Get started the TabaPay to accept payments, and payout funds.
TabaPay's Unified API
Our mission at TabaPay is to enable instant access of funds for all.
You can use our Unified API by simply calling the Create Transaction endpoint. A multitude of configurable parameters give you the flexibility you need to create a payment processing experience that is right for you. You can push or pull funds, accept various payment methods, as well as offer support for cross-border or domestic transactions.
Example JSON
For example, pull $100:
{
"accounts": {
"sourceAccountID": "zxc4123412341234123412",
"destinationAccountID": "1234123412341234abc412"
},
"referenceID": "abc123",
"type": "pull",
"amount": "100.00"
}
Or push $50:
{
"accounts": {
"sourceAccountID": "zxc4123412341234123412",
"destinationAccountID": "1234123412341234abc412"
},
"referenceID": "zxcv456",
"type": "push",
"amount": "50.00"
}
Payload Should Be Compact
API examples are shown in a human-readable format for clarity. Actual API request bodies must use compact JSON.
Compact JSON
The previous request should look like the following when sending with any whitespaces removed.
{"accounts":{"sourceAccountID":"zxc4123412341234123412","destinationAccountID":"1234123412341234abc412"},"referenceID":"abc123","type":"pull","amount":"100.00"}
Complementary APIs
All our other APIs are built to support our Unified API. Here is a quick preview:
- Card APIs for AVS, check eligibility for push/pull, retrieve BIN attributes
- Bank APIs to retrieve the attributes of a bank such as RTP eligibility.
- Account APIs to store and manage cards with TabaPay. The output of this API is a TabaPay Token (account ID) that can be used in lieu of a payment instrument in our unified API
- Transaction APIs that corresponds to our Unified API
- 3D Secure APIs that allows you to perform 3DS. For a full guide, click here
- FX Rate APIs that allows you to retrieve real-time FX Rates from the card networks to be used in tandem with an international push or pull transaction
- Sub-client APIs that allow you to automatically onboard sub-clients, set their fees, configuration, etc.
Integrating with TabaPay
TabaPay Web Service (API) is organized around REST. It uses standard HTTPS response codes, authentication, and verbs, and requests and responses are formatted using standard JSON.
Steps to integrate with TabaPay |
---|
1. Say Hello - Email [email protected] to get started with access to our APIs. Our APIs are not publicly available. We will require your IP address(es) to be whitelisted in order to provide access to our secure sandbox environment. |
2. Authentication - TabaPay API uses API keys to authenticate requests. Your API credentials carry many privileges, so be sure to keep them secure! Do not share your secret API credentials in publicly accessible areas. |
3. Headers - All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. HTTP Headers must be formatted as follows: Authorization: Bearer Content-type: application/json |
4. IP Whitelisting - Before you begin, please ensure you provide us with the IP Addresses you want us to whitelist. Our Firewalls will block all non-whitelisted IP Addresses. |
Important Notices
API Request Recommendation in Production
Requests per second are recommended at 1 transaction per second (1 txn/second)and a maximum of 3-5 transactions per second (3-5 txns/second) .
iFrame Tokens will expire after 5-10 minutes.
RetrieveAccount by ReferenceID should only be used in the case of a HTTP Communications Error (i.e. An AccountID was not returned back).
RetrieveTransaction by ReferenceID should only be used in the case of a HTTP Communications Error (i.e. A TransactionID was not returned back).
If you continue to use RetrieveAccount / RetrieveTransaction by ReferenceID, the API will return a Status Code of 421
(Misdirected Request):
- For RetrieveAccount by ReferenceID if the Account was created over 24 hours ago
- For RetrieveTransaction by ReferenceID if the Transaction was created over 24 hours ago
Rate Limiting in Sandbox
We have Rate Limiting on the Sandbox Environment. Sandbox is a Shared Environment used by many Clients and meant only for Development purposes
What about PCI compliance?
Please look at our PCI How to Guide for all of the information your need regarding PCI compliance.
Configurations for Value Added Services
Before you proceed with your launch plan, please email [email protected] to ensure you have configured value added services required for your business case. Whether it is enabling 3DS or Apple Pay, Google Pay, or ensuring you have turned ON TabaPay Shield Controls to eliminate fraud, L2 and L3 interchange benefits, it will be important for you to let us know so we can enable them for you.
Configurations can be on your side or ours
In order to fully ensure all your features are enabled for your business case, various configurations on our side or yours have to be set. Please let us know via [email protected] in case you need any help.
API Formatting Rules
To avoid unnecessary API errors, refer to Data for detailed formatting rules.
Please Follow Formatting Rules
TabaPay APIs can accept any UTF-8 character; however, to be safe for other processes that may be using this data, we recommend the use of only the Base64 URL-Safe Character Set. We will also explicitly restrict the use of these characters:
,
Comma (used in csv files)
"
Double Quotes (used in csv files)
~
Tilde
^
Caret
|
Pipe
We do recommend the use of only the Base64 URL-Safe Character Set.Format of text in Free Form Fields (Name, address, etc):
- No resemblance of SQL statements or code
- No characters in set:
; | ^ ~ , "
- No consecutive
.
- Best character set to use: URL Safe Base 64
- Includes:
A-Z a-z 0-9 - _ [space]
- If you deviate from this character set, some networks will reject the transaction entirely, solely based on the characters in the message (i.e. the text in the
"city"
field"T√ourin"
will be rejected by certain networks.- Avoid using consecutive characters that are not in the URL-Safe Base 64 character set, as our Web Application Firewall (WAF) will block anything that looks suspicious.
Network codes
When using the Create Transaction API, you will receive a network code in your response. In the example below, a networkRC
code of 00
means the transaction was approved or completed successfully.
Note: not all networks may return this Network Response Code .
{
"SC": 200,
"EC": "0",
"transactionID": "TabaPay_TransactionID_",
"network": "Visa",
"networkRC": "00",
"status": "COMPLETED",
"approvalCode": "000000"
}
For more potential response codes:
For other error, and status codes: