Community

There is a single-digit `version` string in the `PullOption` `3DSecure` object for \[Create Transaction](<https://developers.tabapay.com/reference/transactioncreate>). Where is the value for that supposed to come from?

When using 3-D Secure we need to include an `XID` in the `pullOptions` `3DSecure` object. The documentation for the [3ds/lookup](https://developers.tabapay.com/reference/3dslookup) and for [3ds/authenticate](https://developers.tabapay.com/reference/3dsauthenticate) say that an `XID` is returned, but neither JSON sample shows that, and the calls in the Sandbox Environment don't appear to be returning an `XID`. Are we supposed to be getting this value from somewhere else, such as the `processorTransactionID`?

The [3ds/authenticate call documentation](https://developers.tabapay.com/reference/3dsauthenticate) shows an `enrolled` field if you click on the response documentation in the middle column of the page, under the request field descriptions. The response JSON that is shown on the right side of the page when you click on the 200 response does not include the `enrolled` field, and neither does the response in the Sandbox Environment. Should that field be removed from the documentation? The JSON response on the right side of the page does show an `actionCode` field, and that is also included in the response body in the Sandbox Environment, but there is no documentation for that field on the 3ds/authenticate page. The only documentation that I can find for an `actionCode` is for a response from the mobile SDK, but this is a response from the API. Are these values supposed to be the same as those from the SDK? From the sample response documentation: ```json { "SC": 200, "EC": "0", "actionCode": "SUCCESS", "errorNumber": "0", "errorDescription": "Success", "3dsVersion": "2.1.0", "processorTransactionID": "11111111111111111111", "status": "Y", "ECI": "05", "UCAF": "1111111111111111111111111111" } ```

The documentation for the sdkVersion field in the 3ds/init call does not state where the value should come from. Is there a call within the SDK that we should make to get this value or do we need to construct it based on the version number from the SDK file name? If we need to construct it, what is the pattern for constructing the name?

I've checked the TabaPay documentation and the documentation for the SDK components but cannot find a list of permissions that are required by the 3-D Secure SDK for mobile apps. The SDK documentation mentions getting location information for Android, and the EMV documentation mentions getting Bluetooth information for Android. Are there specific app permissions that are required in order to integrate the 3-D Secure mobile app SDK?

The \[3D Secure Lookup API call](<https://developers.tabapay.com/reference/3dslookup> lists the enhancedResponse query parameter as _required_, and says that in the Sandbox Environment it provides more details. The query parameter is required in the Sandbox Environment. Is it acceptable to use the parameter for the Production Environment, or is it only intended for the Sandbox?

Are there any sandbox cards to test AVS card query to test error validation for cvv and expiry date errors? Also do we always get AVS networkRC 85 in sandbox? How to get 00 for networkRC?