create Transaction PCI Helper - SSO Preview (under construction) of a very early possible Premium SSO Web Page PCI Helper - RSA How it works using an OpenSSL Example Clients Portal v0.07 Web Applications Internal Changes Networks Accel STAR Pulse Go	v0.15.20180920 ✔ Released	v0.15.20180920 ✔ Controlled Access	v0.15.20180920 ✔ Controlled Access
0.14	View Version Changes Hide Version Changes Create Transaction Lender option on Pull Transactions Quasi-Cash option on Pull Transactions PCI Helpers - SSO SSO Samples Modal Dialog Box Overlay Imbedded Form SSO Test Test your Custom SSO WebPage SSO Custom Web Page Step-by-Step Example SSO FAQ SSO Environments Sandbox Environment for: Development Testing Demos and Examples Porduction Environment Clients Portal v0.07 Clients Access v0.05 and v0.06 Accounting Limits Transactions Reversals Internal Changes Networks Accel STAR VisaFF Go	v0.14.20180628 ✔ Released	v0.14.20180628 ✔ Controlled Access	v0.14.20180628 ✔ Controlled Access
0.13 0.09	View Version Changes Hide Version Changes Fees Standardize on the number of decimal places to avoid rounding issues across multiple/different backend processes. Create Transaction Quasi-Cash option on Pull Transactions Delete Transaction Delete Transaction on Regional Networks: STAR and Accel RSA RSA Encryption Mode 2 will be the default and the only supported mode. Remove mode in Card Encrypted for the following API calls: Query Card Create Account Update Account Create Transaction Deprecating RSA Encryption Mode 1 (Java). For those using Java, a CryptoRSA class in TabaPayAPIHelpers.jar is available, see Java Samples. SSO Sample Initial SSO Sample Internal Changes Networks Accel STAR VisaFF Go	v0.13.20180416 v0.09.20180416 ✔ Released	v0.13.20180416 v0.09.20180416 ✔ Controlled Access	v0.13.20180416 v0.09.20180416 ✔ Controlled Access
0.12 0.08	View Version Changes Hide Version Changes Permissions Everything you do will now require the proper permissions Clients will specify what functionalities they will be needing Clients will be approved only for certain functionalities Clients will only need to certify for the approved functionalities Sample of some of the functionalities requiring permissions include: API Usage Network and Card Type Pull and Push Use of Soft Descriptor Create Transaction Pull and Push Soft Descriptor (Restricted Use) Reversal of a Pull Transaction Delete Transaction Retrieve Transaction Internal Changes Networks Accel Go	v0.12.20180212 v0.08.20180212 ✔ Released	v0.12.20180212 v0.08.20180212 ✔ Controlled Access	v0.12.20180212 v0.08.20180212 ✔ Controlled Access
0.11 0.07	View Version Changes Hide Version Changes Clients who are an ISO (Independent Sales Organization) will require a SubClientID on most API calls. See _ISO on the <ClientID_ISO> in the URL of an API call that will require the SubClientID. Query Card Create Account Retrieve Account Update Account Delete Account Create Transaction Retrieve Transaction Delete Transaction Restrict certain Characters in String values, see Data FAQ Create Transaction Batch Network Credit Cards Soft Descriptor (Restricted Use) Card Owner Address Fields are Optional But if you are required to fill them in for purposes such as AML, you will be disabled if these fields are missing. Please contact support@TabaPay.com if you do not know if it is required or not. Automatic AVS Check on a Pull Transaction Retrieve Transaction fees are returned for Successfully Completed Transactions Network Response Codes Accel Network uses 3-digit Response Codes Client Access v0.04 Transaction Reports Internal Changes Networks Credit Cards Go	v0.11.20180125 v0.07.20180125 ✔ Released	v0.11.20180125 v0.07.20180125 ✔ Controlled Access	v0.11.20180125 v0.07.20180125 ✔ Controlled Access
0.10 0.06	View Version Changes Hide Version Changes Create Key expiration has changed to days minimum time is now 1 day maximum time is now 365 days Query Card Multiple Options separator is now + (plus symbol) accountID can be specified instead of card Ability to reQuery a Card that was previously created in an Account But you should not Create an Account just to do a Query Card Inactive Accounts will automatically be deleted There is an extra charge (fee) for inactive accounts Excessive anti-pattern behavior will cause your Requests to fail and your Client to be Locked There is an extra charge (fee) for using Query Card There is an additional charge (fee) for using AVS Client specific Fees Create Transaction and Retrieve Transaction network is returned Create Transaction Account securityCode can be specified in pullOptions for Pull Transactions when using SourceAccountID Rolling 24-hours (daily) Approximation Limits Daily Limits are rolling 24-hours Daily Limits are only an approximation triggered at around 100% of your set limit Client specific Fees Client Access v0.03 Banks Internal Changes Go	v0.10.20171215 v0.06.20171215 ✔ Released	v0.10.20171215 v0.06.20171215 ✔ Limited Availability	v0.10.20171215 v0.06.20171215 ✔ Limited Availability
0.05	View Version Changes Hide Version Changes RSA Key Create Key Retrieve Key Delete Key JavaScript Encryption using RSA Query Card, Create Account, Update Account, Create Transaction card will accept encrypted Card Data encrypted with a RSA Public Key Create Transaction and Retrieve Transaction approvalCode is now returned Internal Changes: The only Network that cannot do a PUSH Transaction is MasterCard. All Networks can do a PULL Transaction.	v0.05.20171015 ✔ Released	v0.05.20171015 ✔ Limited Availability	v0.05.20171015 ✘ Restricted
0.04	View Version Changes Hide Version Changes Query Card AVS Internal Changes: Currently the only Network that can do a PUSH Transaction is Visa. All other Networks will result in a 500 Internal Server Error. All Networks can do a PULL Transaction. Environments: Sandbox Environment was rebuilt on 09/20/2017. New credentials will be required. Production Environment was also rebuilt starting on 09/16/2017 to the final configuration for our PCI QSA initial visit on 09/21/2017.	v0.04.20170920 ✔ Released	v0.04.20170920 ✔ Limited Availability	v0.04.20170920 ✘ Restricted
0.03	View Version Changes Hide Version Changes Simplify Client's Flow by no longer requiring the explicit encryption of sensitive (PCI) data. Resource (AES) Key is no longer required nor available Create Account Expiration Date is now required Create Transaction Expiration Date is now required softDescriptor is new and restricted	v0.03.20170823 ✔ Released	v0.03.20170823 ✔ Limited Availability	v0.03.20170823 ✘ Restricted
0.02	View Version Changes Hide Version Changes Retrieve Client networks.pull is optionally returned networks.push is optionally returned limits.pull.networks is optionally returned limits.push.networks is optionally returned Query Card Fees option is available fees is optionally returned Create Transaction type is new and required pullOptions is new but optional memo is new but optional timeout is new but optional fees is optionally returned	v0.02.20170805 ✔ Released	v0.02.20170805 ✔ Limited Availability	v0.02.20170805 ✘ Restricted
0.01	Initial Release	v0.01.20170711 ✔ Released	v0.01.20170711 ✔ Limited Availability	v0.01.20170711 ✘ Restricted

Developers WebSite

This WebSite is a SPA (Single Page Application), which means:

the Back button will not work as expected, navigation will require the use of the links on:
- the top right hand side of the page
- and the left hand side of the page
the complete WebSite can be used when you are offline (not connected to the internet)

If you use this WebSite offline, please be sure to check for any updates, WebSite Updates, above...

Terms and Conditions

By using this WebSite and/or using the software (API), you agree that neither this WebSite nor the information disclosed therein nor the software nor any part thereof shall be reproduced or transferred to other WebSites or documents nor used or disclosed for any purpose except as specifically authorized in writing by TabaPay.

This WebSite is preliminary and is subject to change.

TabaPay makes no representation or warranties, expressed or implied, as to the truth or accuracy of any information contain herein. This WebSite may include typographical errors and technical inaccuracies. This WebSite is provided "as is" and all expressed or implied conditions, representations and warranties, including any implied warranty of merchantability, fitness for a particular purpose, or non-infringement, are disclaimed; except to the extent that such disclaimers are held to be legally invalid.

The URLs and ResourceIDs specified on this WebSite are only used for illustrative purposes (temporary place holders and/or samples) and does not reflect the actual URLs and ResourceIDs to be used (in Sandbox or Production). Please contact TabaPay Support for the actual URLs and ResourceIDs to be used for your situation.

Overview

The TabaPay Web Service (API) is just a simple RESTful Web Service that uses standard HTTPS to:

connect
send request
receive response
disconnect

where the Request Data and the Response Data are formatted using standard JSON.

HTTP Header

Authorization: Bearer <TokenValue>
Content-type: application/json

HTTP Cookies

No cookies are used.

IP Whitelisting

Only the IP Addresses that you specify to us will work. Our Firewalls will block all non-whitelisted IP Addresses.

You will need to reverify your IP Addresses every year, otherwise they will be removed.

Client Certificate

Possible future support, but from past experience, no one really wanted to use Client Certificates.

Resources

The TabaPay Web Service (API) consist of the following resources and operations (methods):

Client

Retrieve (Get)

Card

Query (Post)

Account

Transaction

Some characteristics of a Resource are:

A Resource cannot be shared across Clients
A Resource is identified by a ResourceID
A Resource can be identified by multiple different ResourceIDs

Resource IDs

Some characteristics of a ResourceID are:

A ResourceID identifies a Resource
A ResourceID can expire (by the number of days since creation)
A ResourceID is 22 characters in length
A ResourceID is made up of only Base64 URL-Safe characters:
● A-Z
Uppercase alphabetic characters
● a-z
Lowercase alphabetic characters
● 0-9
Digits
● -
Minus Sign
● _
Underscore

Client

This resource represents a Client.

The only operation available for this resource is:

● Retrieve

Retrieves the attributes of a Client

Only TabaPay can:

● Create

● Update

including locking a Client

● Delete

a Client. If you need to Update your Client Information, please contact TabaPay support.

Retrieve Client

Retrieves the attributes of a Client.

URL

https://<FQDN>/v1/clients/<ClientID>

HTTP Method

GET

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	The Client's Attributes are returned.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name				Value	Description	Status Code
JSON Name				Value	Description	200	Other
SC				Integer 3-digits	HTTP Status Code	✔	O
EC				String 1 or 8-characters	Internal Error Code	✔	O
EM				String	Error Message		O
label				String (no whitespaces)	Client Label	✔
networks				object	List of Available Networks	✔
	pull			array of Strings	For Pull Transactions Array can be empty or is a List of Network Names	✔
	push			array of Strings	For Push Transactions Array can be empty or is a List of Network Names	✔
limits				object		✔
	currency			String 3-digits	ISO 4217 Currency Number	✔
	pull			object		✔
		transaction		String Amount	Pull Transaction Limit	✔
		daily		String Amount	Approximate Pull Daily Limit	✔
		networks		array of objects	List of Network Limits Network is listed only if different from above Pull Limits	O
			network	String	Network Name	✔
			transaction	String Amount	Network Pull Transaction Limit	✔
			daily	String Amount	Approximate Network Pull Daily Limit	✔
	push			object		✔
		transaction		String Amount	Push Transaction Limit	✔
		daily		String Amount	Approximate Push Daily Limit	✔
		networks		array of objects	List of Network Limits Network is listed only if different from above Push Limits	O
			network	String	Network Name	✔
			transaction	String Amount	Network Push Transaction Limit	✔
			daily	String Amount	Approximate Network Push Daily Limit	✔

View

Hide

Samples

Client's Attributes returned:

{
  "SC": 200,
  "EC": "0",
  "label": "ClientLabel",
  "networks":
  {
    "pull":
    [
      "STAR",
      "Visa"
    ],
    "push":
    [
      "STAR",
      "CU24",
      "Visa"
    ]
  },
  "limits":
  {
    "currency": "840",
    "pull":
    {
      "transaction": "0.25",
      "daily": "1.00"
    },
    "push":
    {
      "transaction": "0.25",
      "daily": "1.00",
      "networks":
      [
        {
          "network": "CU24",
          "transaction": "0.20",
          "daily": "1.00"
        }
      ]
    }
  }
}

Client not found:

{
  "SC": 404,
  "EC": "3A100000",
  "EM": "Not Found"
}

Client locked:

{
  "SC": 423,
  "EC": "3A100000",
  "EM": "Locked"
}

Notes

The Client Label is the human readable identifier used to identify you versus using your ClientID. It may be used:

in part of the file name for various Reports we generate for you, and
in part of the URL for access to the Client WebSite.

Key

This resource represents a RSA Encryption Key.

The operations that are available for this resource are:

● Create

Creates a Key

● Retrieve

Retrieves a Key

● Delete

Deletes a Key

Create Key

Creates a Key.

URL

https://<FQDN>/v1/clients/<ClientID>/keys

HTTP Method

POST

Request

Request Data

JSON Name			Value	Required	Default	Description
format			String	R		Public Key Response Format, either: ASN.1 Raw (Modulus and Public Exponent)
expiration			Integer Between 1 and 365	R		Key Expiration Time: Minimum of 1 day Maximum of 365 days

View

Hide

Samples

ASN.1

{
  "format": "ASN.1",
  "expiration": 365
}

Raw (Modulus and Public Exponent)

{
  "format": "Raw",
  "expiration": 365
}

Response

Status Codes

Status Code		Description
200	OK	A Key is created.
429	Too Many Requests	Created too many Keys Maximum of 2 per day and 367 per Year.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name	Value	Description	Status Code
			ASN.1	Raw	Other
			200	200	Other
SC	Integer 3-digits	HTTP Status Code	✔	✔	O
EC	String 1 or 8-characters	Internal Error Code	✔	✔	O
EM	String	Error Message			O
keyID	String 22-characters	KeyID	✔	✔
key	String	ASN.1 encoded in Base64 URL-Safe Character Set	✔
keyModulus	String	Modulus encoded in Base64 URL-Safe Character Set		✔
keyExponent	String	Public Exponent encoded in Base64 URL-Safe Character Set		✔
expiration	String	Key Expiration in yyyy-MM-ddTHH:mm:ssZ Format.	✔	✔

View

Hide

Samples

Key created returned in ASN.1 format:

{
  "SC": 200,
  "EC": "0",
  "keyID": "TabaPay_KeyID_22-chars",
  "key": "Base64_Encoded_Key",
  "expiration": "2017-04-03T00:00:00Z"
}

Key created returned in Raw format:

{
  "SC": 200,
  "EC": "0",
  "keyID": "TabaPay_KeyID_22-chars",
  "keyModulus": "Base64_Encoded_Modulus",
  "keyExponent": "Base64_Encoded_Exponent",
  "expiration": "2017-04-03T00:00:00Z"
}

Retrieve Key

Retrieves the Key.

URL

https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>?Format=ASN.1
https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>?Format=Raw

HTTP Method

GET

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	The Key is returned.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name	Value	Description	Status Code
			ASN.1	Raw	Other
			200	200	Other
SC	Integer 3-digits	HTTP Status Code	✔	✔	O
EC	String 1 or 8-characters	Internal Error Code	✔	✔	O
EM	String	Error Message			O
key	String	ASN.1 encoded in Base64 URL-Safe Character Set	✔
keyModulus	String	Modulus encoded in Base64 URL-Safe Character Set		✔
keyExponent	String	Public Exponent encoded in Base64 URL-Safe Character Set		✔
expiration	String	Key Expiration in yyyy-MM-ddTHH:mm:ssZ Format.	✔	✔

View

Hide

Samples

Key returned in ASN.1 format:

{
  "SC": 200,
  "EC": "0",
  "keyID": "TabaPay_KeyID_22-chars",
  "key": "Base64_Encoded_Key",
  "expiration": "2017-04-03T00:00:00Z"
}

Key returned in Raw format:

{
  "SC": 200,
  "EC": "0",
  "keyID": "TabaPay_KeyID_22-chars",
  "keyModulus": "Base64_Encoded_Modulus",
  "keyExponent": "Base64_Encoded_Exponent",
  "expiration": "2017-04-03T00:00:00Z"
}

Notes

The default Format is Raw.

Delete Key

Deletes a Key.

URL

https://<FQDN>/v1/clients/<ClientID>/keys/<KeyID>

HTTP Method

DELETE

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	The Key is marked for deletion.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name	Value	Description	Status Code
JSON Name	Value	Description	200	Other
SC	Integer 3-digits	HTTP Status Code	✔	O
EC	String 1 or 8-characters	Internal Error Code	✔	O
EM	String	Error Message		O

View

Hide

Samples

Key deleted:

{
  "SC": 200,
  "EC": "0"
}

Key not found:

{
  "SC": 404,
  "EC": "10000000"
}

Key already marked for deletion:

{
  "SC": 410,
  "EC": "50000000"
}

Notes

Keys are automatically deleted after their expiration.

Card

This resource represents a Payment Card (Debit Card, PrePaid Card, or Credit Card).

The only operation available for this resource is:

● Query

Returns the attributes for the requested Payment Card

Query Card

Returns the attributes for the requested Payment Card. Optionally:

AVS Check (Address Verification)
Fees Check
Verify Name with Phone Number

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/cards
https://<FQDN>/v1/clients/<ClientID_ISO>/cards?AVS

https://<FQDN>/v1/clients/<ClientID_ISO>/cards?Verify

https://<FQDN>/v1/clients/<ClientID_ISO>/cards?Fees

https://<FQDN>/v1/clients/<ClientID_ISO>/cards?AVS+Verify

https://<FQDN>/v1/clients/<ClientID_ISO>/cards?AVS+Fees

https://<FQDN>/v1/clients/<ClientID_ISO>/cards?Verify+Fees
https://<FQDN>/v1/clients/<ClientID_ISO>/cards?AVS+Verify+Fees

HTTP Method

POST

Request

Request Data

JSON Name			Value	Required	Default	Description	Conditional
account			object	CR		Either Account or Card	Account
	accountID		String 22 characters	R		AccountID	Account
	securityCode		String 3-4 digits	O		CVV2	Account AVS
card			object	CR		Either Account or Card Either Payment Card Not Encrypted: accountNumber expirationDate securityCode or Payment Card Encrypted: keyID mode data or Card Token (Restricted Usage): token or Device (Restricted Usage): id blob	Card Data Encrypted?
	accountNumber		String 13-19 digits	R n		Payment Card Account Number	Card Not Encrypted
	expirationDate		String YYYYMM Format	O n R_AVS		Expiration Date	Card Not Encrypted AVS
	securityCode		String 3-4 digits	O n		CVV2	Card Not Encrypted AVS
	keyID		String 22 characters	R e		KeyID	Card Encrypted
	mode		Integer 0, 1, or 2	D e	2	Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256	Card Encrypted
	data		String	R e		Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set	Card Encrypted
	token		String	® t		Card Token (from SSO) Restricted Usage	Card Token
	device		object	® d		Card Data from P2PE Device Restricted Usage	Device
		id	String	® d		Device Identifier	Device
		blob	Hex String	® d		Blob in Hex	Device
owner			object	C		Card Holder	AVS / Verify
	name		object	C		Name on Card	Verify
		first	String	R		First Name	Verify
		middle	String	O		Middle Name or Initial	Verify
		last	String	R		Last Name	Verify
		suffix	String	O		Suffix	Verify
	address		object	C		Billing Address	AVS
		line1	String	O		Address Line 1, for AVS, see notes below	AVS
		line2	String	O		Address Line 2	AVS
		city	String	O		City	AVS
		state	String 2-character code	O		State Code	AVS
		zipcode	String	R		Zip Code	AVS
		country	String 3-digit code	O	840	ISO 3166-1 Country Code	AVS
	phone		object	C		Phone Number (E.164 Numbering)	Verify
		countryCode	String 1-3 digits	O	1	Country Calling Code	Verify
		number	String Min: 4 digits Max: 12-14 digits	R		Phone Number	Verify
currency			String 3-digits	O	840	ISO 4217 Currency Number	Fees Check
amount			String Amount	C		Amount of Transaction	Fees Check
timeout			Number Integer	O	39	Maximum time to wait for AVS and/or Verify Response	AVS / Verify

(Encrypted) Card Data

Field	Required	Description	UnEncrypted Card Data Format
Card Number	R	13-19 digit Card Number	CardNumber \| Expiration Date \| Security Code (no spaces, pipe symbol separated) see samples
Expiration Date	O R_AVS	Expiration date in YYYYMM Format
Security Code	O	3 or 4 digit CVV2

View

Hide

Samples

Query Card:

{
  "card":
  {
    "accountNumber": "9999999999999999"
  }
}

Query Card using Encrypted Data:

{
  "card":
  {
    "keyID": "TabaPay_KeyID_22-chars",
    "data": "Base64_Encoded_Encrypted_Data"
  }
}

Query Card using AccountID:

{
  "account":
  {
    "accountID": "TabaPay_AccountID_22ch"
  }
}

Query Card and Fees Check:

{
  "card":
  {
    "accountNumber": "9999999999999999"
  },
  "amount": "0.50"
}

Unencrypted Card Data:

1111111111111111||

where

Card Number:     1111111111111111
Expiration Date: None
Security Code:   None

1111111111111111|203001|

where

Card Number:     1111111111111111
Expiration Date: January 2030
Security Code:   None

1111111111111111|203001|333

where

Card Number:     1111111111111111
Expiration Date: January 2030
Security Code:   333

1111111111111111||333

where

Card Number:     1111111111111111
Expiration Date: None
Security Code:   333

Response

Status Codes

Status Code		Description
200	OK	The Payment Card's Attributes are returned.
207	Multi-Status	One or more Failures occurred while processing the Request.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name			Value	Description	Status Code			Conditional
JSON Name			Value	Description	200	207	Other	Conditional
SC			Integer 3-digits	HTTP Status Code	✔	✔	O
EC			String 1 or 8-characters	Internal Error Code	✔	✔	O
EM			String	Error Message			O
card			object	Card Attributes	✔	✔
	pull		object	Debit Transaction	✔	✔
		enabled	Boolean		✔	✔
		network	String		O	O
		type	String	Credit, Debit, Prepaid	O	O
		regulated	Boolean		O	O
		currency	String 3-digits	ISO 4217 Currency Number	O	O
		country	String 3-digit code	ISO 3166-1 Country Code	O	O
	push		object	Credit Transaction	✔	✔
		enabled	Boolean		✔	✔
		network	String		O	O
		type	String	Credit, Debit, Prepaid	O	O
		availability	String	Estimated Funds Availability	O	O
		regulated	Boolean		O	O
		currency	String 3-digits	ISO 4217 Currency Number	O	O
		country	String 3-digit code	ISO 3166-1 Country Code	O	O
AVS			object	AVS Results	C	C		AVS
	networkRC		String 2 or 3-character code	Network Response Code	✔	O		AVS
	authorizeID		String	ID	✔	O		AVS
	resultText		String	AVS Result Text	✔	O		AVS
	codeAVS		String	AVS Response Code	✔	O		AVS
	codeSecurityCode		String	Security Code Response Code	✔	O		AVS
	EC		String 1 or 8-characters	Internal Error Code		O		AVS
fees			object	Fees Check	C	C		Fees Check
	pull		object	Debit Transaction	O	O		Fees Check
		interchange	String Amount	Interchange Fees	✔	✔		Fees Check
		network	String Amount	Network Fees	✔	✔		Fees Check
		tabapay	String Amount	TabaPay Fees	✔	✔		Fees Check
	push		object	Credit Transaction	O	O		Fees Check
		interchange	String Amount	Interchange Fees	✔	✔		Fees Check
		network	String Amount	Network Fees	✔	✔		Fees Check
		tabapay	String Amount	TabaPay Fees	✔	✔		Fees Check

View

Hide

Samples

Query Card:

{
  "SC": 200,
  "EC": "0",
  "card":
  {
    "pull":
    {
      "enabled": true,
      "network": "Visa",
      "type": "Debit",
      "regulated": true,
      "currency": "840",
      "country": "840"
    },
    "push":
    {
      "enabled": true,
      "network": "Visa",
      "type": "Debit",
      "regulated": true,
      "currency": "840",
      "country": "840",
      "availability": "Immediate"
    }
  }
}

Query Card (pull disabled):

{
  "SC": 200,
  "EC": "0",
  "card":
  {
    "pull":
    {
      "enabled": false
    },
    "push":
    {
      "enabled": true,
      "network": "Visa",
      "type": "Debit",
      "regulated": true,
      "currency": "840",
      "country": "840",
      "availability": "Immediate"
    }
  }
}

Query Card (push disabled):

{
  "SC": 200,
  "EC": "0",
  "card":
  {
    "pull":
    {
      "enabled": true,
      "network": "Visa",
      "type": "Debit",
      "regulated": true,
      "currency": "840",
      "country": "840"
    },
    "push":
    {
      "enabled": false
    }
  }
}

Query Card (disabled/unsupported):

{
  "SC": 200,
  "EC": "0",
  "card":
  {
    "pull":
    {
      "enabled": false
    },
    "push":
    {
      "enabled": false
    }
  }
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

There is an extra charge (fee) for using Query Card and there is also an additional charge (fee) for using AVS.

Creating an Account just to do a Query Card is not the valid way to use our API (it is an Anti-Pattern). As we try to show in the Sample Flows: Query Card should be done first before Creating an Account, this is the correct Pattern (or use of our API).

Creating unused and/or inactive Accounts will result in:

These Account incurring an extra charge (fee)
These Account being automatically deleted

Excessive Anti-Pattern behavior will result in:

Your Requests failing
Your Client being locked

If using Account, only:

Card Account Number
Expiration Date (for AVS)

are obtained from the Account for use.

For AVS:

Security Code
Owner Address

are obtained from the request.

For Verify:

Owner Name
Owner Phone

are obtained from the request.

For AVS, Address Line 1 is optional, but you will get an AVS Code that says only Zip Code was matched (or not) and Address was not matched.

The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.

card.mode	Description
0	RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure
1	Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding
2	(non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.

Account

This resource represents a Client's Account.

The operations that are available for this resource are:

● Create

Creates an Account containing a Payment Card Account Number

● Retrieve

Retrieves an Account, but the full Payment Card Account Number is never returned

● Update

Updates an Account

● Delete

Deletes an Account

Create Account

Creates an Account.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/accounts

HTTP Method

POST

Request

Request Data

JSON Name			Value	Required	Default	Description	Conditional
referenceID			String 1-15 characters	R		Your unique Reference ID
card			object	R		Either Payment Card Not Encrypted: accountNumber expirationDate or Payment Card Encrypted: keyID mode data or Card Token (Restricted Usage): token or Device (Restricted Usage): id blob	Payment Card
	accountNumber		String 13-19 digits	R n		Payment Card Account Number	Payment Card Not Encrypted
	expirationDate		String YYYYMM Format	R n		Expiration Date	Payment Card Not Encrypted
	keyID		String 22 characters	R e		KeyID	Payment Card Encrypted
	mode		Integer 0, 1, or 2	D e	2	Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256	Payment Card Encrypted
	data		String	R e		Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set	Payment Card Encrypted
	token		String	® t		Card Token (from SSO) Restricted Usage	Card Token
	device		object	® d		Card Data from P2PE Device Restricted Usage	Device
		id	String	® d		Device Identifier	Device
		blob	Hex String	® d		Blob in Hex	Device
owner			object	R		Account Owner
	name		object	R		Name
		first	String	R		First Name
		middle	String	O		Middle Name or Initial
		last	String	R		Last Name
		suffix	String	O		Suffix
	address		object	O		Address
		line1	String	R		Address Line 1
		line2	String	O		Address Line 2
		city	String	R		City
		state	String 2-character code	R		State Code	840
		zipcode	String	R		Zip Code	840
		country	String 3-digit code	O	840	ISO 3166-1 Country Code	840
	phone		object	O		Phone Number (E.164 Numbering)	840
		countryCode	String 1-3 digits	O	1	Country Calling Code	840
		number	String Min: 4 digits Max: 12-14 digits	R		Phone Number	840

(Encrypted) Card Data

Field	Required	Description	UnEncrypted Card Data Format
Card Number	R	13-19 digit Card Number	CardNumber \| Expiration Date \| (no spaces, pipe symbol separated) see samples
Expiration Date	R	Expiration date in YYYYMM Format

View

Hide

Samples

Create Payment Card Account:

{
  "referenceID": "1",
  "card":
  {
    "accountNumber": "9999999999999999",
    "expirationDate": "202012"
  },
  "owner":
  {
    "name":
    {
      "first": "John",
      "last": "Customer"
    },
    "address":
    {
      "line1": "465 Fairchild Drive",
      "line2": "Suite #222",
      "city": "Mountain View",
      "state": "CA",
      "zipcode": "94043"
    },
    "phone":
    {
      "number": "4159808222"
    }
  }
}

Unencrypted Card Data:

1111111111111111|203001|

where

Card Number:     1111111111111111
Expiration Date: January 2030

Response

Status Codes

Status Code		Description
200	OK	An Account is Created.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name	Value	Description	Status Code
JSON Name	Value	Description	200	Other
SC	Integer 3-digits	HTTP Status Code	✔	O
EC	String 1 or 8-characters	Internal Error Code	✔	O
EM	String	Error Message		O
accountID	String 22-characters	AccountID	✔

View

Hide

Samples

Account created:

{
  "SC": 200,
  "EC": "0",
  "accountID": "TabaPay_AccountID_22ch"
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

Creating unused and/or inactive Accounts will result in:

These Account incurring an extra charge (fee)
These Account being automatically deleted

Excessive Anti-Pattern behavior will result in:

Your Requests failing
Your Client being locked

card.mode	Description
0	RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure
1	Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding
2	(non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.

Retrieve Account

Retrieves the Account.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/accounts/<AccountID>
https://<FQDN>/v1/clients/<ClientID_ISO>/accounts?referenceID=<ReferenceID>

HTTP Method

GET

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	The Account is retrieved.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name			Value	Description	Status Code
					AID	RID	Other
					200	200	Other
SC			Integer 3-digits	HTTP Status Code	✔	✔	O
EC			String 1 or 8-characters	Internal Error Code	✔	✔	O
EM			String	Error Message			O
referenceID			String	ReferenceID	✔
accountID			String 22-characters	AccountID		✔
card			object	Card	O	O
	last4		String 4-digits	Last 4 of Card Number	O	O
	expirationDate		String 6-digits	Expiration Date	O	O
owner			object	Account Owner	✔	✔
	name		object	Name	✔	✔
		first	String	First Name	✔	✔
		middle	String	Middle Name or Initial	O	O
		last	String	Last Name	✔	✔
		suffix	String	Suffix	O	O
	address		object	Address	O	O
		line1	String	Address Line 1	✔	✔
		line2	String	Address Line 2	O	O
		city	String	City	✔	✔
		state	String 2-character code	State Code	✔	✔
		zipcode	String	Zip Code	✔	✔
		country	String 3-digit code	ISO 3166-1 Country Code	O	O
	phone		object	Phone Number (E.164 Numbering)	O	O
		countryCode	String 1-3 digits	Country Calling Code	O	O
		number	String Min: 4 digits Max: 12-14 digits	Phone Number	✔	✔

View

Hide

Samples

Account retrieved using AccountID:

{
  "SC": 200,
  "EC": "0",
  "referenceID": "1",
  "card":
  {
    "last4": "9990",
    "expirationDate": "202012"
  },
  "owner":
  {
    "name":
    {
      "first": "John",
      "last": "Customer"
    },
    "address":
    {
      "line1": "465 Fairchild Drive",
      "line2": "Suite #222",
      "city": "Mountain View",
      "state": "CA",
      "zipcode": "94043"
    },
    "phone":
    {
      "number": "4159808222"
    }
  }
}

Account retrieved using ReferenceID:

{
  "SC": 200,
  "EC": "0",
  "accountID": "TabaPay_AccountID_22ch",
  "owner":
  {
    "name":
    {
      "first": "John",
      "last": "Customer"
    },
    "address":
    {
      "line1": "465 Fairchild Drive",
      "line2": "Suite #222",
      "city": "Mountain View",
      "state": "CA",
      "zipcode": "94043"
    },
    "phone":
    {
      "number": "4159808222"
    }
  }
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

Update Account

Updates the Account.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/accounts/<AccountID>

HTTP Method

PUT

Request

Request Data

JSON Name			Value	Required	Default	Description	Conditional
card			object	R		Either Payment Card Not Encrypted: accountNumber expirationDate or Payment Card Encrypted: keyID mode data or Card Token (Restricted Usage): token or Device (Restricted Usage): id blob	Payment Card
	accountNumber		String 13-19 digits	R n		Payment Card Account Number	Payment Card Not Encrypted
	expirationDate		String YYYYMM Format	R n		ExpirationDate	Payment Card Not Encrypted
	keyID		String 22 characters	R e		KeyID	Payment Card Encrypted
	mode		Integer 0, 1, or 2	D e	2	Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256	Payment Card Encrypted
	data		String	R e		Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set	Payment Card Encrypted
	token		String	® t		Card Token (from SSO) Restricted Usage	Card Token
	device		object	® d		Card Data from P2PE Device Restricted Usage	Device
		id	String	® d		Device Identifier	Device
		blob	Hex String	® d		Blob in Hex	Device
owner			object	R		Account Owner
	name		object	R		Name
		first	String	R		First Name
		middle	String	O		Middle Name or Initial
		last	String	R		Last Name
		suffix	String	O		Suffix
	address		object	O		Address
		line1	String	R		Address Line 1
		line2	String	O		Address Line 2
		city	String	R		City
		state	String 2-character code	R		State Code	840
		zipcode	String	R		Zip Code	840
		country	String 3-digit code	O	840	ISO 3166-1 Country Code	840
	phone		object	O		Phone Number (E.164 Numbering)	840
		countryCode	String 1-3 digits	O	1	Country Calling Code	840
		number	String Min: 4 digits Max: 12-14 digits	R		Phone Number	840

(Encrypted) Card Data

Field	Required	Description	UnEncrypted Card Data Format
Card Number	R	13-19 digit Card Number	CardNumber \| Expiration Date \| (no spaces, pipe symbol separated) see samples
Expiration Date	R	Expiration date in YYYYMM Format

View

Hide

Samples

Update Payment Card Account:

{
  "card":
  {
    "accountNumber": "9999999999999999",
    "expirationDate": "202012"
  },
  "owner":
  {
    "name":
    {
      "first": "John",
      "last": "Customer"
    },
    "address":
    {
      "line1": "465 Fairchild Drive",
      "line2": "Suite #222",
      "city": "Mountain View",
      "state": "CA",
      "zipcode": "94043"
    },
    "phone":
    {
      "number": "4159808222"
    }
  }
}

Unencrypted Card Data:

1111111111111111|203001|

where

Card Number:     1111111111111111
Expiration Date: January 2030

Response

Status Codes

Status Code		Description
200	OK	The Account is Updated.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name	Value	Description	Status Code
JSON Name	Value	Description	200	Other
SC	Integer 3-digits	HTTP Status Code	✔	O
EC	String 1 or 8-characters	Internal Error Code	✔	O
EM	String	Error Message		O

View

Hide

Samples

Account updated:

{
  "SC": 200,
  "EC": "0"
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

Update will delete the previous Account Data and replace the Account Data with the new Data in the Request. An Update Account is basically a Create Account but reusing the AccountID and the ReferenceID. The previous Account Data is deleted and is no longer usable or recoverable.

card.mode	Description
0	RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure
1	Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding
2	(non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.

Delete Account

The Account is marked for Deletion.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/accounts/<AccountID>

HTTP Method

DELETE

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	The Account is marked for deletion.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name	Value	Description	Status Code
JSON Name	Value	Description	200	Other
SC	Integer 3-digits	HTTP Status Code	✔	O
EC	String 1 or 8-characters	Internal Error Code	✔	O
EM	String	Error Message		O

View

Hide

Samples

Account marked for deletion:

{
  "SC": 200,
  "EC": "0"
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

Transaction

This resource represents a Client's Transaction.

The operations that are available for this resource are:

● Create

Creates a Transaction

● Retrieve

Retrieves a Transaction

● Delete

Deletes a Transaction

Create Transaction

Creates a Transaction.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/transactions

HTTP Method

POST

Request

Request Data

JSON Name					Value	Required	Default	Description	Choice
referenceID					String 1-15 characters	R		Your unique Reference ID
correspondingID					String 22 characters	O		Corresponding TransactionID (For a Pull Transaction, this would be the corresponding Push Transaction)
type					String 4 characters Either push or pull	R		Transaction Type This is used to verify that your Source and Destination Accounts are valid.
accounts					object	R		Accounts
	sourceAccountID				String 22 characters	CR		Either Source AccountID or Source Account	SAID
	sourceAccount				object	CR		Either Source AccountID or Source Account	SA
		card			object	R		Either Payment Card Not Encrypted: accountNumber expirationDate securityCode or Payment Card Encrypted: keyID mode data or Card Token (Restricted Usage): token or Device (Restricted Usage): id blob	SA PC
			accountNumber		String 13-19 digits	R n		Payment Card Account Number	SA PC Not Encrypted
			expirationDate		String YYYYMM Format	R n		Expiration Date	SA PC Not Encrypted
			securityCode		String 3-4 digits	O n		Security Code	SA PC Not Encrypted
			keyID		String 22 characters	R e		KeyID	SA PC Encrypted
			mode		Integer 0, 1, or 2	D e	2	Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256	SA PC Encrypted
			data		String	R e		Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set	SA PC Encrypted
			token		String	® t		Card Token (from SSO) Restricted Usage	Card Token
			device		object	® d		Card Data from P2PE Device Restricted Usage	Device
				id	String	® d		Device Identifier	Device
				blob	Hex String	® d		Blob in Hex	Device
		owner			object	R		Account Owner	SA
			name		object	R		Name	SA
				first	String	R		First Name	SA
				middle	String	O		Middle Name or Initial	SA
				last	String	R		Last Name	SA
				suffix	String	O		Suffix	SA
			address		object	O		Address	SA
				line1	String	O		Address Line 1	SA
				line2	String	O		Address Line 2	SA
				city	String	O		City	SA
				state	String 2-character code	O		State Code	SA
				zipcode	String	O		Zip Code	SA
				country	String 3-digit code	O	840	ISO 3166-1 Country Code	SA
			phone		object	O		Phone Number (E.164 Numbering)	SA
				countryCode	String 1-3 digits	O	1	Country Calling Code	SA
				number	String Min: 4 digits Max: 12-14 digits	R		Phone Number	SA
	destinationAccountID				String 22 characters	CR		Either Destination AccountID or Destination Account	DAID
	destinationAccount				object	CR		Either Destination AccountID or Destination Account	DA PC
		card			object	R		Either Payment Card Not Encrypted: accountNumber expirationDate securityCode or Payment Card Encrypted: keyID mode data or Card Token (Restricted Usage): token or Device (Restricted Usage): id blob	DA PC
			accountNumber		String 13-19 digits	R n		Payment Card Account Number	DA PC Not Encrypted
			expirationDate		String YYYYMM Format	R n		Expiration Date	DA PC Not Encrypted
			securityCode		String 3-4 digits	O n		CVV2	DA PC Not Encrypted
			keyID		String 22 characters	R e		KeyID	DA PC Encrypted
			mode		Integer 0, 1, or 2	D e	2	Encryption Mode (Transformation) 0 = PKCS#1 v1.5 1 = Java OAEP 2 = OAEP SHA-256	DA PC Encrypted
			data		String	R e		Encrypted Card Data, see below encoded in Base64 URL-Safe Character Set	DA PC Encrypted
			token		String	® t		Card Token (from SSO) Restricted Usage	Card Token
			device		object	® d		Card Data from P2PE Device Restricted Usage	Device
				id	String	® d		Device Identifier	Device
				blob	Hex String	® d		Blob in Hex	Device
		owner			object	R		Account Owner	DA
			name		object	R		Name	DA
				first	String	R		First Name	DA
				middle	String	O		Middle Name or Initial	DA
				last	String	R		Last Name	DA
				suffix	String	O		Suffix	DA
			address		object	O		Address	DA
				line1	String	O		Address Line 1	DA
				line2	String	O		Address Line 2	DA
				city	String	O		City	DA
				state	String 2-character code	O		State Code	DA
				zipcode	String	O		Zip Code	DA
				country	String 3-digit code	O	840	ISO 3166-1 Country Code	DA
			phone		object	O		Phone Number (E.164 Numbering)	DA
				countryCode	String 1-3 digits	O	1	Country Calling Code	DA
				number	String Min: 4 digits Max: 12-14 digits	R		Phone Number	DA
currency					String 3-digits	O	840	ISO 4217 Currency Number
amount					String Amount	R		Transaction Amount
memo					String Max of 32 characters	O		Memo
pullOptions					object	O		Additional Pull Options
	lender				Boolean	O		Lender
	quasiCash				Boolean	O		Quasi-Cash
	securityCode				String 3-4 digits	O		CVV2 Valid only when using sourceAccountID (Pull)
	recurring				Boolean	O		Recurring Pull Transaction
	3dsECI				String	O		3d Secure ECI (Electronic Commerce Indicator)
	3dsUCAF				String	O		3d Secure UCAF (Universal Cardholder Authentication Field) Visa uses CAVV (Cardholder Authentication Verification Value) MasterCard uses AAV (Accountholder Authentication Value)
	3dsXID				String	O		3d Secure XID (Transaction ID)
softDescriptor					object	®		Soft Descriptor Restricted Usage	®
	name				String	R		Name	®
	address				object	R		Address	®
		line1			String	R		Address Line 1	®
		line2			String	O		Address Line 2	®
		city			String	R		City	®
		county			String 3-characters	R		County	®
		state			String 2-character code	R		State Code	®
		zipcode			String	R		Zip Code	®
		country			String 3-digit code	O	840	ISO 3166-1 Country Code	®
	phone				object	O		Phone Number (E.164 Numbering)	®
		countryCode			String 1-3 digits	O	1	Country Calling Code	®
		number			String Min: 4 digits Max: 12-14 digits	R		Phone Number	®
location					object	O		Location of the Origination of Transaction
	name				String	R		Location Name
	address				object	R		Location Address
		line1			String	R		Address Line 1
		line2			String	O		Address Line 2
		city			String	R		City
		state			String 2-character code	R		State Code
		zipcode			String	R		Zip Code
		country			String 3-digit code	O	840	ISO 3166-1 Country Code
timeout					Integer Between 1 and 39	O	39	Time to wait for a response Default is 39 seconds See Notes Below...

(Encrypted) Card Data

Field	Required	Description	UnEncrypted Card Data Format
Card Number	R	13-19 digit Card Number	CardNumber \| Expiration Date \| Security Code (no spaces, pipe symbol separated) see samples
Expiration Date	R	Expiration date in YYYYMM Format
Security Code	O	3 or 4 digit CVV2

View

Hide

Samples

Create Transaction:

{
  "referenceID": "1",
  "type": "push",
  "accounts":
  {
    "sourceAccountID": "TabaPay_AccountID_22-c",
    "destinationAccountID": "TabaPay_AccountID_22-c"
  },
  "amount": "1.00",
  "currency": "840"
}

Create Pull Transaction:

{
  "referenceID": "1",
  "type": "pull",
  "accounts":
  {
    "sourceAccount":
    {
      "card":
      {
        "accountNumber": "9999999999999999",
        "expirationDate": "202012"
      },
      "owner":
      {
        "name":
        {
          "first": "John",
          "last": "Benson"
        },
        "address":
        {
          "line1": "465 Fairchild Drive",
          "line2": "Suite #222",
          "city": "Mountain View",
          "state": "CA",
          "zipcode": "94043"
        },
        "phone":
        {
          "number": "4159808222"
        }
      }
    },
    "destinationAccountID": "TabaPay_AccountID_22-c"
  },
  "currency": "840",
  "amount": "0.10"
}

Create Push Transaction:

{
  "referenceID": "1",
  "type": "push",
  "accounts":
  {
    "sourceAccountID": "TabaPay_AccountID_22-c",
    "destinationAccount":
    {
      "card":
      {
        "accountNumber": "9999999999999999",
        "expirationDate": "202012"
      },
      "owner":
      {
        "name":
        {
          "first": "John",
          "last": "Benson"
        },
        "address":
        {
          "line1": "465 Fairchild Drive",
          "line2": "Suite #222",
          "city": "Mountain View",
          "state": "CA",
          "zipcode": "94043"
        },
        "phone":
        {
          "number": "4159808222"
        }
      }
    }
  },
  "currency": "840",
  "amount": "0.10"
}

Unencrypted Card Data:

1111111111111111|203001|

where

Card Number:     1111111111111111
Expiration Date: January 2030
Security Code:   None

1111111111111111|203001|333

where

Card Number:     1111111111111111
Expiration Date: January 2030
Security Code:   333

Response

Status Codes

Status Code		Description
200	OK	A Transaction is created and processing is completed.
201	Created	A Transaction is created, but the transaction is waiting to be processed (batch).
207	Multi-Status	One or more Failures occurred while processing the Request.
429	Too Many Requests	Over your Daily (24-hour rolling) Approximation Limit.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name		Value	Description	Status Code
JSON Name		Value	Description	200	201	207	Other
SC		Integer 3-digits	HTTP Status Code	✔	✔	✔	O
EC		String 1 or 8-characters	Internal Error Code	✔	✔	✔	O
EM		String	Error Message			O	O
transactionID		String 22-characters	TransactionID	✔	✔	✔
network		String	Network	✔	✔	✔
networkRC		String 2 or 3-character code	Network Response Code	✔		O
status		String	Status	✔	✔	✔
approvalCode		String 6-characters	Approval Code	✔		O
errors		Array of 8-characters Strings	Array of Internal Error Codes			✔
AVS		object	AVS Results	C
	codeAVS	String	AVS Response Code	O
	codeSecurityCode	String	Security Code Response Code	O
fees		object	Estimated Fees	O	O
	interchange	String Amount	Interchange Fees	✔	✔
	network	String Amount	Network Fees	✔	✔
	tabapay	String Amount	TabaPay Fees	✔	✔

View

Hide

Samples

Transaction created:

{
  "SC": 200,
  "EC": "0",
  "transactionID": "TabaPay_TransactionID_",
  "network": "Visa",
  "networkRC": "00",
  "status": "COMPLETED",
  "approvalCode": "000000"
}

Transaction created but waiting to be processing (batch):

{
  "SC": 201,
  "EC": "0",
  "transactionID": "TabaPay_TransactionID_",
  "network": "CreditCards",
  "status": "PENDING"
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

One of the accounts in the Request, Source Account or Destination Account, must be your Settlement Account. If disbursing funds (push) the Source Account should be your Settlement Account. If collecting funds (pull) the Destination Account should be your Settlement Account.

On a Pull Transaction, specifying at least the Owner Address Line 1 and/or Owner Zip Code will result in an automatic AVS check which may result in lower fees. However, a bad AVS will not stop the Transaction. You should have previously done a Query Card with AVS to check the Card.

A Timeout does not STOP the Transaction from continuing to be processed. It does mean that the Transaction Status will be temporarily in an UNKNOWN status. The SC (Status Code) in the Response will be 207.

Once the Transaction finished processing, the Actual Status of the Transaction will be reflected. You can do a Retrieve Transaction to check on the actual Transaction Status. However, do not poll, otherwise you will get SC=429.

After 90 seconds, the Transaction Status will NOT change. We have given up waiting for a response. Most likely, the Transaction Status will remain in an UNKNOWN status. Contact TabaPay Support if you need us to investigate what really happened with this Transaction.

The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.

card.mode	Description
0	RSA with PKCS#1 v1.5 Padding, however this is considered to be insecure
1	Java RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding
2	(non-Java) RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Unfortunately, for RSA/ECB/OAEPWithSHA-256AndMGF1Padding, Java's implementation (as of Java 1.8) is currently incompatible with other implementations.

Retrieve Transaction

Retrieves the Transaction.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/transactions/<TransactionID>
https://<FQDN>/v1/clients/<ClientID_ISO>/transactions?referenceID=<ReferenceID>

HTTP Method

GET

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	The Transaction is retrieved.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name		Value	Description	Status Code
				TID	RID	Other
				200	200	Other
SC		Integer 3-digits	HTTP Status Code	✔	✔	O
EC		String 1 or 8-characters	Internal Error Code	✔	✔	O
EM		String	Error Message			O
transactionID		String 22-characters	TransactionID		✔
referenceID		String	ReferenceID	✔
network		String	Network	O	O
networkRC		String 2 or 3-character code	Network Response Code	O	O
status		String	Status	✔	✔
originally		String	Original Status	O	O
approvalCode		String 6-characters	Approval Code	O	O
errors		Array of 8-characters Strings	Array of Internal Error Codes	O	O
amount		String	Amount	✔	✔
currency		String 3-digits	ISO 4217 Currency Number	O	O
last4		String	Last 4 of Card Account Number (PAN)	✔	✔
memo		String	Memo	O	O
fees		object	Fees	O	O
	interchange	String Amount	Interchange Fees	✔	✔
	network	String Amount	Network Fees	✔	✔
	tabapay	String Amount	TabaPay Fees	✔	✔
reversalStatus		String	Reversal Status	O	O
reversal		object	Reversal	O	O
	networkRC	String 2 or 3-character code	Network Response Code	O	O
	error	String 1 or 8-characters	Internal Error Code	O	O

View

Hide

Samples

Transaction retrieved using TransactionID:

{
  "SC": 200,
  "EC": "0",
  "referenceID": "1",
  "network": "Visa",
  "networkRC": "00",
  "status": "COMPLETED",
  "approvalCode": "000000",
  "amount": "0.10",
  "fees":
  {
    "interchange": "0.50",
    "network": "0.50",
    "tabapay": "0.25"
  }
}

Transaction retrieved using ReferenceID:

{
  "SC": 200,
  "EC": "0",
  "transactionID": "TransactionID_22chars_",
  "network": "Visa",
  "networkRC": "00",
  "status": "COMPLETED",
  "approvalCode": "000000",
  "amount": "0.10",
  "fees":
  {
    "interchange": "0.50",
    "network": "0.50",
    "tabapay": "0.25"
  }
}

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

The Fees are only an estimation. The actual Fees will be shown on your daily settlement reports.

Delete Transaction

Try to request a reverse of a previous Pull Transaction.

If you are an ISO (Independent Sales Organization), you will need to specify a SubClientID.

URL

https://<FQDN>/v1/clients/<ClientID_ISO>/transactions/<TransactionID>?reversal
https://<FQDN>/v1/clients/<ClientID_ISO>/transactions/<TransactionID>?void

HTTP Method

DELETE

Request

No Request Data

Response

Status Codes

Status Code		Description
200	OK	A Request for a Reversal of the previous Transaction is successful.
207	Multi-Status	One or more Failures occurred while processing the Request.

See Status Codes for other possible Status Codes that might be returned.

Response Data

JSON Name		Value	Description	Status Code
JSON Name		Value	Description	200	207	Other
SC		Integer 3-digits	HTTP Status Code	✔	✔	O
EC		String 1 or 8-characters	Internal Error Code	✔	✔	O
EM		String	Error Message		O	O
status		String	Status	✔	✔
reversal		object	Reversal	✔	O
	networkRC	String 2 or 3-character code	Void Network Response Code	✔	O
	networkRC2	String 2 or 3-character code	Refund after failed Void Network Response Code	✔	O

View

Hide

Samples

Transaction reversed:

{
  "SC": 200,
  "EC": "0",
  "status": "COMPLETED",
  "reversal":
  {
    "networkRC": "00"
  }
}

Dual Message Network:

  {
    "SC": 200,
    "EC": "0",
    "status": "COMPLETED",
    "reversal":
    {
      "networkRC": "21",
      "networkRC2": "00"
    }
  }

Notes

For Clients who are an ISO (Independent Sales Organization), to specify your ClientID and a SubClientID, use the underscore character ("_") to separate the two values: <ClientID>_<SubClientID> where:

ClientID is your unique 22-character string and
SubClientID is an assigned 4 or 6-digit value.

You can only Delete (reverse) a Pull Transaction. A Delete is just only a request for a reversal. Dual Message Networks may cause a networkRC2 if the networkRC is either a Network Response Code of 21 or E9.

Networks

Network Name
STAR
Pulse
NYCE
CU24
Accel
Visa
MasterCard
Discover

Network Response Codes

A Financial Institution may decide to return a Network Response Code that may not match the ISO Code meaning.

ISO CODE	Description
00	Approved or completed successfully
01	Refer to card issuer
02	Refer to card issuers special conditions
03	Invalid merchant
04	Pick-up
05	Do not honor
06	Error
07	Pick-up card, special conditions
08	Honor with identification
09	Request in progress
10	Approved for partial amount
11	Approved (VIP)
12	Invalid transaction
13	Invalid amount
14	Invalid card number (no such number)
15	No such issuer
16	Approved, update track 3
17	Customer cancellation, reversal (unsupported)
18	Customer dispute, chargeback (future)
19	Re-enter transaction
20	Invalid response
21	No action taken, reversal (unsupported)
22	Suspected malfunction, reversal (unsupported)
23	Unacceptable transaction fee
24	File update not supported by receiver
25	Unable to locate record on file
26	Duplicate file update record, no action
27	File update field edit error
28	File update record locked out
29	File update not successful, contact acquirer
30	Format error (may also be a reversal)
31	Bank not supported by switch
32	Completed partially, reversal (unsupported)
33	Expired card, pick-up
34	Suspected fraud, pick-up
35	Card acceptor contact acquirer, pick-up
36	Restricted card, pick-up
37	Card acceptor call acquirer security, pick-up
38	Allowable PIN tries exceeded, pick-up
39	No credit account
40	Requested function not supported
41	Lost card, pick-up
42	No universal account
43	Stolen card, pick-up
44	No investment account
45	Reserved for ISO use
46	Reserved for ISO use
47	Reserved for ISO use
48	Reserved for ISO use
49	Reserved for ISO use
50	Reserved for ISO use
51	Insufficient funds
52	No checking account
53	No savings account
54	Expired card
55	Incorrect PIN
56	No card record
57	Transaction not permitted to cardholder
58	Transaction not permitted to terminal (may also be a chargeback)
59	Suspected fraud
60	Card acceptor contact acquirer
61	Exceeds withdrawal amount limit
62	Restricted card
63	Security violation (may also be a chargeback)
64	Original amount incorrect, reversal (unsupported)
65	Exceeds withdrawal frequency limit
66	Card acceptor call acquirer security
67	Hard capture, pick-up
68	Response received too late, reversal (unsupported)
69	Reserved for ISO
70	Reserved for ISO
71	Reserved for ISO
72	Reserved for ISO
73	Reserved for ISO
74	Reserved for ISO
75	Allowable number of PIN tries exceeded
76	Key synchronization error (FIS)
77	Reserved for private use
78	Customer not eligible for POS (Star SM )
79	Invalid digital signature
80	Stale dated transaction (Star SM )
81	Issuer requested standin
82	Count exceeds limit (VISANet)
83	Reserved for private use
84	Time limit for pre-authorization reached (VISANet)
85*	Issuer has no reason to decline the transaction (Account Verification)
86	Cannot verify PIN (VISANet)
87	Check already posted
88	Information not on file
89	Card verification value (CVV) verification failed (no pickup)
90	Cutoff is in progress
91	Issuer or switch is inoperative
92	Financial institution or intermediate network unknown for routing
93	Transaction cannot be completed, violation of law
94	Duplication transaction
95	Reconcile error
96	System malfunction
97	Reserved for national use
98	Reserved for national use
99*	Card network fault error
0Z-9Z	Reserved for ISO use
C2-E0	Reserved for national use (X9.2)
E1*	Invalid or unsupported SEC
E2*	AVS data required
E3*	CVV2 data required
E4*	Service not allowed. Transaction not permitted to cardholder.
E5*	Service not allowed. Transaction not permitted to cardholder.
E6*	Issuer country is blocked
E7*	Incorrect MAC was sent
E8*	Standard Entry Class requirements were not met
E9*	System time out
EA*	Account length error
EB*	Check digit error
EC*	CID format error
ED*	Authorization is too old to capture
EE*	Card product code is blocked Card product code is blocked
EF*	Attempt to process a BRIC transaction on a prior PIN based transaction
EG*	CyberSource Time Out Connection to CyberSource timed out
EH*	CARD_ENT_METH supplied is not valid or required additional data not provided as defined
EI*	CARD_ID is not valid
EJ*	Required PIN block not present
EK*	Bin is not valid for pinless routing
EL*	Signature store did not complete
EM*	Debit PIN transactions must be swiped
EN*	DB proxy response was not processed within the time out period
EO*	Transaction was declined by merchant due to mismatch of CVV2 data
EP*	Transaction not allowed as per a validation rule
EQ*	There were no available gateway nodes to route transaction
EZ-MZ	Reserved for national use (X9.2)
N0	Authorization life cycle unacceptable
N1	Authorization life cycle expired
N2	Non-receipt of requested item (future)
N3	Non-receipt of requested item, illegible copy (future)
N4	Transaction exceeds floor limit (future)
N5	Declined authorization (future)
N6	Non-matching account numbers (future)
N7	Error in addition (future)
N8	Altered amount (future)
N9	Incorrect account number (future)
P0	Missing signature (future)
P1	Slip without card imprint (future)
P2	Imprinting of multiple slips (future)
P3	Canceled pre-authorization transaction (future)
P4	Delinquent settlement (future)
P5	Currency conversion error (future)
P6	Credit posted as a debit (sale) (future)
P7	Claim or defense (future)
P8	Non-receipt of goods (future)
P9	Defective merchandise (future)
Q1*	Card authentication failed
R0	Fraudulent transaction prior to embossed valid date (future)
R1	Credit not received (future)
R2	Allowable PAN entries warning -- approved
R3	Approved with overdraft protection
R4	Bad CVV3
RR*	Unknown Backend Processing Error
S0	Check not acceptable for cash
S1	Check not acceptable
S2	Check deposit limit exceeded
S3	Cash back limit exceeded
S4	Check amount does not match courtesy amount
S5	PIN not selected
S6	PIN already selected
S7	Unmatched voucher information
S8	Allowable PAN entries exceeded -- denial
S9	Expiration date mismatch
SA	Inactive card
SB	Expiration date mismatch (card pickup)
SC	Item suspected for stop pay
SD	Account closed
SE	Ineligible account
SF	Item submitted more than two times
SG	No account on file - absolute
SH	Unable to locate
SI	General denial
SJ	Item settled via ACH
SK	Cross-reference card not found
SL	Category limit exceeded
SM	Transaction limit exceeded
SN	Daily limit exceeded
SO	Monthly limit exceeded
SP	Invalid secret code
SQ	PIN key sync error
SR	Bad CVV2
SS	Stop payment order
ST	Revocation of authorization order
SV	Stop reoccurring payments
T3	Lost card (no pickup)
T4	Closed account
T5	Dormant account
T6	Special conditions (no pick-up)
T7	Purchase only approval for purchase with cash back transaction.
T9	Insufficient funds for fees
TA	ARQC validation failed for chip card
TB	Unsafe PIN
U0-ZY	Reserved for private use
ZZ*	Used by TabaPay for Testing

Notes:

* Not all Networks may return this Network Response Code.

Accel Action Code	Description
000	Approved
001	Approved with identification
002	Approved for partial amount
003	Approved (VIP)
100, 200	Do not honor
101, 201	Expired card
102, 202	Suspected fraud
103, 203	Card acceptor contact acquirer
104, 204	Restricted card
105, 205	Card acceptor call acquirer’s security department
106, 206	Allowable PIN tries exceeded
107	Refer to card issuer
108	Refer to card issuer’s special condition
109	Invalid merchant
110	Invalid amount
111	Invalid card number
112	PIN data required
113	Unacceptable fee
114, 214	No account of type requested
115	Requested function not supported (invalid transaction)
116, 216	Insufficient funds
117, 217	Incorrect PIN
118	No card record
119	Transaction not permitted to cardholder
120	Transaction not permitted to terminal
121	Exceeds withdrawal amount limit
122	Security violation
123	Exceeds withdrawal limit frequency
124	Violation of law
126	Invalid PIN block
127	PIN length error
128	PIN key synchronization error (sanity error)
129	Suspected counterfeit card
130	Transaction failed OFAC check
131	Check not acceptable
180	Limit exceeded due to cashback amount
181	Enter lesser amount
182	Institution not supported by switch
183	Balances not available for inquiry
184	Resubmission in violation of network rules
185	Stop payment on check (shared branch only)
207	Special conditions
208	Lost card
209	Stolen card
210	Suspected counterfeit card
907	Card issuer or switch inoperative
908	Transaction destination cannot be found for routing
909	System malfunction
999	Used by TabaPay for Testing

AVS Response Codes

Response Code for AVS	Description
Y	Zip Code and Address were matched
Z	Zip Code was matched
N	Zip Code and Address were not matched
A	Zip Code was not matched but Address was matched
U	AVS Information not available
R	AVS unavailable, can retry later

Security Code Response Codes

Response Code for Securtiy Code	Description
M	Security Code was matched
N	Security Code was not matched

Internal Error Codes

EC	Description
0	OK
3A100000	Retrieve Client
3C300000	Query Card
3C400000	Create Account
3A400000	Retrieve Account
3B400000	Update Account
3D400000	Delete Account
3C500000	Create Transaction
3A500000	Retrieve Transaction
3B500000	Update Transaction
3D500000	Delete Transaction

Status Codes

Status Code		Description
200	OK	The API Request was successfully processed.
201	Created	Transaction Created, but Transaction Processing is Pending (batch).
207	Multi-Status	One or more upstream processing failed.
400	Bad Request	The ResourceID is invalid or The Request Data is invalid.
401	UnAuthorized	The Authorization Token is invalid or The IP Address is invalid (not whitelisted).
403	Forbidden	Invalid permissions to access the Resource, please contact TabaPay support.
404	Not Found	The ResourceID does not point to a valid Resource.
405	Method Not Allowed	Request Method Not Allowed for the Requested Resource.
406	Not Acceptable	Our Web Application Firewall (WAF) found something invalid in your request.
409	Conflict	ReferenceID already used or Conflicting Request Parameters.
410	Gone	The Resource pointed to by the ResourceID has been marked for deletion.
415	Unsupported Media Type	Content-type must be application/json.
422	Unprocessable Entity	The Resource pointed to by the ResourceID is in an invalid state or The Transaction Amount exceeded one or more Limits.
423	Locked	The Resource pointed to by the ResourceID is locked.
429	Too Many Requests	Retrieve: Too many requests, please do not poll. Create Transaction: Over your Daily (24-hour rolling) Approximation Limit.
431	Request Header Fields Too Large	Too many HTTP Header Lines and/or HTTP Header Lines too big.
500	Server Error	There was a problem processing the Request.
502	Bad Gateway	Problem connecting to an Application Server.
503	Service Unavailable	Your request cannot be processed, should be only a Temporary Condition.
504	Gateway Timeout	Connection to an Application Server timed out.

A 400 Series Error is usually something that you can fix by changing something in your request. A 500 Series Error is usually something that you need to contact us (support@TabaPay.com) to look at. If we determine that a 500 Series Error can be fixed by you, we will try to change this error situation to a 400 Series Error in a future code release.

Currency Numbers

We are using ISO 4217 Currency Numbers.

Currency Number	Currency Code	Currency Name
784	AED	United Arab Emirates dirham
971	AFN	Afghan afghani
008	ALL	Albanian lek
051	AMD	Armenian dram
532	ANG	Netherlands Antillean guilder
973	AOA	Angolan kwanza
032	ARS	Argentine peso
036	AUD	Australian dollar
533	AWG	Aruban florin
944	AZN	Azerbaijani manat
977	BAM	Bosnia and Herzegovina convertible mark
052	BBD	Barbados dollar
050	BDT	Bangladeshi taka
975	BGN	Bulgarian lev
048	BHD	Bahraini dinar
108	BIF	Burundian franc
060	BMD	Bermudian dollar
096	BND	Brunei dollar
068	BOB	Boliviano
984	BOV	Bolivian Mvdol (funds code)
986	BRL	Brazilian real
044	BSD	Bahamian dollar
064	BTN	Bhutanese ngultrum
072	BWP	Botswana pula
933	BYN	Belarusian ruble
084	BZD	Belize dollar
124	CAD	Canadian dollar
976	CDF	Congolese franc
947	CHE	WIR Euro (complementary currency)
756	CHF	Swiss franc
948	CHW	WIR Franc (complementary currency)
990	CLF	Unidad de Fomento (funds code)
152	CLP	Chilean peso
156	CNY	Chinese yuan
170	COP	Colombian peso
970	COU	Unidad de Valor Real (UVR) (funds code)[7]
188	CRC	Costa Rican colon
931	CUC	Cuban convertible peso
192	CUP	Cuban peso
132	CVE	Cape Verde escudo
203	CZK	Czech koruna
262	DJF	Djiboutian franc
208	DKK	Danish krone
214	DOP	Dominican peso
012	DZD	Algerian dinar
818	EGP	Egyptian pound
232	ERN	Eritrean nakfa
230	ETB	Ethiopian birr
978	EUR	Euro
242	FJD	Fiji dollar
238	FKP	Falkland Islands pound
826	GBP	Pound sterling
981	GEL	Georgian lari
936	GHS	Ghanaian cedi
292	GIP	Gibraltar pound
270	GMD	Gambian dalasi
324	GNF	Guinean franc
320	GTQ	Guatemalan quetzal
328	GYD	Guyanese dollar
344	HKD	Hong Kong dollar
340	HNL	Honduran lempira
191	HRK	Croatian kuna
332	HTG	Haitian gourde
348	HUF	Hungarian forint
360	IDR	Indonesian rupiah
376	ILS	Israeli new shekel
356	INR	Indian rupee
368	IQD	Iraqi dinar
364	IRR	Iranian rial
352	ISK	Icelandic króna
388	JMD	Jamaican dollar
400	JOD	Jordanian dinar
392	JPY	Japanese yen
404	KES	Kenyan shilling
417	KGS	Kyrgyzstani som
116	KHR	Cambodian riel
174	KMF	Comoro franc
408	KPW	North Korean won
410	KRW	South Korean won
414	KWD	Kuwaiti dinar
136	KYD	Cayman Islands dollar
398	KZT	Kazakhstani tenge
418	LAK	Lao kip
422	LBP	Lebanese pound
144	LKR	Sri Lankan rupee
430	LRD	Liberian dollar
426	LSL	Lesotho loti
434	LYD	Libyan dinar
504	MAD	Moroccan dirham
498	MDL	Moldovan leu
969	MGA	Malagasy ariary
807	MKD	Macedonian denar
104	MMK	Myanmar kyat
496	MNT	Mongolian tögrög
446	MOP	Macanese pataca
478	MRO	Mauritanian ouguiya
480	MUR	Mauritian rupee
462	MVR	Maldivian rufiyaa
454	MWK	Malawian kwacha
484	MXN	Mexican peso
979	MXV	Mexican Unidad de Inversion (UDI) (funds code)
458	MYR	Malaysian ringgit
943	MZN	Mozambican metical
516	NAD	Namibian dollar
566	NGN	Nigerian naira
558	NIO	Nicaraguan córdoba
578	NOK	Norwegian krone
524	NPR	Nepalese rupee
554	NZD	New Zealand dollar
512	OMR	Omani rial
590	PAB	Panamanian balboa
604	PEN	Peruvian Sol
598	PGK	Papua New Guinean kina
608	PHP	Philippine peso
586	PKR	Pakistani rupee
985	PLN	Polish złoty
600	PYG	Paraguayan guaraní
634	QAR	Qatari riyal
946	RON	Romanian leu
941	RSD	Serbian dinar
643	RUB	Russian ruble
646	RWF	Rwandan franc
682	SAR	Saudi riyal
090	SBD	Solomon Islands dollar
690	SCR	Seychelles rupee
938	SDG	Sudanese pound
752	SEK	Swedish krona/kronor
702	SGD	Singapore dollar
654	SHP	Saint Helena pound
694	SLL	Sierra Leonean leone
706	SOS	Somali shilling
968	SRD	Surinamese dollar
728	SSP	South Sudanese pound
678	STD	São Tomé and Príncipe dobra
222	SVC	Salvadoran colón
760	SYP	Syrian pound
748	SZL	Swazi lilangeni
764	THB	Thai baht
972	TJS	Tajikistani somoni
934	TMT	Turkmenistani manat
788	TND	Tunisian dinar
776	TOP	Tongan paʻanga
949	TRY	Turkish lira
780	TTD	Trinidad and Tobago dollar
901	TWD	New Taiwan dollar
834	TZS	Tanzanian shilling
980	UAH	Ukrainian hryvnia
800	UGX	Ugandan shilling
840	USD	United States dollar
997	USN	United States dollar (next day) (funds code)
940	UYI	Uruguay Peso en Unidades Indexadas (URUIURUI) (funds code)
858	UYU	Uruguayan peso
860	UZS	Uzbekistan som
937	VEF	Venezuelan bolívar
704	VND	Vietnamese đồng
548	VUV	Vanuatu vatu
882	WST	Samoan tala
950	XAF	CFA franc BEAC
961	XAG	Silver (one troy ounce)
959	XAU	Gold (one troy ounce)
955	XBA	European Composite Unit (EURCO) (bond market unit)
956	XBB	European Monetary Unit (E.M.U.-6) (bond market unit)
957	XBC	European Unit of Account 9 (E.U.A.-9) (bond market unit)
958	XBD	European Unit of Account 17 (E.U.A.-17) (bond market unit)
951	XCD	East Caribbean dollar
960	XDR	Special drawing rights
952	XOF	CFA franc BCEAO
964	XPD	Palladium (one troy ounce)
953	XPF	CFP franc (franc Pacifique)
962	XPT	Platinum (one troy ounce)
994	XSU	SUCRE
963	XTS	Code reserved for testing purposes
965	XUA	ADB Unit of Account
999	XXX	No currency
886	YER	Yemeni rial
710	ZAR	South African rand
967	ZMW	Zambian kwacha
932	ZWL	Zimbabwean dollar A/10

Country Codes

We are using ISO 3166-1 numeric (or numeric-3) codes.

Country Code	Country Name
004	Afghanistan
248	Åland Islands
008	Albania
012	Algeria
016	American Samoa
020	Andorra
024	Angola
660	Anguilla
010	Antarctica
028	Antigua and Barbuda
032	Argentina
051	Armenia
533	Aruba
036	Australia
040	Austria
031	Azerbaijan
044	Bahamas
048	Bahrain
050	Bangladesh
052	Barbados
112	Belarus
056	Belgium
084	Belize
204	Benin
060	Bermuda
064	Bhutan
068	Bolivia, Plurinational State of
535	Bonaire, Sint Eustatius and Saba
070	Bosnia and Herzegovina
072	Botswana
074	Bouvet Island
076	Brazil
086	British Indian Ocean Territory
096	Brunei Darussalam
100	Bulgaria
854	Burkina Faso
108	Burundi
132	Cabo Verde
116	Cambodia
120	Cameroon
124	Canada
136	Cayman Islands
140	Central African Republic
148	Chad
152	Chile
156	China
162	Christmas Island
166	Cocos (Keeling) Islands
170	Colombia
174	Comoros
178	Congo
180	Congo, the Democratic Republic of the
184	Cook Islands
188	Costa Rica
384	Côte d'Ivoire
191	Croatia
192	Cuba
531	Curaçao
196	Cyprus
203	Czechia
208	Denmark
262	Djibouti
212	Dominica
214	Dominican Republic
218	Ecuador
818	Egypt
222	El Salvador
226	Equatorial Guinea
232	Eritrea
233	Estonia
231	Ethiopia
238	Falkland Islands (Malvinas)
234	Faroe Islands
242	Fiji
246	Finland
250	France
254	French Guiana
258	French Polynesia
260	French Southern Territories
266	Gabon
270	Gambia
268	Georgia
276	Germany
288	Ghana
292	Gibraltar
300	Greece
304	Greenland
308	Grenada
312	Guadeloupe
316	Guam
320	Guatemala
831	Guernsey
324	Guinea
624	Guinea-Bissau
328	Guyana
332	Haiti
334	Heard Island and McDonald Islands
336	Holy See
340	Honduras
344	Hong Kong
348	Hungary
352	Iceland
356	India
360	Indonesia
364	Iran, Islamic Republic of
368	Iraq
372	Ireland
833	Isle of Man
376	Israel
380	Italy
388	Jamaica
392	Japan
832	Jersey
400	Jordan
398	Kazakhstan
404	Kenya
296	Kiribati
408	Korea, Democratic People's Republic of
410	Korea, Republic of
414	Kuwait
417	Kyrgyzstan
418	Lao People's Democratic Republic
428	Latvia
422	Lebanon
426	Lesotho
430	Liberia
434	Libya
438	Liechtenstein
440	Lithuania
442	Luxembourg
446	Macao
807	Macedonia, the former Yugoslav Republic of
450	Madagascar
454	Malawi
458	Malaysia
462	Maldives
466	Mali
470	Malta
584	Marshall Islands
474	Martinique
478	Mauritania
480	Mauritius
175	Mayotte
484	Mexico
583	Micronesia, Federated States of
498	Moldova, Republic of
492	Monaco
496	Mongolia
499	Montenegro
500	Montserrat
504	Morocco
508	Mozambique
104	Myanmar
516	Namibia
520	Nauru
524	Nepal
528	Netherlands
540	New Caledonia
554	New Zealand
558	Nicaragua
562	Niger
566	Nigeria
570	Niue
574	Norfolk Island
580	Northern Mariana Islands
578	Norway
512	Oman
586	Pakistan
585	Palau
275	Palestine, State of
591	Panama
598	Papua New Guinea
600	Paraguay
604	Peru
608	Philippines
612	Pitcairn
616	Poland
620	Portugal
630	Puerto Rico
634	Qatar
638	Réunion
642	Romania
643	Russian Federation
646	Rwanda
652	Saint Barthélemy
654	Saint Helena, Ascension and Tristan da Cunha
659	Saint Kitts and Nevis
662	Saint Lucia
663	Saint Martin (French part)
666	Saint Pierre and Miquelon
670	Saint Vincent and the Grenadines
882	Samoa
674	San Marino
678	Sao Tome and Principe
682	Saudi Arabia
686	Senegal
688	Serbia
690	Seychelles
694	Sierra Leone
702	Singapore
534	Sint Maarten (Dutch part)
703	Slovakia
705	Slovenia
090	Solomon Islands
706	Somalia
710	South Africa
239	South Georgia and the South Sandwich Islands
728	South Sudan
724	Spain
144	Sri Lanka
729	Sudan
740	Suriname
744	Svalbard and Jan Mayen
748	Swaziland
752	Sweden
756	Switzerland
760	Syrian Arab Republic
158	Taiwan, Province of China
762	Tajikistan
834	Tanzania, United Republic of
764	Thailand
626	Timor-Leste
768	Togo
772	Tokelau
776	Tonga
780	Trinidad and Tobago
788	Tunisia
792	Turkey
795	Turkmenistan
796	Turks and Caicos Islands
798	Tuvalu
800	Uganda
804	Ukraine
784	United Arab Emirates
826	United Kingdom
581	United States Minor Outlying Islands
840	United States of America
858	Uruguay
860	Uzbekistan
548	Vanuatu
862	Venezuela, Bolivarian Republic of
704	Viet Nam
092	Virgin Islands, British
850	Virgin Islands, U.S.
876	Wallis and Futuna
732	Western Sahara
887	Yemen
894	Zambia
716	Zimbabwe

State Codes

We are using the United States Postal Service 2-letter codes.

State Code	State Name	State Numeric Code
AL	Alabama	01
AK	Alaska	02
AZ	Arizona	04
AR	Arkansas	05
CA	California	06
CO	Colorado	08
CT	Connecticut	09
DE	Delaware	10
DC	District of Columbia	11
FL	Florida	12
GA	Georgia	13
HI	Hawaii	15
ID	Idaho	16
IL	Illinois	17
IN	Indiana	18
IA	Iowa	19
KS	Kansas	20
KY	Kentucky	21
LA	Louisiana	22
ME	Maine	23
MD	Maryland	24
MA	Massachusetts	25
MI	Michigan	26
MN	Minnesota	27
MS	Mississippi	28
MO	Missouri	29
MT	Montana	30
NE	Nebraska	31
NV	Nevada	32
NH	New Hampshire	33
NJ	New Jersey	34
NM	New Mexico	35
NY	New York	36
NC	North Carolina	37
ND	North Dakota	38
OH	Ohio	39
OK	Oklahoma	40
OR	Oregon	41
PA	Pennsylvania	42
RI	Rhode Island	44
SC	South Carolina	45
SD	South Dakota	46
TN	Tennessee	47
TX	Texas	48
UT	Utah	49
VT	Vermont	50
VA	Virginia	51
WA	Washington	53
WV	West Virginia	54
WI	Wisconsin	55
WY	Wyoming	56

AS	American Samoa	00
GU	Guam	00
MP	Northern Mariana Islands	00
PR	Puerto Rico	00
UM	United States Minor Outlying Islands	00
VI	Virgin Islands	00

Resource Statuses

Resource's Status	Any Resource	Transaction	Description
OK	✔	✔	Resource is in normal status.
LOCKED	✔	✔	Resource is locked.
DELETED	✔	✔	Resource is marked for deletion.
PENDING		✔	Transaction processing started or waiting to be processed (batch).
FAILED		✔	Transaction processing failed.
UNKNOWN		✔	Transaction processing result is unknown.
ERROR		✔	Transaction processing error.
COMPLETED		✔	Transaction completed processing successfully.
REVERSED		✔	A Request to Reverse a previous PULL Transaction was requested.
REVERSAL		✔	A Request to Reverse a previous PULL Transaction was tried, however the status is unknown.

Transactions

The following tables shows the various statuses a Transaction Resource undergoes:

Transaction Successful

Status	Description
OK	Transaction created.
PENDING	Transaction processing started or waiting to be processed (batch).
COMPLETED	Transaction processed successfully.

Transaction Error

Status	Description
OK	Transaction created.
PENDING	Transaction processing started.
ERROR	Transaction processing error, see Network Response Code.

Transaction Processing returned a non-successful Network Response Code from a Card Network.

Transaction Failed

Status	Description
OK	Transaction created.
PENDING	Transaction processing started.
FAILED	Transaction processing failed.

Transaction Processing failed. The Transaction was unsuccessful.

Transaction Result is Unknown

Status	Description
OK	Transaction created.
PENDING	Transaction processing started.
UNKNOWN	Transaction processing result is unknown.

The Transaction could have been successful or not. Manual intervention is required to determine the status of the Transaction. Please contact support@TabaPay.com.

Transaction Timed Out so Result was originally Unknown but actually Successful

Status	Description
OK	Transaction created.
PENDING	Transaction processing started.
UNKNOWN	Transaction processing result is unknown.
COMPLETED	Transaction processed successfully.

The Transaction timed out so the Transaction Status was originally set to UNKNOWN. Your request returned a Status Code of 207. The Transaction Processing continue to be processed. The final and actual Transaction is COMPLETED.

Transaction Timed Out so Result was originally Unknown but actually Failed

Status	Description
OK	Transaction created.
PENDING	Transaction processing started.
UNKNOWN	Transaction processing result is unknown.
FAILED	Transaction processing failed.

Transaction Successful but a Request to Reverse the Transaction was requested

Status	Description
OK	Transaction created.
PENDING	Transaction processing started or waiting to be processed (batch).
COMPLETED	Transaction processed successfully.
REVERSED	Transaction Reversal was requested.

Transaction Successful but a Request to Reverse the Transaction was tried

Status	Description
OK	Transaction created.
PENDING	Transaction processing started or waiting to be processed (batch).
COMPLETED	Transaction processed successfully.
REVERSAL	Transaction Reversal was tried, however the status is unknown.

Test Cards

PCI requires us and you to use Test Card Numbers when testing. You should never use a real Card Number in the Sandbox Environment. The following Card Numbers were randomly created, if they happen by chance to be a real Card Number, it is purely by coincidence only. Sample Card Numbers by Networks:

^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
STAR	9010100999999995	✘ No	✔			✘ Not Valid		✘ Not Valid
	9010101999999993	✘ No	✔			✘ Not Valid		✔
	9010102999999991	✘ No	✔			✘ Not Valid			✔
	9010103999999999	✘ No	✔			✘ Not Valid				✔
	9010110999999994	✘ No	✔			✔		✘ Not Valid
	9010111999999992	✘ No	✔			✔		✔
	9010112999999990	✘ No	✔			✔			✔
	9010113999999998	✘ No	✔			✔				✔
	9010200999999993	✘ No		✔		✘ Not Valid		✘ Not Valid
	9010201999999991	✘ No		✔		✘ Not Valid		✔
	9010202999999999	✘ No		✔		✘ Not Valid			✔
	9010203999999997	✘ No		✔		✘ Not Valid				✔
	9010210999999992	✘ No		✔		✔		✘ Not Valid
	9010211999999990	✘ No		✔		✔		✔
	9010212999999998	✘ No		✔		✔			✔
	9010213999999996	✘ No		✔		✔				✔
	9010300999999991	✘ No			✔	✘ Not Valid		✘ Not Valid
	9010301999999999	✘ No			✔	✘ Not Valid		✔
	9010302999999997	✘ No			✔	✘ Not Valid			✔
	9010303999999995	✘ No			✔	✘ Not Valid				✔
	9010310999999990	✘ No			✔	✔		✘ Not Valid
	9010311999999998	✘ No			✔	✔		✔
	9010312999999996	✘ No			✔	✔			✔
	9010313999999994	✘ No			✔	✔				✔
	9011100999999994	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9011101999999992	✔ Yes	✔			✘ Not Valid		✔
	9011102999999990	✔ Yes	✔			✘ Not Valid			✔
	9011103999999998	✔ Yes	✔			✘ Not Valid				✔
	9011110999999993	✔ Yes	✔			✔		✘ Not Valid
	9011111999999991	✔ Yes	✔			✔		✔
	9011112999999999	✔ Yes	✔			✔			✔
	9011113999999997	✔ Yes	✔			✔				✔
	9011200999999992	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9011201999999990	✔ Yes		✔		✘ Not Valid		✔
	9011202999999998	✔ Yes		✔		✘ Not Valid			✔
	9011203999999996	✔ Yes		✔		✘ Not Valid				✔
	9011210999999991	✔ Yes		✔		✔		✘ Not Valid
	9011211999999999	✔ Yes		✔		✔		✔
	9011212999999997	✔ Yes		✔		✔			✔
	9011213999999995	✔ Yes		✔		✔				✔
	9011300999999990	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9011301999999998	✔ Yes			✔	✘ Not Valid		✔
	9011302999999996	✔ Yes			✔	✘ Not Valid			✔
	9011303999999994	✔ Yes			✔	✘ Not Valid				✔
	9011310999999999	✔ Yes			✔	✔		✘ Not Valid
	9011311999999997	✔ Yes			✔	✔		✔
	9011312999999995	✔ Yes			✔	✔			✔
	9011313999999993	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
Pulse	9020100999999993	✘ No	✔			✘ Not Valid		✘ Not Valid
	9020101999999991	✘ No	✔			✘ Not Valid		✔
	9020102999999999	✘ No	✔			✘ Not Valid			✔
	9020103999999997	✘ No	✔			✘ Not Valid				✔
	9020110999999992	✘ No	✔			✔		✘ Not Valid
	9020111999999990	✘ No	✔			✔		✔
	9020112999999998	✘ No	✔			✔			✔
	9020113999999996	✘ No	✔			✔				✔
	9020200999999991	✘ No		✔		✘ Not Valid		✘ Not Valid
	9020201999999999	✘ No		✔		✘ Not Valid		✔
	9020202999999997	✘ No		✔		✘ Not Valid			✔
	9020203999999995	✘ No		✔		✘ Not Valid				✔
	9020210999999990	✘ No		✔		✔		✘ Not Valid
	9020211999999998	✘ No		✔		✔		✔
	9020212999999996	✘ No		✔		✔			✔
	9020213999999994	✘ No		✔		✔				✔
	9020300999999999	✘ No			✔	✘ Not Valid		✘ Not Valid
	9020301999999997	✘ No			✔	✘ Not Valid		✔
	9020302999999995	✘ No			✔	✘ Not Valid			✔
	9020303999999993	✘ No			✔	✘ Not Valid				✔
	9020310999999998	✘ No			✔	✔		✘ Not Valid
	9020311999999996	✘ No			✔	✔		✔
	9020312999999994	✘ No			✔	✔			✔
	9020313999999992	✘ No			✔	✔				✔
	9021100999999992	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9021101999999990	✔ Yes	✔			✘ Not Valid		✔
	9021102999999998	✔ Yes	✔			✘ Not Valid			✔
	9021103999999996	✔ Yes	✔			✘ Not Valid				✔
	9021110999999991	✔ Yes	✔			✔		✘ Not Valid
	9021111999999999	✔ Yes	✔			✔		✔
	9021112999999997	✔ Yes	✔			✔			✔
	9021113999999995	✔ Yes	✔			✔				✔
	9021200999999990	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9021201999999998	✔ Yes		✔		✘ Not Valid		✔
	9021202999999996	✔ Yes		✔		✘ Not Valid			✔
	9021203999999994	✔ Yes		✔		✘ Not Valid				✔
	9021210999999999	✔ Yes		✔		✔		✘ Not Valid
	9021211999999997	✔ Yes		✔		✔		✔
	9021212999999995	✔ Yes		✔		✔			✔
	9021213999999993	✔ Yes		✔		✔				✔
	9021300999999998	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9021301999999996	✔ Yes			✔	✘ Not Valid		✔
	9021302999999994	✔ Yes			✔	✘ Not Valid			✔
	9021303999999992	✔ Yes			✔	✘ Not Valid				✔
	9021310999999997	✔ Yes			✔	✔		✘ Not Valid
	9021311999999995	✔ Yes			✔	✔		✔
	9021312999999993	✔ Yes			✔	✔			✔
	9021313999999991	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
NYCE	9030100999999991	✘ No	✔			✘ Not Valid		✘ Not Valid
	9030101999999999	✘ No	✔			✘ Not Valid		✔
	9030102999999997	✘ No	✔			✘ Not Valid			✔
	9030103999999995	✘ No	✔			✘ Not Valid				✔
	9030110999999990	✘ No	✔			✔		✘ Not Valid
	9030111999999998	✘ No	✔			✔		✔
	9030112999999996	✘ No	✔			✔			✔
	9030113999999994	✘ No	✔			✔				✔
	9030200999999999	✘ No		✔		✘ Not Valid		✘ Not Valid
	9030201999999997	✘ No		✔		✘ Not Valid		✔
	9030202999999995	✘ No		✔		✘ Not Valid			✔
	9030203999999993	✘ No		✔		✘ Not Valid				✔
	9030210999999998	✘ No		✔		✔		✘ Not Valid
	9030211999999996	✘ No		✔		✔		✔
	9030212999999994	✘ No		✔		✔			✔
	9030213999999992	✘ No		✔		✔				✔
	9030300999999997	✘ No			✔	✘ Not Valid		✘ Not Valid
	9030301999999995	✘ No			✔	✘ Not Valid		✔
	9030302999999993	✘ No			✔	✘ Not Valid			✔
	9030303999999991	✘ No			✔	✘ Not Valid				✔
	9030310999999996	✘ No			✔	✔		✘ Not Valid
	9030311999999994	✘ No			✔	✔		✔
	9030312999999992	✘ No			✔	✔			✔
	9030313999999990	✘ No			✔	✔				✔
	9031100999999990	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9031101999999998	✔ Yes	✔			✘ Not Valid		✔
	9031102999999996	✔ Yes	✔			✘ Not Valid			✔
	9031103999999994	✔ Yes	✔			✘ Not Valid				✔
	9031110999999999	✔ Yes	✔			✔		✘ Not Valid
	9031111999999997	✔ Yes	✔			✔		✔
	9031112999999995	✔ Yes	✔			✔			✔
	9031113999999993	✔ Yes	✔			✔				✔
	9031200999999998	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9031201999999996	✔ Yes		✔		✘ Not Valid		✔
	9031202999999994	✔ Yes		✔		✘ Not Valid			✔
	9031203999999992	✔ Yes		✔		✘ Not Valid				✔
	9031210999999997	✔ Yes		✔		✔		✘ Not Valid
	9031211999999995	✔ Yes		✔		✔		✔
	9031212999999993	✔ Yes		✔		✔			✔
	9031213999999991	✔ Yes		✔		✔				✔
	9031300999999996	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9031301999999994	✔ Yes			✔	✘ Not Valid		✔
	9031302999999992	✔ Yes			✔	✘ Not Valid			✔
	9031303999999990	✔ Yes			✔	✘ Not Valid				✔
	9031310999999995	✔ Yes			✔	✔		✘ Not Valid
	9031311999999993	✔ Yes			✔	✔		✔
	9031312999999991	✔ Yes			✔	✔			✔
	9031313999999999	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
CU24	9050100999999996	✘ No	✔			✘ Not Valid		✘ Not Valid
	9050101999999994	✘ No	✔			✘ Not Valid		✔
	9050102999999992	✘ No	✔			✘ Not Valid			✔
	9050103999999990	✘ No	✔			✘ Not Valid				✔
	9050110999999995	✘ No	✔			✔		✘ Not Valid
	9050111999999993	✘ No	✔			✔		✔
	9050112999999991	✘ No	✔			✔			✔
	9050113999999999	✘ No	✔			✔				✔
	9050200999999994	✘ No		✔		✘ Not Valid		✘ Not Valid
	9050201999999992	✘ No		✔		✘ Not Valid		✔
	9050202999999990	✘ No		✔		✘ Not Valid			✔
	9050203999999998	✘ No		✔		✘ Not Valid				✔
	9050210999999993	✘ No		✔		✔		✘ Not Valid
	9050211999999991	✘ No		✔		✔		✔
	9050212999999999	✘ No		✔		✔			✔
	9050213999999997	✘ No		✔		✔				✔
	9050300999999992	✘ No			✔	✘ Not Valid		✘ Not Valid
	9050301999999990	✘ No			✔	✘ Not Valid		✔
	9050302999999998	✘ No			✔	✘ Not Valid			✔
	9050303999999996	✘ No			✔	✘ Not Valid				✔
	9050310999999991	✘ No			✔	✔		✘ Not Valid
	9050311999999999	✘ No			✔	✔		✔
	9050312999999997	✘ No			✔	✔			✔
	9050313999999995	✘ No			✔	✔				✔
	9051100999999995	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9051101999999993	✔ Yes	✔			✘ Not Valid		✔
	9051102999999991	✔ Yes	✔			✘ Not Valid			✔
	9051103999999999	✔ Yes	✔			✘ Not Valid				✔
	9051110999999994	✔ Yes	✔			✔		✘ Not Valid
	9051111999999992	✔ Yes	✔			✔		✔
	9051112999999990	✔ Yes	✔			✔			✔
	9051113999999998	✔ Yes	✔			✔				✔
	9051200999999993	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9051201999999991	✔ Yes		✔		✘ Not Valid		✔
	9051202999999999	✔ Yes		✔		✘ Not Valid			✔
	9051203999999997	✔ Yes		✔		✘ Not Valid				✔
	9051210999999992	✔ Yes		✔		✔		✘ Not Valid
	9051211999999990	✔ Yes		✔		✔		✔
	9051212999999998	✔ Yes		✔		✔			✔
	9051213999999996	✔ Yes		✔		✔				✔
	9051300999999991	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9051301999999999	✔ Yes			✔	✘ Not Valid		✔
	9051302999999997	✔ Yes			✔	✘ Not Valid			✔
	9051303999999995	✔ Yes			✔	✘ Not Valid				✔
	9051310999999990	✔ Yes			✔	✔		✘ Not Valid
	9051311999999998	✔ Yes			✔	✔		✔
	9051312999999996	✔ Yes			✔	✔			✔
	9051313999999994	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
Accel	9080100999999990	✘ No	✔			✘ Not Valid		✘ Not Valid
	9080101999999998	✘ No	✔			✘ Not Valid		✔
	9080102999999996	✘ No	✔			✘ Not Valid			✔
	9080103999999994	✘ No	✔			✘ Not Valid				✔
	9080110999999999	✘ No	✔			✔		✘ Not Valid
	9080111999999997	✘ No	✔			✔		✔
	9080112999999995	✘ No	✔			✔			✔
	9080113999999993	✘ No	✔			✔				✔
	9080200999999998	✘ No		✔		✘ Not Valid		✘ Not Valid
	9080201999999996	✘ No		✔		✘ Not Valid		✔
	9080202999999994	✘ No		✔		✘ Not Valid			✔
	9080203999999992	✘ No		✔		✘ Not Valid				✔
	9080210999999997	✘ No		✔		✔		✘ Not Valid
	9080211999999995	✘ No		✔		✔		✔
	9080212999999993	✘ No		✔		✔			✔
	9080213999999991	✘ No		✔		✔				✔
	9080300999999996	✘ No			✔	✘ Not Valid		✘ Not Valid
	9080301999999994	✘ No			✔	✘ Not Valid		✔
	9080302999999992	✘ No			✔	✘ Not Valid			✔
	9080303999999990	✘ No			✔	✘ Not Valid				✔
	9080310999999995	✘ No			✔	✔		✘ Not Valid
	9080311999999993	✘ No			✔	✔		✔
	9080312999999991	✘ No			✔	✔			✔
	9080313999999999	✘ No			✔	✔				✔
	9081100999999999	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9081101999999997	✔ Yes	✔			✘ Not Valid		✔
	9081102999999995	✔ Yes	✔			✘ Not Valid			✔
	9081103999999993	✔ Yes	✔			✘ Not Valid				✔
	9081110999999998	✔ Yes	✔			✔		✘ Not Valid
	9081111999999996	✔ Yes	✔			✔		✔
	9081112999999994	✔ Yes	✔			✔			✔
	9081113999999992	✔ Yes	✔			✔				✔
	9081200999999997	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9081201999999995	✔ Yes		✔		✘ Not Valid		✔
	9081202999999993	✔ Yes		✔		✘ Not Valid			✔
	9081203999999991	✔ Yes		✔		✘ Not Valid				✔
	9081210999999996	✔ Yes		✔		✔		✘ Not Valid
	9081211999999994	✔ Yes		✔		✔		✔
	9081212999999992	✔ Yes		✔		✔			✔
	9081213999999990	✔ Yes		✔		✔				✔
	9081300999999995	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9081301999999993	✔ Yes			✔	✘ Not Valid		✔
	9081302999999991	✔ Yes			✔	✘ Not Valid			✔
	9081303999999999	✔ Yes			✔	✘ Not Valid				✔
	9081310999999994	✔ Yes			✔	✔		✘ Not Valid
	9081311999999992	✔ Yes			✔	✔		✔
	9081312999999990	✔ Yes			✔	✔			✔
	9081313999999998	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
Visa	9400100999999993	✘ No	✔			✘ Not Valid		✘ Not Valid
	9400101999999991	✘ No	✔			✘ Not Valid		✔
	9400102999999999	✘ No	✔			✘ Not Valid			✔
	9400103999999997	✘ No	✔			✘ Not Valid				✔
	9400110999999992	✘ No	✔			✔		✘ Not Valid
	9400111999999990	✘ No	✔			✔		✔
	9400112999999998	✘ No	✔			✔			✔
	9400113999999996	✘ No	✔			✔				✔
	9400120999999991	✘ No	✔				✔	✘ Not Valid
	9400121999999999	✘ No	✔				✔	✔
	9400122999999997	✘ No	✔				✔		✔
	9400123999999995	✘ No	✔				✔			✔
	9400200999999991	✘ No		✔		✘ Not Valid		✘ Not Valid
	9400201999999999	✘ No		✔		✘ Not Valid		✔
	9400202999999997	✘ No		✔		✘ Not Valid			✔
	9400203999999995	✘ No		✔		✘ Not Valid				✔
	9400210999999990	✘ No		✔		✔		✘ Not Valid
	9400211999999998	✘ No		✔		✔		✔
	9400212999999996	✘ No		✔		✔			✔
	9400213999999994	✘ No		✔		✔				✔
	9400220999999999	✘ No		✔			✔	✘ Not Valid
	9400221999999997	✘ No		✔			✔	✔
	9400222999999995	✘ No		✔			✔		✔
	9400223999999993	✘ No		✔			✔			✔
	9400300999999999	✘ No			✔	✘ Not Valid		✘ Not Valid
	9400301999999997	✘ No			✔	✘ Not Valid		✔
	9400302999999995	✘ No			✔	✘ Not Valid			✔
	9400303999999993	✘ No			✔	✘ Not Valid				✔
	9400310999999998	✘ No			✔	✔		✘ Not Valid
	9400311999999996	✘ No			✔	✔		✔
	9400312999999994	✘ No			✔	✔			✔
	9400313999999992	✘ No			✔	✔				✔
	9400320999999997	✘ No			✔		✔	✘ Not Valid
	9400321999999995	✘ No			✔		✔	✔
	9400322999999993	✘ No			✔		✔		✔
	9400323999999991	✘ No			✔		✔			✔
	9401100999999992	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9401101999999990	✔ Yes	✔			✘ Not Valid		✔
	9401102999999998	✔ Yes	✔			✘ Not Valid			✔
	9401103999999996	✔ Yes	✔			✘ Not Valid				✔
	9401110999999991	✔ Yes	✔			✔		✘ Not Valid
	9401111999999999	✔ Yes	✔			✔		✔
	9401112999999997	✔ Yes	✔			✔			✔
	9401113999999995	✔ Yes	✔			✔				✔
	9401120999999990	✔ Yes	✔				✔	✘ Not Valid
	9401121999999998	✔ Yes	✔				✔	✔
	9401122999999996	✔ Yes	✔				✔		✔
	9401123999999994	✔ Yes	✔				✔			✔
	9401200999999990	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9401201999999998	✔ Yes		✔		✘ Not Valid		✔
	9401202999999996	✔ Yes		✔		✘ Not Valid			✔
	9401203999999994	✔ Yes		✔		✘ Not Valid				✔
	9401210999999999	✔ Yes		✔		✔		✘ Not Valid
	9401211999999997	✔ Yes		✔		✔		✔
	9401212999999995	✔ Yes		✔		✔			✔
	9401213999999993	✔ Yes		✔		✔				✔
	9401220999999998	✔ Yes		✔			✔	✘ Not Valid
	9401221999999996	✔ Yes		✔			✔	✔
	9401222999999994	✔ Yes		✔			✔		✔
	9401223999999992	✔ Yes		✔			✔			✔
	9401300999999998	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9401301999999996	✔ Yes			✔	✘ Not Valid		✔
	9401302999999994	✔ Yes			✔	✘ Not Valid			✔
	9401303999999992	✔ Yes			✔	✘ Not Valid				✔
9401310999999997	✔ Yes			✔	✔		✘ Not Valid
9401311999999995	✔ Yes			✔	✔		✔
9401312999999993	✔ Yes			✔	✔			✔
9401313999999991	✔ Yes			✔	✔				✔
9401320999999996	✔ Yes			✔		✔	✘ Not Valid
9401321999999994	✔ Yes			✔		✔	✔
9401322999999992	✔ Yes			✔		✔		✔
9401323999999990	✔ Yes			✔		✔			✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
VisaFF	9940101999999998	✘ No	✔			✘ Not Valid		✔
	9940201999999996	✘ No		✔		✘ Not Valid		✔
	9940301999999994	✘ No			✔	✘ Not Valid		✔
	9941101999999997	✔ Yes	✔			✘ Not Valid		✔
	9941201999999995	✔ Yes		✔		✘ Not Valid		✔
	9941301999999993	✔ Yes			✔	✘ Not Valid		✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
MasterCard	9500100999999992	✘ No	✔			✘ Not Valid		✘ Not Valid
	9500110999999991	✘ No	✔			✔		✘ Not Valid
	9500120999999990	✘ No	✔				✔	✘ Not Valid
	9500200999999990	✘ No		✔		✘ Not Valid		✘ Not Valid
	9500210999999999	✘ No		✔		✔		✘ Not Valid
	9500220999999998	✘ No		✔			✔	✘ Not Valid
	9500300999999998	✘ No			✔	✘ Not Valid		✘ Not Valid
	9500310999999997	✘ No			✔	✔		✘ Not Valid
	9500320999999996	✘ No			✔		✔	✘ Not Valid
	9501100999999991	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9501110999999990	✔ Yes	✔			✔		✘ Not Valid
	9501120999999999	✔ Yes	✔				✔	✘ Not Valid
	9501200999999999	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9501210999999998	✔ Yes		✔		✔		✘ Not Valid
	9501220999999997	✔ Yes		✔			✔	✘ Not Valid
	9501300999999997	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9501310999999996	✔ Yes			✔	✔		✘ Not Valid
	9501320999999995	✔ Yes			✔		✔	✘ Not Valid
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
MoneySend	9950101999999995	✘ No	✔			✘ Not Valid		✔
	9950201999999993	✘ No		✔		✘ Not Valid		✔
	9950301999999991	✘ No			✔	✘ Not Valid		✔
	9950102999999993	✘ No	✔			✘ Not Valid			✔
	9950202999999991	✘ No		✔		✘ Not Valid			✔
	9950302999999999	✘ No			✔	✘ Not Valid			✔
	9950103999999991	✘ No	✔			✘ Not Valid				✔
	9950203999999999	✘ No		✔		✘ Not Valid				✔
	9950303999999997	✘ No			✔	✘ Not Valid				✔
	9951101999999994	✔ Yes	✔			✘ Not Valid		✔
	9951201999999992	✔ Yes		✔		✘ Not Valid		✔
	9951301999999990	✔ Yes			✔	✘ Not Valid		✔
	9951102999999992	✔ Yes	✔			✘ Not Valid			✔
	9951202999999990	✔ Yes		✔		✘ Not Valid			✔
	9951302999999998	✔ Yes			✔	✘ Not Valid			✔
	9951103999999990	✔ Yes	✔			✘ Not Valid				✔
	9951203999999998	✔ Yes		✔		✘ Not Valid				✔
	9951303999999996	✔ Yes			✔	✘ Not Valid				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
STAR Visa	9410100999999991	✘ No	✔			✘ Not Valid		✘ Not Valid
	9410101999999999	✘ No	✔			✘ Not Valid		✔
	9410102999999997	✘ No	✔			✘ Not Valid			✔
	9410103999999995	✘ No	✔			✘ Not Valid				✔
	9410110999999990	✘ No	✔			✔		✘ Not Valid
	9410111999999998	✘ No	✔			✔		✔
	9410112999999996	✘ No	✔			✔			✔
	9410113999999994	✘ No	✔			✔				✔
	9410200999999999	✘ No		✔		✘ Not Valid		✘ Not Valid
	9410201999999997	✘ No		✔		✘ Not Valid		✔
	9410202999999995	✘ No		✔		✘ Not Valid			✔
	9410203999999993	✘ No		✔		✘ Not Valid				✔
	9410210999999998	✘ No		✔		✔		✘ Not Valid
	9410211999999996	✘ No		✔		✔		✔
	9410212999999994	✘ No		✔		✔			✔
	9410213999999992	✘ No		✔		✔				✔
	9410300999999997	✘ No			✔	✘ Not Valid		✘ Not Valid
	9410301999999995	✘ No			✔	✘ Not Valid		✔
	9410302999999993	✘ No			✔	✘ Not Valid			✔
	9410303999999991	✘ No			✔	✘ Not Valid				✔
	9410310999999996	✘ No			✔	✔		✘ Not Valid
	9410311999999994	✘ No			✔	✔		✔
	9410312999999992	✘ No			✔	✔			✔
	9410313999999990	✘ No			✔	✔				✔
	9411100999999990	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9411101999999998	✔ Yes	✔			✘ Not Valid		✔
	9411102999999996	✔ Yes	✔			✘ Not Valid			✔
	9411103999999994	✔ Yes	✔			✘ Not Valid				✔
	9411110999999999	✔ Yes	✔			✔		✘ Not Valid
	9411111999999997	✔ Yes	✔			✔		✔
	9411112999999995	✔ Yes	✔			✔			✔
	9411113999999993	✔ Yes	✔			✔				✔
	9411200999999998	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9411201999999996	✔ Yes		✔		✘ Not Valid		✔
	9411202999999994	✔ Yes		✔		✘ Not Valid			✔
	9411203999999992	✔ Yes		✔		✘ Not Valid				✔
	9411210999999997	✔ Yes		✔		✔		✘ Not Valid
	9411211999999995	✔ Yes		✔		✔		✔
	9411212999999993	✔ Yes		✔		✔			✔
	9411213999999991	✔ Yes		✔		✔				✔
	9411300999999996	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9411301999999994	✔ Yes			✔	✘ Not Valid		✔
	9411302999999992	✔ Yes			✔	✘ Not Valid			✔
	9411303999999990	✔ Yes			✔	✘ Not Valid				✔
	9411310999999995	✔ Yes			✔	✔		✘ Not Valid
	9411311999999993	✔ Yes			✔	✔		✔
	9411312999999991	✔ Yes			✔	✔			✔
	9411313999999999	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
Pulse Visa	9420100999999999	✘ No	✔			✘ Not Valid		✘ Not Valid
	9420101999999997	✘ No	✔			✘ Not Valid		✔
	9420102999999995	✘ No	✔			✘ Not Valid			✔
	9420103999999993	✘ No	✔			✘ Not Valid				✔
	9420110999999998	✘ No	✔			✔		✘ Not Valid
	9420111999999996	✘ No	✔			✔		✔
	9420112999999994	✘ No	✔			✔			✔
	9420113999999992	✘ No	✔			✔				✔
	9420200999999997	✘ No		✔		✘ Not Valid		✘ Not Valid
	9420201999999995	✘ No		✔		✘ Not Valid		✔
	9420202999999993	✘ No		✔		✘ Not Valid			✔
	9420203999999991	✘ No		✔		✘ Not Valid				✔
	9420210999999996	✘ No		✔		✔		✘ Not Valid
	9420211999999994	✘ No		✔		✔		✔
	9420212999999992	✘ No		✔		✔			✔
	9420213999999990	✘ No		✔		✔				✔
	9420300999999995	✘ No			✔	✘ Not Valid		✘ Not Valid
	9420301999999993	✘ No			✔	✘ Not Valid		✔
	9420302999999991	✘ No			✔	✘ Not Valid			✔
	9420303999999999	✘ No			✔	✘ Not Valid				✔
	9420310999999994	✘ No			✔	✔		✘ Not Valid
	9420311999999992	✘ No			✔	✔		✔
	9420312999999990	✘ No			✔	✔			✔
	9420313999999998	✘ No			✔	✔				✔
	9421100999999998	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9421101999999996	✔ Yes	✔			✘ Not Valid		✔
	9421102999999994	✔ Yes	✔			✘ Not Valid			✔
	9421103999999992	✔ Yes	✔			✘ Not Valid				✔
	9421110999999997	✔ Yes	✔			✔		✘ Not Valid
	9421111999999995	✔ Yes	✔			✔		✔
	9421112999999993	✔ Yes	✔			✔			✔
	9421113999999991	✔ Yes	✔			✔				✔
	9421200999999996	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9421201999999994	✔ Yes		✔		✘ Not Valid		✔
	9421202999999992	✔ Yes		✔		✘ Not Valid			✔
	9421203999999990	✔ Yes		✔		✘ Not Valid				✔
	9421210999999995	✔ Yes		✔		✔		✘ Not Valid
	9421211999999993	✔ Yes		✔		✔		✔
	9421212999999991	✔ Yes		✔		✔			✔
	9421213999999999	✔ Yes		✔		✔				✔
	9421300999999994	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9421301999999992	✔ Yes			✔	✘ Not Valid		✔
	9421302999999990	✔ Yes			✔	✘ Not Valid			✔
	9421303999999998	✔ Yes			✔	✘ Not Valid				✔
	9421310999999993	✔ Yes			✔	✔		✘ Not Valid
	9421311999999991	✔ Yes			✔	✔		✔
	9421312999999999	✔ Yes			✔	✔			✔
	9421313999999997	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
NYCE Visa	9430100999999997	✘ No	✔			✘ Not Valid		✘ Not Valid
	9430101999999995	✘ No	✔			✘ Not Valid		✔
	9430102999999993	✘ No	✔			✘ Not Valid			✔
	9430103999999991	✘ No	✔			✘ Not Valid				✔
	9430110999999996	✘ No	✔			✔		✘ Not Valid
	9430111999999994	✘ No	✔			✔		✔
	9430112999999992	✘ No	✔			✔			✔
	9430113999999990	✘ No	✔			✔				✔
	9430200999999995	✘ No		✔		✘ Not Valid		✘ Not Valid
	9430201999999993	✘ No		✔		✘ Not Valid		✔
	9430202999999991	✘ No		✔		✘ Not Valid			✔
	9430203999999999	✘ No		✔		✘ Not Valid				✔
	9430210999999994	✘ No		✔		✔		✘ Not Valid
	9430211999999992	✘ No		✔		✔		✔
	9430212999999990	✘ No		✔		✔			✔
	9430213999999998	✘ No		✔		✔				✔
	9430300999999993	✘ No			✔	✘ Not Valid		✘ Not Valid
	9430301999999991	✘ No			✔	✘ Not Valid		✔
	9430302999999999	✘ No			✔	✘ Not Valid			✔
	9430303999999997	✘ No			✔	✘ Not Valid				✔
	9430310999999992	✘ No			✔	✔		✘ Not Valid
	9430311999999990	✘ No			✔	✔		✔
	9430312999999998	✘ No			✔	✔			✔
	9430313999999996	✘ No			✔	✔				✔
	9431100999999996	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9431101999999994	✔ Yes	✔			✘ Not Valid		✔
	9431102999999992	✔ Yes	✔			✘ Not Valid			✔
	9431103999999990	✔ Yes	✔			✘ Not Valid				✔
	9431110999999995	✔ Yes	✔			✔		✘ Not Valid
	9431111999999993	✔ Yes	✔			✔		✔
	9431112999999991	✔ Yes	✔			✔			✔
	9431113999999999	✔ Yes	✔			✔				✔
	9431200999999994	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9431201999999992	✔ Yes		✔		✘ Not Valid		✔
	9431202999999990	✔ Yes		✔		✘ Not Valid			✔
	9431203999999998	✔ Yes		✔		✘ Not Valid				✔
	9431210999999993	✔ Yes		✔		✔		✘ Not Valid
	9431211999999991	✔ Yes		✔		✔		✔
	9431212999999999	✔ Yes		✔		✔			✔
	9431213999999997	✔ Yes		✔		✔				✔
	9431300999999992	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9431301999999990	✔ Yes			✔	✘ Not Valid		✔
	9431302999999998	✔ Yes			✔	✘ Not Valid			✔
	9431303999999996	✔ Yes			✔	✘ Not Valid				✔
	9431310999999991	✔ Yes			✔	✔		✘ Not Valid
	9431311999999999	✔ Yes			✔	✔		✔
	9431312999999997	✔ Yes			✔	✔			✔
	9431313999999995	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
CU24 Visa	9450100999999992	✘ No	✔			✘ Not Valid		✘ Not Valid
	9450101999999990	✘ No	✔			✘ Not Valid		✔
	9450102999999998	✘ No	✔			✘ Not Valid			✔
	9450103999999996	✘ No	✔			✘ Not Valid				✔
	9450110999999991	✘ No	✔			✔		✘ Not Valid
	9450111999999999	✘ No	✔			✔		✔
	9450112999999997	✘ No	✔			✔			✔
	9450113999999995	✘ No	✔			✔				✔
	9450200999999990	✘ No		✔		✘ Not Valid		✘ Not Valid
	9450201999999998	✘ No		✔		✘ Not Valid		✔
	9450202999999996	✘ No		✔		✘ Not Valid			✔
	9450203999999994	✘ No		✔		✘ Not Valid				✔
	9450210999999999	✘ No		✔		✔		✘ Not Valid
	9450211999999997	✘ No		✔		✔		✔
	9450212999999995	✘ No		✔		✔			✔
	9450213999999993	✘ No		✔		✔				✔
	9450300999999998	✘ No			✔	✘ Not Valid		✘ Not Valid
	9450301999999996	✘ No			✔	✘ Not Valid		✔
	9450302999999994	✘ No			✔	✘ Not Valid			✔
	9450303999999992	✘ No			✔	✘ Not Valid				✔
	9450310999999997	✘ No			✔	✔		✘ Not Valid
	9450311999999995	✘ No			✔	✔		✔
	9450312999999993	✘ No			✔	✔			✔
	9450313999999991	✘ No			✔	✔				✔
	9451100999999991	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9451101999999999	✔ Yes	✔			✘ Not Valid		✔
	9451102999999997	✔ Yes	✔			✘ Not Valid			✔
	9451103999999995	✔ Yes	✔			✘ Not Valid				✔
	9451110999999990	✔ Yes	✔			✔		✘ Not Valid
	9451111999999998	✔ Yes	✔			✔		✔
	9451112999999996	✔ Yes	✔			✔			✔
	9451113999999994	✔ Yes	✔			✔				✔
	9451200999999999	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9451201999999997	✔ Yes		✔		✘ Not Valid		✔
	9451202999999995	✔ Yes		✔		✘ Not Valid			✔
	9451203999999993	✔ Yes		✔		✘ Not Valid				✔
	9451210999999998	✔ Yes		✔		✔		✘ Not Valid
	9451211999999996	✔ Yes		✔		✔		✔
	9451212999999994	✔ Yes		✔		✔			✔
	9451213999999992	✔ Yes		✔		✔				✔
	9451300999999997	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9451301999999995	✔ Yes			✔	✘ Not Valid		✔
	9451302999999993	✔ Yes			✔	✘ Not Valid			✔
	9451303999999991	✔ Yes			✔	✘ Not Valid				✔
	9451310999999996	✔ Yes			✔	✔		✘ Not Valid
	9451311999999994	✔ Yes			✔	✔		✔
	9451312999999992	✔ Yes			✔	✔			✔
	9451313999999990	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
Accel Visa	9480100999999996	✘ No	✔			✘ Not Valid		✘ Not Valid
	9480101999999994	✘ No	✔			✘ Not Valid		✔
	9480102999999992	✘ No	✔			✘ Not Valid			✔
	9480103999999990	✘ No	✔			✘ Not Valid				✔
	9480110999999995	✘ No	✔			✔		✘ Not Valid
	9480111999999993	✘ No	✔			✔		✔
	9480112999999991	✘ No	✔			✔			✔
	9480113999999999	✘ No	✔			✔				✔
	9480200999999994	✘ No		✔		✘ Not Valid		✘ Not Valid
	9480201999999992	✘ No		✔		✘ Not Valid		✔
	9480202999999990	✘ No		✔		✘ Not Valid			✔
	9480203999999998	✘ No		✔		✘ Not Valid				✔
	9480210999999993	✘ No		✔		✔		✘ Not Valid
	9480211999999991	✘ No		✔		✔		✔
	9480212999999999	✘ No		✔		✔			✔
	9480213999999997	✘ No		✔		✔				✔
	9480300999999992	✘ No			✔	✘ Not Valid		✘ Not Valid
	9480301999999990	✘ No			✔	✘ Not Valid		✔
	9480302999999998	✘ No			✔	✘ Not Valid			✔
	9480303999999996	✘ No			✔	✘ Not Valid				✔
	9480310999999991	✘ No			✔	✔		✘ Not Valid
	9480311999999999	✘ No			✔	✔		✔
	9480312999999997	✘ No			✔	✔			✔
	9480313999999995	✘ No			✔	✔				✔
	9481100999999995	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9481101999999993	✔ Yes	✔			✘ Not Valid		✔
	9481102999999991	✔ Yes	✔			✘ Not Valid			✔
	9481103999999999	✔ Yes	✔			✘ Not Valid				✔
	9481110999999994	✔ Yes	✔			✔		✘ Not Valid
	9481111999999992	✔ Yes	✔			✔		✔
	9481112999999990	✔ Yes	✔			✔			✔
	9481113999999998	✔ Yes	✔			✔				✔
	9481200999999993	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9481201999999991	✔ Yes		✔		✘ Not Valid		✔
	9481202999999999	✔ Yes		✔		✘ Not Valid			✔
	9481203999999997	✔ Yes		✔		✘ Not Valid				✔
	9481210999999992	✔ Yes		✔		✔		✘ Not Valid
	9481211999999990	✔ Yes		✔		✔		✔
	9481212999999998	✔ Yes		✔		✔			✔
	9481213999999996	✔ Yes		✔		✔				✔
	9481300999999991	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9481301999999999	✔ Yes			✔	✘ Not Valid		✔
	9481302999999997	✔ Yes			✔	✘ Not Valid			✔
	9481303999999995	✔ Yes			✔	✘ Not Valid				✔
	9481310999999990	✔ Yes			✔	✔		✘ Not Valid
	9481311999999998	✔ Yes			✔	✔		✔
	9481312999999996	✔ Yes			✔	✔			✔
	9481313999999994	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
STAR Pulse Visa	9710100999999998	✘ No	✔			✘ Not Valid		✘ Not Valid
	9710101999999996	✘ No	✔			✘ Not Valid		✔
	9710102999999994	✘ No	✔			✘ Not Valid			✔
	9710103999999992	✘ No	✔			✘ Not Valid				✔
	9710110999999997	✘ No	✔			✔		✘ Not Valid
	9710111999999995	✘ No	✔			✔		✔
	9710112999999993	✘ No	✔			✔			✔
	9710113999999991	✘ No	✔			✔				✔
	9710200999999996	✘ No		✔		✘ Not Valid		✘ Not Valid
	9710201999999994	✘ No		✔		✘ Not Valid		✔
	9710202999999992	✘ No		✔		✘ Not Valid			✔
	9710203999999990	✘ No		✔		✘ Not Valid				✔
	9710210999999995	✘ No		✔		✔		✘ Not Valid
	9710211999999993	✘ No		✔		✔		✔
	9710212999999991	✘ No		✔		✔			✔
	9710213999999999	✘ No		✔		✔				✔
	9710300999999994	✘ No			✔	✘ Not Valid		✘ Not Valid
	9710301999999992	✘ No			✔	✘ Not Valid		✔
	9710302999999990	✘ No			✔	✘ Not Valid			✔
	9710303999999998	✘ No			✔	✘ Not Valid				✔
	9710310999999993	✘ No			✔	✔		✘ Not Valid
	9710311999999991	✘ No			✔	✔		✔
	9710312999999999	✘ No			✔	✔			✔
	9710313999999997	✘ No			✔	✔				✔
	9711100999999997	✔ Yes	✔			✘ Not Valid		✘ Not Valid
	9711101999999995	✔ Yes	✔			✘ Not Valid		✔
	9711102999999993	✔ Yes	✔			✘ Not Valid			✔
	9711103999999991	✔ Yes	✔			✘ Not Valid				✔
	9711110999999996	✔ Yes	✔			✔		✘ Not Valid
	9711111999999994	✔ Yes	✔			✔		✔
	9711112999999992	✔ Yes	✔			✔			✔
	9711113999999990	✔ Yes	✔			✔				✔
	9711200999999995	✔ Yes		✔		✘ Not Valid		✘ Not Valid
	9711201999999993	✔ Yes		✔		✘ Not Valid		✔
	9711202999999991	✔ Yes		✔		✘ Not Valid			✔
	9711203999999999	✔ Yes		✔		✘ Not Valid				✔
	9711210999999994	✔ Yes		✔		✔		✘ Not Valid
	9711211999999992	✔ Yes		✔		✔		✔
	9711212999999990	✔ Yes		✔		✔			✔
	9711213999999998	✔ Yes		✔		✔				✔
	9711300999999993	✔ Yes			✔	✘ Not Valid		✘ Not Valid
	9711301999999991	✔ Yes			✔	✘ Not Valid		✔
	9711302999999999	✔ Yes			✔	✘ Not Valid			✔
	9711303999999997	✔ Yes			✔	✘ Not Valid				✔
	9711310999999992	✔ Yes			✔	✔		✘ Not Valid
	9711311999999990	✔ Yes			✔	✔		✔
	9711312999999998	✔ Yes			✔	✔			✔
	9711313999999996	✔ Yes			✔	✔				✔
^top Network	Card Number	Regulated	Card Type			Pull (Type)		Push (Availability)
^top Network	Card Number	Regulated	Debit	Credit	PrePaid	Single	Dual	Immediate	Next	Few
Credit Cards	9810203999999999	✘ No		✔		✘ Not Valid				✔

Sample Flows

There are only a few simple flows:

Retrieve Client's Attributes (Information)

	API Call	Description
1	Retrieve Client	Client Attributes: Networks Limits


Create Key (optional)

	API Call	Description
2	Create Key	Encryption Key RSA Public Key


Transaction using an Account (Tokenization)

			API Call	Description
3			Query Card	Card Attributes
			API Call	Description
4			Create Account	Type: Card
					API Call	Description
5					Create Transaction Push	Transaction: Source: Settlement Destination: Account
					API Call	Description
6					Create Transaction Pull	Transaction: Source: Account Destination: Settlement


One Time Transaction

			API Call	Description
7			Query Card	Card Attributes
			API Call	Description
8			Create Transaction Push	Transaction: Source: Settlement Destination: Card
			API Call	Description
9			Create Transaction Pull	Transaction: Source: Card Destination: Settlement


Optionally Retrieve an Account, Update an Account, or Delete an Account

			API Call	Description
10			Retrieve Account
			API Call	Description
11			Update Account	Type: Card
			API Call	Description
12			Delete Account


Optionally Retrieve Transaction Information

					API Call	Description
13					Retrieve Transaction
			API Call	Description
14			Retrieve Transaction

Retrieve Client
Create Key (optional)
Query Card
Create Account
Create Transaction - Push
Create Transaction - Pull
Query Card
Create Transaction - Push
Create Transaction - Pull
Retrieve Account
Update Account
Delete Account
Retrieve Transaction
Retrieve Transaction

Code Samples

There is no SDK because the TabaPay Web Service (API) is just a simple RESTful Web Service that uses standard HTTPS to:

connect
send request
receive response
disconnect

where the Request Data and the Response Data are formatted using standard JSON.

Therefore, you can use almost any programming language. We assume that you are an expert in the language you have selected to use.

You can also use command line utilities such as:

If you need help in using the TabaPay Web Service (API), we recommend using one of the command line utilities first. By doing this first, it eliminates any language specific issues or uniquenesses, and since there are so many programming languages available today, we may not be an expert in (or even have used) the language you are trying to use. Also, by doing this first, it can help eliminate networking issues such as firewalls blocking the requests and/or responses.

We do provide some simple samples in various common programming languages:

Java
JavaScript under node.js
Go
Python
Ruby

These are meant to be simple samples and are not meant for production use.

curl

A GET Request (Retrieve Client):

curl https://<FQDN>/v1/clients/<ClientID>
     -H "Authorization: Bearer <TokenValue>"

A POST Request (Query Card):

curl https://<FQDN>/v1/clients/<ClientID>/cards
     -H "Authorization: Bearer <TokenValue>"
     -H "Content-type: application/json"
     -X POST
     -d "{\"card\":{\"accountNumber\":\"9999999999999999\"}}"

These were last tested successfully using:

curl 7.51.0 on a Mac OSX System on 05/29/2017
curl 7.47.0 on a Ubuntu 16.04 System on 05/29/2017
curl 7.54.0 on a Windows System on 05/29/2017

wget

A GET Request (Retrieve Client):

wget -qO-
     https://<FQDN>/v1/clients/<ClientID>
     --header "Authorization: Bearer <TokenValue>"

A POST Request (Query Card):

wget -qO-
     https://<FQDN>/v1/clients/<ClientID>/cards
     --header "Authorization: Bearer <TokenValue>"
     --header "Content-type: application/json"
     --post-data "{\"card\":{\"accountNumber\":\"9999999999999999\"}}"

These were last tested successfully using:

wget 1.17.1 on a Ubuntu 16.04 System on 05/29/2017
wget 1.19.1 on a Windows System on 05/29/2017

openssl s_client

A GET Request (Retrieve Client):

openssl s_client -connect <FQDN>:443

GET /v1/clients/<ClientID> HTTP/1.0
Authorization: Bearer <TokenValue>

A POST Request (Query Card):

openssl s_client -connect <FQDN>:443

POST /v1/clients/<ClientID>/cards HTTP/1.0
Authorization: Bearer <TokenValue>
Content-type: application/json
Content-length: 45

{"card":{"accountNumber":"9999999999999999"}}

These were last tested successfully using:

OpenSSL 0.9.8zh on a Mac OSX System on 05/29/2017
OpenSSL 1.0.2g on a Ubuntu 16.04 System on 05/29/2017
OpenSSL 1.0.2g on a Windows System on 05/29/2017

Java

A GET Request (Retrieve Client):

import java.io.InputStream;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

public class Sample
{
    public static void main( String[] asArgs )
    {
        try
        {
            URL urlService = new URL( "https://<FQDN>/v1/clients/<ClientID>" );

            HttpsURLConnection connectionService =
                (HttpsURLConnection) urlService.openConnection();

            connectionService.setRequestMethod( "GET" );
            connectionService.setRequestProperty(
                "Authorization", "Bearer " + "<TokenValue>"
            );

            int iStatusCode = connectionService.getResponseCode();
            System.out.println( "TabaPay API Call, SC=" + iStatusCode );

            InputStream insResponse = iStatusCode == 200
                                    ? connectionService.getInputStream()
                                    : connectionService.getErrorStream();

            byte[] abResponse  = new byte[1024];
            int    iLengthRead = insResponse.read( abResponse );
            insResponse.close();

            System.out.println( new String( abResponse, 0, iLengthRead, "UTF-8" ) );
        }
        catch ( Throwable t )
        {
            t.printStackTrace();
        }
    }
}

A POST Request (Query Card):

import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

public class Sample
{
    public static void main( String[] asArgs )
    {
        try
        {
            URL urlService = new URL( "https://<FQDN>/v1/clients/<ClientID>/cards" );

            HttpsURLConnection connectionService =
                (HttpsURLConnection) urlService.openConnection();

            connectionService.setRequestMethod( "POST" );
            connectionService.setRequestProperty(
                "Authorization", "Bearer " + "<TokenValue>"
            );
            connectionService.setRequestProperty(
                "Content-type", "application/json"
            );

            byte[] abDataRequest =
                "{\"card\":{\"accountNumber\":\"9999999999999999\"}}".getBytes( "UTF-8" );

            connectionService.setDoOutput( true );
            OutputStream outsRequest = connectionService.getOutputStream();
            outsRequest.write( abDataRequest, 0, abDataRequest.length );
            outsRequest.close();

            int iStatusCode = connectionService.getResponseCode();
            System.out.println( "TabaPay API Call, SC=" + iStatusCode );

            InputStream insResponse = iStatusCode == 200
                                    ? connectionService.getInputStream()
                                    : connectionService.getErrorStream();

            byte[] abResponse  = new byte[1024];
            int    iLengthRead = insResponse.read( abResponse );
            insResponse.close();

            System.out.println( new String( abResponse, 0, iLengthRead, "UTF-8" ) );
        }
        catch ( Throwable t )
        {
            t.printStackTrace();
        }
    }
}

These were last tested successfully using Java 1.8 on 05/30/2017 and reverified on 08/08/2017.

RSA Encryption using CryptoRSA Class in TabaPayAPIHelpers.jar:

import com.tabapay.api.helpers.security.rsa.CryptoRSA;
import com.tabapay.samples.CallTabaPay;
import com.tabapay.samples.CallTabaPay.KeyData;

public class APIHelpers
{
    public static void main( String[] asArgs )
    {
        String sCardData = "9999999999999999|202012|";                          // Card Number | Expiration Date | CVV2

        try
        {
            int iExpirationInDays = 365;

            KeyData dataKey = CallTabaPay.CreateKey( iExpirationInDays );       // You Provide

            String sEncodedEncryptedData = CryptoRSA.encryptUsingPublicKey(     // TabaPayAPIHelpers.jar
                dataKey.m_sPublicKey,                                           //   Public Key from Create Key
                sCardData                                                       //   Card Data
            );

            CallTabaPay.QueryCard( dataKey.m_sKeyID, sEncodedEncryptedData );   // You provide
        }
        catch ( Throwable t )
        {
            t.printStackTrace();
        }
    }
}

JavaScript

A GET Request (Retrieve Client):

var https = require( "https" );

var options =
{
    host:    "<FQDN>",
    port:    443,
    path:    "/v1/clients/<ClientID>",
    method:  "GET",
    headers:
    {
        "Authorization": " Bearer <TokenValue>"
    }
};

var req = https.request( options, function( res )
{
    console.log( "statusCode: ", res.statusCode );

    res.on( "data", function( d )
    {
        process.stdout.write( d );
    });
}).on( "error", function( e )
{
    console.error( e );
});

req.end();

A POST Request (Query Card):

var https = require( "https" );

var options =
{
    host:    "<FQDN>",
    port:    443,
    path:    "/v1/clients/<ClientID>/cards",
    method:  "POST",
    headers:
    {
        "Authorization": " Bearer <TokenValue>",
        "Content-type": "application/json",
        "Content-length": "45"
    }
};

var req = https.request( options, function( res )
{
    console.log( "statusCode: ", res.statusCode );

    res.on( "data", function( d )
    {
        process.stdout.write( d );
    });
}).on( "error", function( e )
{
    console.error( e );
});

req.write( '{"card":{"accountNumber":"9999999999999999"}}' );
req.end();

These were last tested successfully using NodeJS 6.10.3 on 05/31/2017.

Go

A GET Request (Retrieve Client):

package main

import (
  "fmt"
  "io/ioutil"
  "net/http"
)

func main() {
    client := &http.Client{}
    req, err := http.NewRequest(
        "GET",
        "https://<FQDN>/v1/clients/<ClientID>",
        nil)
    if err != nil {
        panic(err)
    }
    req.Header.Add("Authorization", "Bearer <TokenValue>")
    resp, err := client.Do(req)
    if err != nil {
        panic(err)
    }
    body, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()
    fmt.Println(string(body))
}

A POST Request (Query Card):

package main

import (
  "fmt"
  "io/ioutil"
  "net/http"
  "strings"
)

func main() {
    client := &http.Client{}
    req, err := http.NewRequest(
        "POST",
        "https://<FQDN>/v1/clients/<ClientID>/cards",
        strings.NewReader("{\"card\":{\"accountNumber\":\"9999999999999999\"}}"))
    if err != nil {
        panic(err)
    }
    req.Header.Add("Authorization", "Bearer <TokenValue>")
    req.Header.Add("Content-type", "application/json")
    resp, err := client.Do(req)
    if err != nil {
        panic(err)
    }
    body, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()
    fmt.Println(string(body))
}

These were last tested successfully using go 1.9.2 on 11/30/2017.

Python

A GET Request (Retrieve Client):

import httplib

conn = httplib.HTTPSConnection( '<FQDN>' )
conn.putrequest( 'GET', '/v1/clients/<ClientID>' )
conn.putheader( 'Authorization', 'Bearer <TokenValue>' )
conn.endheaders()
response = conn.getresponse()
print response.read()

A POST Request (Query Card):

import httplib

conn = httplib.HTTPSConnection( '<FQDN>' )
conn.putrequest( 'POST', '/v1/clients/<ClientID>/cards' )
conn.putheader( 'Authorization', 'Bearer <TokenValue>' )
conn.putheader( 'Content-type', 'application/json' )
conn.putheader( 'Content-length', '45' )
conn.endheaders()
conn.send( '{"card":{"accountNumber":"9999999999999999"}}' )
response = conn.getresponse()
print response.read()

These were tested successfully using Python 2.7.10 on 05/30/2017.

Ruby

A GET Request (Retrieve Client):

require 'net/https'

uri = URI.parse( 'https://<FQDN>/v1/clients/<ClientID>' )
http = Net::HTTP.new( uri.host, uri.port )
http.use_ssl = true
request = Net::HTTP::Get.new( uri.request_uri )
request.add_field( "Authorization", "Bearer <TokenValue>")
response = http.request( request )

puts response.body

A POST Request (Query Card):

require 'net/https'
require 'json'

uri = URI.parse( 'https://<FQDN>/v1/clients/<ClientID>/cards' )
http = Net::HTTP.new( uri.host, uri.port )
http.use_ssl = true
request = Net::HTTP::Post.new( uri.request_uri, 'Content-Type' => 'application/json' )
request.add_field( "Authorization", "Bearer <TokenValue>")
request.body = {card:{accountNumber: '9999999999999999'}}.to_json
response = http.request( request )
puts response.body

These were tested successfully using Ruby 2.0.0p648 on 05/31/2017.

PCI Helpers

These sections are still a Work in progress...

These TabaPay features are to help our Clients with PCI, but it does not remove the PCI requirements for the Client.

PCI Helper - SSO

This section is still a Work in progress... Also see the PCI Helper - SSO FAQ. The samples and examples decribed here are now running in the Sandbox Environment.

How SSO works

See some working samples on how this might work.

The samples are only samples. We can provide a generic (plain/simple) SSO HTML Web Page; but, we think that allowing you to customize it to match your WebSite (colors, layout, errors handling, etc...) would be a much better solution, however, that means you will need to provide the HTML, CSS, and JavaScript.

The Imbedded Form Sample (currently) only shows one input method:

Keyboard Entry

while the Modal Dialog Box Overlay shows 3 possible input methods:

Keyboard Entry
KeyPad Entry
Card Swipe Entry

For the KeyPad Entry and Card Swipe Entry, please contact sales@TabaPay.com. For the Keyboard Entry, this sample allows the Customer on the Customer's browser to enter the following 3 pieces of Cardholder Data:

Card Account Number
Expiration Date
Security Code - CVV2 (optional)

A Card Token is generated that can be used in the following API Calls:

In order to use this Solution, it does require the use of a modern browser, so be sure your users are using a modern browser. We have last tested this Solution successfully using:

Google Chrome 65
Mozilla FireFox 55
Apple Safari 11.1
Microsoft Edge 38

Please ensure this browser usage by your users before deciding to use this Solution.

View Addtional Details

Hide Addtional Details

The following is meant to be only a simple sample on how this may work and is not meant for production use or imply that it is production ready.

Client Web Page

Add a Listener for the Return from TabaPay SSO

window.addEventListener( "message", pfReceivedMessage, false );

Function to handle Return from TabaPay SSO

var pfReceivedMessage = function( event )
{
  if ( event.data != "Close" )
  {
    if ( event.data.slice( 0, 7 ) == "Error: " )
    {
      // Error
    }
    else
    {
      var asData = event.data.split( "|" );
      if ( asData.length == 3 )
      {
        // asData[ 0 ] contains the Last 4
        // asData[ 1 ] contains the Expiration Date in YYYYMM Format
        // asData[ 2 ] contains the Card Token
      }
      else
      {
        // Data Error
      }
    }
  }
  else
  {
    // Close or Cancel
  }
}

JavaScript Code to load TabaPay SSO when needed

document.getElementById( "sso" ).src = "https://<FQDN>/<PageName>.html?<Unique>";

HTML to include TabaPay SSO

<div><iframe id="sso"></iframe></div>

Client BackEnd Server

Can use the Card Token in the following TabaPay API Calls:

Customization of SSO

If you are providing the HTML, CSS, and JavaScript to us:

HTML must be minifiable
CSS must be minifiable
JavaScript must be compilable (with no warnings or errors) with the Google Closure Compiler
No External JavaScript Libraries, No External JavaScript Frameworks
The Results will be a single HTML file
Any external images will be hosted from your servers
We will control and own the HTML, CSS, and JavaScript (please check with your legal department)

Clarifications (feedback from Early Users):

You will provide us with the HTML, CSS, JavaScript:
- Formatted as for Development (leave spaces, indentation, whitespace, blank lines, etc...)
- Leave Comments in as for Development
- We have to understand the code you send to us, so keep it (very) simple...
We (TabaPay) will minify the HTML, CSS, JavaScript:
- If there are issues, we will try to fix...
- If we can't fix (easily), we may ask you to revise it...
Due to PCI, we cannot include external libraries or frameworks...
And again due to PCI, we have to own the code (HTML, CSS, JavaScript), so please check with your Legal Department...

Also see the Step-by-Step Example below of this process including our expectations of the expected file (or 3 files: HTML, CSS, and JavaScript) that we will be receiving from you.

Common sense (real world) facts about this customization:

Take advantage of this (almost) complete control of this customization and the ability for you to customize it, but:
- Be Simple
- Be Reasonable
- Understand some of the Restrictions, if any
- If we say we cannot do something, show us how to do it simply and we will take another look
- If we say no, please accept that it can't be done or we can't do it
Due to time constraints, we can only do minor tweaks after the initial delivery of the HTML, CSS, and JavaScript.

Other Notes:

Expiration of the Card Token?

View Step-by-Step Example

Hide Step-by-Step Example

The following is only a very simple example and is not meant for production use or imply that it is production ready. Also see the PCI Helper - SSO FAQ.

(1) My Custom SSO Web Page

It is:

(Very) Simple
Reasonable (in complexity and size)
Easy to understand
No External Libraries or Frameworks

and it is nicely formatted for a developer to read:

Code is Indented
Source is Commented

<!DOCTYPE html>
<html>
<head>
<style>
/*
 * Table Header
 * 1st Column
 */
th
{
  text-align: right;
  padding-right: 10px;
}
/*
 * Form Button(s) Row
 */
.b
{
  padding-top: 10px;
  text-align: center;
}
</style>
<script>
function fCheckCardNumber( psCardNumber )
{
  //
  // Code to Check Card Number
  //
  if ( psCardNumber.length < 13 || psCardNumber.length > 19 )
  {
    return false;
  }
  //
  // More Checks?
  //   Card Range?
  //   All Digits?
  //   Luhn Checksum?
  //

  //
  // If you want use TabaPay's Common Utils,
  //   (1) remove the above check
  //   (2) and add the following if statement
  //
  // if ( ! TabaPayCommonUtils.fCheckCardNumber( psCardNumber ) )
  // {
  //    return false;
  // }
  //

  return true;
}
function fCheckExpirationDate( psExpirationDate )
{
  //
  // Code to Check Expiration Date
  //
  if ( psExpirationDate.length != 5 || psExpirationDate.slice( 2, 3 ) != "/" )
  {
    return false;
  }
  //
  // More Checks?
  //   Check Month and Year
  //

  //
  // If you want use TabaPay's Common Utils,
  //   (1) remove the above check
  //   (2) and add the following if statement
  //
  // if ( ! TabaPayCommonUtils.fCheckCardExpirationDate( psExpirationDate ) )
  // {
  //    return false;
  // }

  return true;
}
function fCheckSecurityCode( psSecurityCode )
{
  //
  // Code to Check Security Code
  //
  if ( psSecurityCode.length < 3 || psSecurityCode.length > 4 )
  {
    return false;
  }
  //
  // More Checks?
  //   Check Number
  //

  //
  // If you want use TabaPay's Common Utils,
  //   (1) remove the above check
  //   (2) and add the following if statement
  //
  // // Currently this only does minimal checking
  // // If you want a more thourogh Security Code check,
  // //   feel free to replace this with your own function
  //
  // if ( ! TabaPayCommonUtils.fCheckSecurityCode( psSecurityCode ) )
  // {
  //    return false;
  // }
  //

  return true;
}
function fClear()
{
  document.getElementById("c").value="";
  document.getElementById("e").value="";
  document.getElementById("s").value="";
}
function fSubmit()
{
  var sCardNumber     = document.getElementById("c").value.trim();
  var sExpirationDate = document.getElementById("e").value.trim();
  var sSecurityCode   = document.getElementById("s").value.trim();
  //
  // Check Card Number
  //
  if ( sCardNumber.length == 0 )
  {
    alert( "Missing Card Number" );
    return;
  }
  if ( ! fCheckCardNumber( sCardNumber ) )
  {
    alert( "Bad Card Number" );
    return;
  }
  //
  // Check Expiration Date
  //
  if ( sExpirationDate.length == 0 )
  {
    alert( "Missing Expiration Date" );
    return;
  }
  if ( ! fCheckExpirationDate( sExpirationDate ) )
  {
    alert( "Bad Expiration Date" );
    return;
  }
  //
  // Check Security Code (optional)
  //
  if ( sSecurityCode.length > 0 )
  {
    if ( ! fCheckSecurityCode( sSecurityCode ) )
    {
      alert( "Bad Security Code" );
      return;
    }
  }
  //
  // All Checks ok
  //

  // TabaPay will add code here
  //   temporarily use an alert to display the values
  alert( sCardNumber + "," + sExpirationDate + "," + sSecurityCode );
}
function fCancel()
{
  // TabaPay will add code here
  //   temporarily use an alert to indicate Cancel
  alert( "Cancelled" );
}
</script>
</head>
<body>
<form>
  <table>
    <tr>
      <th>Card Number</th>
      <td><input id="c" type="password" placeholder="13-19 digits"></td>
    </tr>
    <tr>
      <th>Expiration Date</th>
      <td><input id="e" placeholder="MM/YY Format"></td>
    </tr>
    <tr>
      <th>Security Code</th>
      <td><input id="s" placeholder="3-4 digits"></td>
    </tr>
    <tr>
      <td class="b" colspan="2">
        <input type="button" value="Clear" onclick="fClear()"/>
        &nbsp;
        <input type="button" value="Use Card Data" onclick="fSubmit()"/>
      </td>
    </tr>
    <tr>
      <td class="b" colspan="2"><input type="button" value="Cancel" onclick="fCancel()"/></td>
    </tr>
  </table>
</form>
</body>
</html>

The use of Alerts in the above example was only used to simplify the example and not clutter the JavaScript Code in the example. We recommend that you change the usage of Alerts to something more appropriate that matches your WebSite. Again, the above example is not meant for production use or imply that it is production ready.

(2) Please QA the My Custom SSO Web Page before (3)

(2a) TabaPay QA will only do a cursory check

(2b) There will be a very limited number of back and forth

(2c) It will be your responsibility for your Custom SSO Web Page

(3) Submit My Custom SSO Web Page to TabaPay

(4) Wait for TabaPay to complete the modifications to the Custom SSO Web Page

(5) TabaPay will make your Custom SSO Web Page available

(6) Test using TabaPay's Test your SSO Web Page

Goto the See some working samples link above

Use the filename: MyCustomSSOExample
and be sure to set the desired width and height
also this Example has an image that is hosted externally

(7) Include in your Web Page

Goto the View Additional Details link above on how to do this...

PCI Helper - RSA

This section is still a Work in progress... Also see the PCI Helper - RSA FAQ.

How to use RSA

Due to the number of computer languages available today, we will be using OpenSSL, the well-known and widely used cryptography library, to show how to use RSA to create the value for the data parameter in the following TabaPay API Calls:

The data contains:

Card Account Number
Card Expiration Date
Card Security Code

Here are the steps in creating the data parameter for the TabaPay API Calls:

Create a Key
- Use the TabaPay API Call: Create Key
  - The returned format of the Public Key depends upon what language you are using and what libraries (in the language) you are using, however:
    - RAW Format (consisting of exponent and modulus) can be easily converted to ASN.1 Format
    - ASN.1 Format can be easily converted to RAW Format (consisting of exponent and modulus)
- OpenSSL, for this example, will be using ASN.1 Format
Save the keyID
Convert the key (in ASN.1 Format) from Base64 URL-Safe to regular Base64 Encoding
Create a file containing the Public Key, we will use PEM Format, but we could have also use DER Format instead:
- Use an editor, like vi, and create a public.key
- First Line contains: -----BEGIN PUBLIC KEY-----
- Next Line contains the Base64 (not URL-Safe) Encoded Key: MIIBI...AQAB
- Last Line contains: -----END PUBLIC KEY-----
Create a file containing the Card Data, separated by "|" (pipe symbol):
- Card Account Number
- Card Expiration Date
- Card Security Code
Example is: 9400100999999993|209912|123
Use OpenSSL to encrypt the Card Data, RSA with Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding:
openssl pkeyutl -in card.data -out encrypted.data -inkey public.key -keyform PEM -pubin -encrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
Convert the Encrypted Data in the file to Base64 URL-Safe Encoding
You can now use:
- keyID from (2)
- data, Base64 URL-Safe Encoding, from (7)
in the following TabaPay API Calls:

Make sure the version of OpenSSL that you are using is at least 1.0.2k.

If you are having problems, hopefully this example can help you in the language you are using... Some languages, such as:

Python
Ruby

use the OpenSSL library.

General FAQ

Need help?

Why is there no SDK?

The API is just a simple RESTful Web Service that uses standard HTTPS to:

connect
send request
receive response
disconnect

where the Request Data and the Response Data are formatted using standard JSON.

Therefore, you can use almost any programming language; however, there are so many programming languages available today, we may not be an expert in (or even have used) the language you are trying to use. We assume that you are an expert in the language you have selected to use.

Having connection issues?

Try using one of the command line utilities first. Usually it can help diagnose networking issues such as firewall configurations, IP whitelisting, etc... Also it helps in eliminating any language specific issues or uniquenesses, and since there are so many programming languages available today, we may not be an expert in (or even have used) the language you are trying to use.

Curious? What do we use?

We currently use Java for all Production Applications (and Tools) but migrating to Go.

We use Go for all our Testing (QA) Tools.

For Reports, the Accounting Department is currently using Python.

ISO

Unfortunately this acronym stands for:

Hopefully the context where it is being used will make the definition of the acronym obvious.

Data FAQ

Is there a JSON Schema?

We allow additional JSON pairs (NVPs) to be added in a request (though we don't recommend this) and we may return back additional JSON pairs (NVPs) in a response (optional JSON pairs (NVPs) that you may not be using but another client may be using). We also allow JSON pairs (NVPs) to be sent in a request in any order and we may return back JSON pairs (NVPs) in a response in any order.

Be sure you can handle "freeform" JSON responses.

What is the type of a Data Value? Is it a String, an Integer, an Amount, a Boolean, or what?

We treat all Data Values initially as Strings. We then apply a Value Restriction to the String. So for example:

an Integer, we look for a string with only digits
an Amount, for currency number 840, USD, we look for a string with only digits and a single decimal point with two decimal digits but no commas nor currency sign
a Boolean, we look for a string with the value of either true or false

Therefore, we should be able to parse almost all JSON Requests without having to just return a generic error (parse error).

How to specify an Amount Value?

In order to handle international currencies, an Amount is a String. International currencies:

use either a point or a comma as their decimal mark and
might have a maximum of 0, 1, 2, 3, or 4 decimal places.

So for example, for those using currency number 840, USD, an Amount must have a decimal point (.) with 2 decimal digits and no commas (,) nor currency sign ($). Examples:

1000.20

Valid

1.20

Valid

0.20

Valid

.20

Valid

Invalid, 2 decimal digits are required

1.4

Invalid, 2 decimal digits are required

1,000.21

Invalid, comma not needed

$10.21

Invalid, dollar sign not needed

Is there a size limitation to String Values?

Unless specified in the Value column, String Values can be of any reasonable size. However there is a limitation to the total number of bytes in your request. And remember, some Unicode characters, especially international characters, are more than one byte.

Are null Values valid?

JSON Values that are null are accepted, according to the JSON Specifications, but it is preferred that you just leave out the pair (NVP):

Works:

{
  "NameA": "Test",
  "NameB": null,
  "NameC": "Test"
}

Preferred:

{
  "NameA": "Test",
  "NameC": "Test"
}

What valid characters can be used for fields such as Reference IDs, Memo, Names (first and last), etc...?

The API can accept any UTF-8 character; however, to be safe for other processes that may be using this data, we recommend the use of only the Base64 URL-Safe Character Set. We will also explicitly restrict the use of these characters:

● ,

Comma (used in csv files)

● "

Double Quotes (used in csv files)

● ~

Tilde

● ^

Caret

We do recommend the use of only the Base64 URL-Safe Character Set.

Base64 Encoding

Binary Data and some Strings, that are beyond Alphanumeric, should be encoded in Base64 with no padding and using the URL-Safe Character Set:

● A-Z

Uppercase alphabetic characters

● a-z

Lowercase alphabetic characters

● 0-9

Digits

● -

Minus Sign

● _

Underscore

Format of the JSON Request and Response Data?

We recommend deleting all whitespaces from the JSON Request. We will return a JSON Response in a packed format where all whitespaces are removed.

Nice for human:

{
  "NameA": "Test",
  "NameB": 1
}

But not so much for our Application and also it clutters our logs, so preferably:

{"NameA":"Test","NameB":1}

Errors FAQ

HTTP Status Codes?

See Status Codes for a list of HTTP Status Codes that might be returned.

PCI does require us to be cryptic in the Error Messages that we return back; but for certain 400 Series Errors, we may return back something in the Error Message (EM) field of the JSON Response that indicates what might be wrong.

You should never get a HTTP Status Code of 400 on Production

If you are getting a HTTP Status Code of 400 on the Production Environment, that usually means you are not handling these errors correctly on your end. We strongly recommend completing the Production Certification Test in its entirety, specifically the portion where we recommend integrating your application with our API calls.

Also, please see the Coding FAQ.

Use of HTTP Status Code 207?

You might get HTTP Status Code 207, when there is an Error while processing your Transaction due to some Upstream Process.

Everything on our end processed successfully:

Your request passed all our checks
Configuration is available to process your request
A record is created for your request (Transaction)

But an Error occurred in some Upstream Processing.

Customer Facing Error Messages?

We are a Server-to-Server Web Services (API) and we are not Customer Facing, so:

We do not provide User Friendly Error Messages.
We do not provide Error Details (because of PCI).
We do not recommend showing your Customers our Error Messages or Error Codes.

Your Application should catch as many errors as possible before sending the Request to us. You should not use us (API Request) to check the Customer's Data Errors. Therefore, if your Application is catching the obvious errors and you are not exposing Error Details from your Application or from our API, then there shouldn't be a lot of unique Error Messages back to the Customer.

Also, please see the Coding FAQ.

Sandbox Environment FAQ

Are there Test Card Numbers to use in the Sandbox Environment?

PCI requires us and you to use Test Card Numbers when testing. You should never use a real Card Number in the Sandbox Environment. See Samples - Test Cards where we provide various Test Card Numbers...

How to generate an error in the Sandbox Environment?

For Create Transaction, the Amount is used to trigger various errors while processing the Create Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):

Amount	Response			Actual Response		Error Description
Amount	Status Code	Network Response Code	Resource Status	Network Response Code	Resource Status	Error Description
0.01	200	ZZ (or 999)	ERROR	ZZ (or 999)	ERROR	Transaction Error
0.02	207		UNKNOWN		UNKNOWN	Transaction Processing Failed
0.03	200	00 (or 000)	COMPLETED	00 (or 000)	COMPLETED	Transaction Successful, but upstream processing was delayed for 30 seconds
0.04	207		UNKNOWN	00 (or 000)	COMPLETED	Transaction Successful, but upstream processing was delayed for 40 seconds

For Delete Transaction, the Create Transaction Amount is used to trigger various errors while processing the Delete Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):

Amount	Create Transaction Response			Delete Transaction Response			Error Description
Amount	Status Code	Network Response Code	Resource Status	Status Code	Reversal Network Response Code	Resource Status	Error Description
0.07	200	00 (or 000)	COMPLETED	200	ZZ (or 999)	UNKNOWN	Reversal Request failed
0.08	200	00 (or 000)	COMPLETED	200	21	UNKNOWN	Reversal Request failed, the Reversal was too late. Not available when routed to any Regional Network: Currently only STAR and Accel.

For AVS, Query Card, the Zip Code, Address, and Security Code are used to trigger various conditions while processing an AVS request in the Sandbox Environment:

Request			Response				Comments
Zip Code	Address	Security Code	Response Text	Network Response Code	Code AVS Results	Code Security Code Results	Comments
Any*	Any*	None	NOT DECLINED	85	Y		Zip Code and Address were matched
Any*	None	None	NOT DECLINED	85	Z		Zip Code was matched

Any*	Any or None	Any*	DEPENDS	DEPENDS	DEPENDS	M	Depends upon if Zip Code and Address matches or not, but Security Code was matched
Any*	Any or None	999	DECLINE	05	DEPENDS	N	Depends upon if Zip Code and Address matches or not, but Security Code was not matched

99990	Any or None	Any or None	DECLINE	05	U		Information not available
99991	Any or None	Any or None	DECLINE	05	R		AVS unavailable, retry
99992	Any*	None	DECLINE	05	A		Zip Code was not matched, but Address was matched
99992	None or 999 Bad	None	DECLINE	05	N		Zip Code and Address were not matched

99993	Any or None	Any or None	DEPENDS	DEPENDS	DEPENDS	DEPENDS	AVS Request delayed for 30 seconds
99994	Any or None	Any or None	UNKNOWN	UNKNOWN	UNKNOWN	UNKNOWN	AVS Request timed out

Any* - Any Zip Code that is not explicitly used to trigger a condition (99990-99994)
Any* - Any Address that is not explicitly used to trigger a condition (999...) - Address only checks the Street Number
Any* - Any Security Code that is not explicitly used to trigger a condition (999)

Is the Sandbox Environment PCI Compliant?

No.

You should be using Test Card Numbers when testing in the Sandbox Environment. You should never use a real Card Number in the Sandbox Environment. See Samples - Test Cards where we provide various Test Card Numbers...

What is the Sandbox Environment SLA?

There should be no expectations on the Sandbox Environment.

Production Environment FAQ

What is the maintenance window for the Production Environment?

There should be no outage during normal maintenance. We have activity 24x7x365 and the low points seem to be around mid-week.

How quickly can we do a change (configuration) on the Production Environment?

We are PCI Level 1 and SOC2 Type 2 Compliant. So, what does that mean? We are procedure and process controlled.

Some companies require us to be PCI Level 1 and SOC2 Type 2 Compliant. And then some of those same companies still expect us to do things for them immediately (and on Production). Here is a real life example that recently occurred:

A Client demanded to change their limit on a weekend night immediately
After changing their Limit, the same Client later demanded to change their limit again and again on a weekend night immediately
After changing their Limit again, we see they never reached the Limits they demanded, in fact, they never even reached their original Limit

Not everything is or can be an emergency...

Schedule for Production changes:

Have your request by Friday morning
Changes will be implemented by end of day Monday (or Tuesday, if Monday is a Holiday)

So please plan ahead... This includes boarding new clients, changing limits, whitelisting IPs, etc...

Why? (in regards to the above question)

Here is a quote from one of our Clients about their PCI Environment (not ours but theirs):

Our IT department frowns upon rapid-fire changes to the PCI environment.

So I hope everyone understands the restrictions and constraints of being in a PCI Environment.

Funny, we previously have used the same word: "frown" when a Client asks us to do something outside of our normal policies and procedures.

Ready to go into Production?

In order to go into Production, we need the following things to be completed:

PCI
- AOC or
- SAQ (select the correct questionnaire)
Certification Test on Sandbox
- Just run your normal QA Tests against your Application connected to our backend (API)
- And run various Error Conditions/Scenarios, see the Certification Test document from TabaPay Support
TabaPay Boarding Sheet
- Your Support Contact Information
- Your Financial (Accounting) Information

Certification Test?

We want you to run your full QA tests on your Application that is connected to our backend (API).
We want to see the different types of requests that you may be sending us.
We can provide feedback on what we are seeing in your requests.
We want to catch issues during this testing versus on Production.
We can catch problems, here are some of the real issues we have seen before we revised our Certification Test:
- Security Code was misspelled, so they (CVV2s) showed up in the clear in our logs which exposes us (PCI) and your customer.
- Amounts were incorrectly formatted, so some requests were failing (.4) and others were not (0.40).

That is why we want you to run your normal QA Tests on your Application that is connected to our backend (API) in the Sandbox Environment.

You should never get a HTTP Status Code of 400 on Production

Also, please see the Coding FAQ.

Locking your Client?

If the Bank and/or TabaPay detect something funny happening:

in your API Requests, or
with your Limits, or
with your Settlement Account

your Client may be LOCKed. We will try to contact you first, but the Bank may not.

If your Client is LOCKed, please contact TabaPay support.

Disabling your IP Address?

If TabaPay detects something funny coming from one of your IP Addresses that you requested to be whitelisted, we may have to remove that IP Address. We have WAFs and IDS/IPSs protecting all Internet Facing Systems. We shouldn't be receiving any kind of probes from your systems, so all probes will be detected as a hack attempt and will be shutdown.

If we do remove an IP Address, you have to resubmit a request to reenable the IP Address, so please contact TabaPay support.

A reason for disabling?

“Insanity is doing the same thing, over and over again, but expecting different results.”

PCI / SOC2 FAQ

What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. Also see PCI Security Standards Council.

What is SOC2 Type 2?

SOC stands for System and Organization Controls.

Are we PCI Compliant? SOC2 Type 2 Compliant?

TabaPay is a PCI Level 1 Service Provider.

TabaPay is SOC 2 Type 2 Certified.

Is the Sandbox Environment PCI Compliant?

No.

SSL/TLS Configuration?

We use Qualys SSL Server Test to check our SSL/TLS configuration on all internet facing systems:

Our configured Protocols and Cipher Suites:

WAF, Web Application Firewall, protection?

We have a WAF, Web Applicaiton Firewall, in front of all internet facing systems. So if our WAF detects something funny, such as something in the OWASP Top 10, your request will get rejected with SC=406.

Coding FAQ

As mentioned elsewhere multiple times:

We may not be an expert in (or even have used) the language you are trying to use. We assume that you are an expert in the language you have selected to use.

With that said, here are some questions that we have encountered that might be helpful to you:

My Program doesn't work?

Please provide the full Request and Response. If there was an error, the full error message (exception) and if available any stack trace. The more details, the better we can help you, and the faster we can help you.

If you contact TabaPay support, please send your Request and Response:

Request should include:

Date and Time of the Request and Time Zone (we have many Clients in many different parts of the world)
URL
Request Method (Get, Post, Put, or Delete)
Request Data (JSON), if any

Response should include:

HTTP Status Code
Response Data, if any
- (usually) JSON
- (but can be) HTML
Exception and Stack Trace, if any

SC=406

SC=400

Why you should never see SC=400 in Production?

All errors with a HTTP Status Code of 400 should have been caught before the API request is sent to us. We shouldn't have to return back a HTTP Status Code of 400. A HTTP Status Code of 400 means that something in your request is bad: Bad Request. You should not use us (API Request) to check for Customer entered data errors.

For example:

Card Account Number
Card Expiration Date
Amount

All of the above examples should have been caught on the client side (Customer's Device). It shouldn't need to travel from:

the Customer's Device
to your Servers
to our Servers
negative response (400) back to your Servers
and then finally some error message back to the Customer's Device

just to inform the Customer that the Customer entered a bad:

Card Account Number
or Card Expiration Date
or Amount

We believe the proper way of handling errors is:

Immediate
Interactive
Responsive

and that means if the Customer is on a Web Browser, then there should be:

JavaScript code

to catch obvious errors; and if the Customer is on a Mobile Device, then there should be:

Swift (or Objective-C) code on iOS
or Java code on Android

to catch obvious errors.

Even if an error gets past the code on the Customer's Device and goes up to your Servers, your BackEnd Code on your Servers should also catch these obvious errors. That is two layers of code that should have caught the error, so that is why we say:

We should never have to return back a SC=400 in Production...

That is why you should test on the Sandbox Environment and pass the Certification Test completely.

PCI Helper - SSO FAQ

Is it possible to customize the SSO?

We have temporarily suspended the fully Customization of the SSO. We will provide a generic SSO that you can modify only a few things like:

Font
Color

What is the process of submitting a customized SSO?

See PCI Helper - SSO in Samples... But to summarize:

You need to create a fully working HTML Page that meets our requirements (see PCI Helper - SSO in Samples...)
- Our QA will only do a cursory check and will reject any HTML Page that doesn't do the basic error checking:
  - Check Card Number
  - Check Expiration Date
  - Check Security Code
- Going to your Servers or even going to our Servers to do basic error checking, in our belief, is not the correct way to handle this, see the Coding FAQ.
- We prefer not to have to do a lot of back and forth, so please QA your HTML Page before submitting to us
  - You can contact us if you want our QA to help QA your HTML
- Remember that this is your HTML Page that you are presenting to your Customers.
Once our QA ok your HTML, your HTML Page is sent to our Build/Operations Department:
- Add the TabaPay specific code
- Move HTML Page to Sandbox Environment
- Again, our QA will do a cursory check
At this point you should QA (Test) your HTML Page and you can call the TabaPay API.

How long this takes will depend upon when we receive a working HTML Page. So how long is up to you. Deviating from our requirements will only cause delays.

Customization timeline and availability?

The reason why we will suspend the fully Customization of the SSO is Client Expectations... and our Expectations for the submitted SSO Web Page. Unfortunately there is a mismatch, so trying to clarify this mismatch, here are some points to consider beforehand to avoid the frustration by all sides with the process:

Normally we only do a build of a Client's SSO Web Page on the weekends and have it available by End-of-Day Monday, Tuesday if Monday is a holiday
We expect the Client to QA their own SSO Web Page
We will reject a Client's SSO Web Page if we find a problem
Like previously mention elsewhere, we do not want a lot of back and forth with the SSO Web Page
We hope this would be the sequence of events:
1. The Client reads the Developers WebSite to understand the SSO Web Page
2. The Client can ask support for any clarification
3. The Client develops their SSO Web Page
4. The Client tests (QA) their SSO Web Page
5. When the Client completes their testing, the Client submits their SSO Web Page
6. TabaPay only does a cursory QA of the Client's SSO Web Page
7. If TabaPay QA finds a problem with the Client's SSO Web Page, it will be rejected
8. TabaPay builds the SSO Web Page
9. TabaPay makes the SSO Web Page available by End-of-Day Monday (Tuesday if Monday is a holiday)
10. The Clients can now test the completed SSO Web Page
We only expect a sequential flow and we do not expect a loop in this flow. If your SSO Web Page was rejected, it has to restart the process over again.

Please Keep it SIMPLE, the more complex your SSO Web Page is, the harder it is for us to Add our Changes and Test our Changes. And having an abnormal SSO Web Page that is hard to Test will eventually be unTested and we will have to leave it to you to test the changes. So in the future, if you do have a difficult SSO Web Page, you will need to tell us how to test it or even give us tools to test it.

Just think, how many different SSO Web Pages we get, and each so very different, so far, none are similar. Just think how hard it is for us to try to change that code and then try to test it... Just think... Be in our shoes... So this is one reason why we will suspend the fully Customization of the SSO.

Compiling with the Google Closure Compiler?

We use the following options:

          --compilation_level ADVANCED_OPTIMIZATIONS

We use Advanced Optimizations for reasons other than for size. Size is just a nice side benefit.

Just like the HTML and CSS, we actually do not minify the HTML and CSS, but we pack them.

PCI Helper - RSA FAQ

RSA?

RSA is the most widely used asymmetric algorithm.

Using Encrypted Data in the TabaPay API Calls don't seem to be working?

Make sure you are using RSA with the Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding and the language you are using supports the correct (common usage) implementation of that transform.

Receiving a SC=500?

If you pass in an Encrypted Data that was encrypted incorrectly, you will get a SC=500.

What languages (and libraries, if any) work (or tested)?

We have first hand knowledge that the following languages (and libraries, if any) works:

Java with a slight tweak using the built in RSA encryption
Go using the built in RSA encryption
JavaScript on a browser using the Web Cryptography API which is available in (all) modern browsers

and we have heard others using the following languages (and libraries, if any):

.NET

and other applications (or libraries):

OpenSSL

Is there an example, a working example?

See PCI Helper - RSA in Samples...

Clients WebSite FAQ

Limited availability coming soon...

Passphrase

A Passphrase must be at least 8 characters long and contain:

At least one lower case letter
At least one upper case letter
At least one number

We stored all Passphrases as Salted Hash values, so we can never retrieve your Passphrase.

Refreshing Transaction Data

Refreshing the Transactions Web Page at intervals below 60 seconds does not do anything and just results in the same data being returned. Transaction Data is updated on the backends every 60 seconds.

Repeating trying to refresh Transaction Data may cause our WAF and/or IDS/IPS to blacklist you and eventually your access will be revoked.

Future FAQ

What are our Future Feature Plans?

Clients WebSite

See Clients WebSite FAQ...

SSO

Web Page to capture Card Number, Expiration Date, and Security Code
Use a secure Keypad to enter the Card Number and Expiration Date
Use a secure Card Swipe to capture the Card Number and Expiration Date

See PCI Helpers - SSO and PCI Helpers - SSO FAQ...

Authorization Tokens

Authorization Tokens can Expire
You will be able to change your Authorization Token