The API Reference has been updated to include a few updates:

• Using SubClientID used with Create Account will create accountIDs at the Client level. It is not recommended if you cannot share both SubClient and Client accountIDs at the same level. Refer to TabaPay Tokens for an overview, or 7. Create Account for a recipe code sample.
• A general restructure of pages within the API Reference that includes overviews and an improved hierarchy within each section.
  • API Overviews, including Transaction, Account, and Client.
  • Developer Guide Overview pages, including: Low-Code Tools, Pre-Transaction Tools, Transaction Features, and Working in Sandbox.
• Updated link from iFrame Card Token to the Browser SDK. The old (Legacy) PCI-Compliant iFrame is being deprecated. TabaPay clients should be moved over or in contact with their TabaPay representative. For any questions contact [email protected].
• Parentheses ( ) will trigger the WAF, and will result in a 406 Error.
• Delete Transaction is NOT eligible to be used for an ACH Transaction.

The following guide has been updated:

• Terminal Integration: Order any amount of terminals through TabaPay for your in-person card acceptance use cases.

• Mastercard Mandates
  • Effective September 15, 2025, Mastercard will introduce Acquirer Clearing Fee in the Canada Region. This fee will apply to transactions switched through the Mastercard Dual Message System. This quantity-based fee will bill USD 0.005 to transactions that are less than or equal to USD 25, and USD 0.0195 to transactions that are greater than USD 25.
  • Effective July 1, 2025, Mastercard will update the rate for the Acquirer Assessment Fee to 9 bps (0.09 percent).
  • Effective June 30, 2025, Mastercard will update the rate for the Acquirer Assessment Fee Rebate for Utilities and Debit Mastercard contactless transactions will be -9 bps (-0.09 percent). This fee is for domestically acquired Utilities, and Debit Mastercard contactless transactions initiated with a Debit Mastercard card issued in the Canada region.
  • Effective June 16, 2025, Mastercard will update the rates and tier boundaries for Acquirer License Fee will be revised as detailed in the Acquire License fee table. The fee change will be reflected in 16 June 2025 billing.
  • Effective February 25, 2025, Mastercard will revise standards to Mastercard Gaming and Gambling Payments Program in the United States Region and the U.S. Territories including Puerto Rico to support inbound cross-border Gaming Payment Transactions from the United States to Puerto Rico to eligible Mastercard debit and prepaid cards.
  • Reminder: Mastercard has updated their integrity fees impacting clients transacting in Canada with MasterCard acceptance, for card-Not-Present (CNP) authorizations that are declined twice due to closed accounts, fraudulent activity, or cardholder cancelled the agreement with the same card, same merchant and a Merchant Advice Code (MAC) 3 or 21 in the same month (30 days).
    • MAC value 03 (closed account or fraudulent)
    • MAC value 21 (cardholder cancelled agreement)
      Note: Clients should review the Mastercard Transaction Processing Excellence Table
• Visa Mandates
  • Effective April 11, 2025 Visa will update changes to Visa Gold Products Issued from France and French Territories to be assessed the existing Premium Interchange Fee Program.
  • Effective April 11, 2025 Visa will launch a new, higher-tier product targeted at the ultra-high net worth segment in Brazil. The new Visa Infinite Privilege products will target the top quartile of Private Segment and provide new benefits and product features in line with their evolving status and enhanced spending power.
  • Effective April 11, 2025, Visa will introduce the Visa Signature prepaid product for issuers in the CEMEA region to address the need in various CEMEA markets to have differentiated product and segments for prepaid funding sources. The current prepaid product suite has only two variants: Visa Classic and Visa Platinum.
  • Reminder for Clients sending OCTs: effective October 17, 2025, Source of Funds is required on all Payment/OCT transactions for both Domestic and OCT transactions. Transactions will be declined by Visa if the Source of Funds field is not populated in all OCTs.
    Note: Previously the effective date was April 11, 2025.
• The Enriched TabaPay Shield Attributes section has been updated to display each of the network attributes to help you smarter risk, security, payment, and compliance decisions using enriched data in the Create Transaction and Query CardAPI flows.
  • All Networks
    • Payment Account Reference (PAR)
    • Network Identifier (Network ID)
    • ECI Response
  • Visa-Specific Data
    • Visa CAVV Results Code
    • Authorization Characteristics Indicator (ACI)
  • Mastercard-Specific Data
    • MasterCard Merchant Advice Code (MAC)
    • MasterCard UCAF Collection Downgrade Indicator
• More Recipes have been updated for a Debt Repayment Use Case to include the following in cURL, Python, and JavaScript requests and JSON response:

• The TabaPay Portal Transaction List and Transaction Details page has been updated to include the originating (Sender) currency and the Beneficiarycurrency. Previously only the beneficiary currency was displayed. Refer to the Amount column in the following example:

  Example	Amount	Status
  New	12.99 CAD --> (est) 9.58 USD	Completed
  Old	9.58	Completed

  • Note: The actual Transactions List will display more columns listed in Create Transaction Response Body.

• Update Account v1 and Update Account v2 descriptions have been updated to reflect the following path parameters: https://{<<FQDN>>}/{Version}/clients/{<<glossary:ClientID>>}/accounts/{<<glossary:Account ID>>}

  • Use v1 to replace all fields.
  • Use v2 update any one or more fields (e.g. Owner, Address, Phone, Exp. date), excluding card account numbers.

• Visa Mandates

  • Effective 1 January 2025, the Digital Commerce Services Fee (DCSF), or (VDCF) will be based on authorized transactions rather than clearing and settlement.
  • Effective 25 May 2025, Visa will update the system integrity fee program authorization retry logic to
    improve authorization processing and optimize the consumer experience through more transaction approvals.
    • Authorization retry evaluation criteria will be updated to include the cardholder-initiated transaction (CIT) versus merchant-initiated transaction (MIT) identifier.
    • The number of retries permitted after a Category 2, 3, or 4 response code decline will increase from 15 retries in 30 days to 20 retries in 30 days (Visa Rules ID#: 0030640)

• As a reminder, TabaPay will maintain its current freeze dates from December 23 to January 1.

  • Note: Only small changes to existing sub-clients or the creation of new sub-clients permitted.

• More Recipes have been updated to include the following in cURL, Python, and JavaScript requests and JSON response:

• Two new Visa Authorization Response Codes have been listed on the Network Response Codes page to increase transparency during authorization. These response codes will be effective April 11, 2025.

  These updates are to encourage good business practices, reduce fraud, improve authorization approval rates, reduce operational costs, and enhance satisfaction across the payments ecosystem. TabaPay Clients can use the new information to correct issues and optimize the resubmission of authorization requests

  Reponse Code	Detail	Category	Re-attempt Allowed
  5C	Transaction not supported/blocked by issuer	2	Yes
  9G	Blocked by cardholder/contact cardholder	2	Yes

• The Recipes section has been updated to include the following examples in cURL, Python and JavaScript:

• The Processor Tokens section has been updated to include TabaPay integration with Multiple Processors, or migrating from another processor over to TabaPay.
  • New: Stripe Tokens + TabaPay Tokens - You can now use both Stripe and TabaPay together as your payment processors.
  • Existing: Cybersource, Galileo, Helix by Q2, Plaid, Unit - Combine any of the third party processors with TabaPay.
  • Migration of Token Vaults - Fully move over from any of the listed third party processors to TabaPay.
• 📣 Status Code 422 and Error Code Updates: Coming Soon
  A future date will be published for both Sandbox and Production.
  
  
  • Status Code (SC) 422 will be updated to include a Bank Identification Number (BIN) to identify the financial institution of the associated upstream transaction error.
  • As a reminder, Internal Error Codes should not be used for any client error handling. EC values are intended solely for TabaPay’s internal use and will be subject to change in the future.
    EC values will be updated to include dynamic values, and the length will of EC values will be increasing in Sandbox and Production. EC values will continue to only be used internally.

• The Browser SDK is now available to accept card payments from your customers using the Dynamic iFrame , a low-code customizable payment experience right on your website. For a reference of all customization options, refer to the Browswer SDK Reference.
• Auth & Capture is out of beta and now available for select uses cases to authorize payments with the intent to complete the payment within a given timeframe (e.g. 24 hours).
• The Create Transaction API has been updated to include the Bank Identification Number (BIN) in the API response when there is a Status Code: 422 - Unprocessable Entity.
  Clients should follow the recommended action, Query Card based on the given error message. Refer to Error Handling for general practices in resolving status code errors.

Note: Previously the error message did not include the BIN XXXXX.

• More Recipes have been updated to include the following in cURL, Python, and JavaScript requests and JSON response:

• Create Transaction has been updated to include the following fields for Merchant Initiated Transactions (MIT). For examples, refer to the MIT Recipes listed in the updates below.
  • pullOptions.recurringData.initial
  • pullOptions.recurringData.initiator
  • pullOptions.recurringData.type
  • pullOptions.recurringData.id
  • pullOptions.recurringData.networkID
• Enriched TabaPay Shield Attributes has been updated to include descriptions on the following attributes:
  • Network Identifier
  • CAVV Results Code
  • UCAF Downgrade Indicator
  • ACI Code
  • Payment Account Reference
  • ECI Response
  • Merchant Advice Code
• The following Recipes have been updated to include the following in cURL, Python, and JavaScript requests and JSON response:
  • B2C Push Transaction
  • MasterCard CIT
  • Mastercard MIT
  • Visa CIT
  • Visa MIT
  • CIT with Accounts
  • MIT with Accounts

• Create Transaction has been updated to include the following required and recommended fields on all Cross-border Original Credit Transactions (OCTs), or international push to card transactions:

Required Fields

📘

Effective October 18, 2024

Fields corresponding.dateOfBirth and corresponding.sourceOfFundswill be required starting October 18, 2024/

• corresponding.dateOfBirth - REQUIRED - Date of birth with the format: YYYYMMDD. Sender must be at least 18 years old.
• corresponding.sourceOfFunds- REQUIRED - Sender Source of Funds. Valid Values Include:
  • Debit Card
  • PrePaid Card
  • Credit Card
  • Cash
  • Deposit Account
  • Credit Account
  • Mobile Money Account

Recommended Fields

• corresponding.networkID - Unique ID for each transaction identifying the network from the preceeding Account Funding Transaction (AFT), or pull transaction.
  • We strongly recommend clients prepare now to send this field by October 18, 2024.
• corresponding.nationality - Sender Nationality using country codes.
• corresponding.countryOfBirth - Sender of country of birth using country codes.
• corresponding.email - Sender email (max of 40 characters)
• corresponding.occupation - Sender occupation.
• destinationAccount.owner.email- Recipient or beneficiary email.

Refer to the recipe below as a cross-border OCTexample of these fields.

• Create Transaction has been updated to include pullOptions.expirationDate for Real-Time Payment (RTP) Request for Payment (RFP).

• Updated Recipes to include the following in cURL, Python, and JavaScript requests and response:
  • ACH API Push Transaction
  • Person to Person (P2P) Pull Transaction
  • P2P Push Transaction
  • Account to Account (A2A) Pull Transaction
  • A2A Push Transaction

• The API Reference has been updated to include request and responses Pull with Enriched TabaPay Shield Attributes for both Visa and MasterCard (MC).

• Partial Authorization has been updated for payment acceptance (pull) to include client permissions. To request Partial Auth, contact TabaPay Support.
• API Reference has been updated to include an Expand All button to immediately view all objects. Select Expand All and you can search, or quick find (CTRL + F / CMD + F) a specific field. We welcome feedback at https://developers.tabapay.com/discuss.
• Recipes have been updated to include new TabaPay API code snippets in Python, JavaScript, and cURL. To request any new examples, comment at https://developers.tabapay.com/discuss, or email [email protected].
  • Query Card
  • Create Pull Transaction using RSA Token
  • Create Pull Transaction using iFrame Token
  • Create Pull Transaction with Card Info
  • Create Pull Transaction Using Accounts