Update April 2023

Initialize API

3D Secure Initialize API

Old VS New

The TabaPay 3D Secure Initialize API is meant to generate a JWT for you to start the 3DS process. In our newest release we have modified the way this JWT is generated to provide a better experience for mobile integrations.

⚠️
These changes do not apply to browser integrations
If you integrated 3DS using the browser flow, please do NOT use the new sdkVersion field. This field is ONLY for mobile SDK integrations. If you use the new field, you will cause issues with your integration.

If you are using a mobile SDK integration, you can choose between sending the 3D Secure Initialize API an accountID or the version of your SDK (sdkVersion) as part of your API request. If you choose to do the latter, then you can call the 3D Secure Initialize API, generate the JWT, and perform device data collection earlier in your check out flow (before the card is selected). Reducing the delay between when a merchant performs the pay action and when the transaction is performed (by performing these 3 steps beforehand).

⚠️
Remember to pick up the sdkSessionID
If you use the sdkVersion field during your 3D Secure Initialize API call. You will need to collect the the sdkSessionID provided after the mobile SDK has completed it's setup. For more information on how to do this, please use the following links:

iOS: https://developers.tabapay.com/reference/how-to-use-the-3ds-sdk-starter-guide#for-ios-2

Android: https://developers.tabapay.com/reference/how-to-use-the-3ds-sdk-starter-guide#for-android-2

Lookup API

3D Secure Lookup API

Old VS New

The TabaPay 3D Secure Lookup API is meant to perform the actual Authentication Request for the card. We have added a few changes to this API to make it easier to integrate, to better support mobile integrations, and to provide additional information in the response. There are three changes we will be covering below.

Enhanced Responses

By using the new required URL parameter, enhancedResponse, you will now be able to get more more information about the 3DS result.

Here are the additional fields:

📘
Please note we will now return status: C
If you receive a challenge response, you will now receive a status of c in addition to the existing information. This should make it easier to write logic based on the status field itself.

Starting with this new version you should be able to get a 200 on a downgraded authentication (3DS version 1.x), this should provide more context about the result of the authentication call.

Mobile SDK integration

⚠️
These changes do not apply to browser integrations
If you integrated 3DS using the browser flow, please do NOT use the new sdkSessionID field. This field is ONLY for mobile SDK integrations. If you use the new field, you will cause issues with your integration.

If you are using a mobile SDK integration, you can choose between sending the 3D Secure Initialize API API an accountID or the version of your SDK (sdkVersion) as part of your API request. If you choose to do the latter, then you can call the 3D Secure Initialize API, generate the JWT, and perform device data collection earlier in your check out flow (before the card is selected). Reducing the delay between when a merchant performs the pay action and when the transaction is performed (by performing these 3 steps beforehand).

⚠️
Remember to pick up the sdkSessionID
If you use the sdkVersion field during your 3D Secure Initialize API call. You will need to collect the the sdkSessionID provided after the mobile SDK has completed it's setup. For more information on how to do this, please use the following links:

iOS: https://developers.tabapay.com/reference/how-to-use-the-3ds-sdk-starter-guide#for-ios-2

Android: https://developers.tabapay.com/reference/how-to-use-the-3ds-sdk-starter-guide#for-android-2