Get started with the TabaPay API to accept payments, and payout funds.
TabaPay's Unified API
You can utilize the Create Transaction API request for both payment acceptance and to payout funds. At TabaPay we may refer to this as to push (payouts) or pull (payment acceptance) funds. Move funds with various payment methods, and discover support for cross-border or domestic transactions.
Learn more about TabaPay's other APIs, under the Complimentary APIs section.
Example JSON
Here are a couple request body parameters for a push and pull payment.
For example, type:pull for $100:
{
"accounts": {
"sourceAccountID": "zxc4123412341234123412",
"destinationAccountID": "1234123412341234abc412"
},
"referenceID": "abc123",
"type": "pull",
"amount": "100.00"
}Or type:push for $50:
{
"accounts": {
"sourceAccountID": "zxc4123412341234123412",
"destinationAccountID": "1234123412341234abc412"
},
"referenceID": "zxcv456",
"type": "push",
"amount": "50.00"
}
Payload Should Be CompactAPI examples are shown in a human-readable format for clarity. Actual API request bodies must use compact JSON.
Compact JSON
The previous request should look like the following when sending with any whitespaces removed.
{"accounts":{"sourceAccountID":"zxc4123412341234123412","destinationAccountID":"1234123412341234abc412"},"referenceID":"abc123","type":"pull","amount":"100.00"}Complementary APIs
TabaPay APIs are built to support a unified payment flow. Here is a quick preview:
- Card API with AVS and ANI, check eligibility for push/pull, and retrieve BIN attributes.
- Bank API to retrieve the attributes of a bank such as RTP eligibility.
- Account API to store and manage cards with TabaPay. This API returns a TabaPay Token (accountID) which represents the underlying payment instrument in tokenized form. This token can be used in the Transaction API. as the (Source Account ID, or Destination Account ID).
- Transaction API that corresponds to the Unified API push and pull payments.
- 3D Secure API to perform 3DS transactions. For a full guide, refer to the 3DS APIs Starter Guide.
- SubClient API to automatically onboard sub clients, set their fees, configuration, etc.
Integrating with TabaPay
TabaPay Web Service (API) is organized around REST. It uses standard HTTPS response codes, authentication, and verbs, and requests and responses are formatted using standard JSON. Before you Make Your First API Call, you will want to complete the following steps with TabaPay to secure your Sandbox credentials.
| Steps to integrate with TabaPay |
|---|
| 1. Say Hello: Email [email protected] to get started with access to our APIs. Our APIs are not publicly available. |
| 2. Authentication: TabaPay API uses API keys to authenticate requests. |
| 3. Headers: All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. |
| 4. IP Whitelisting: Before you begin, please ensure you provide us with the IP Addresses you want us to whitelist. Our Firewalls will block all non-whitelisted IP Addresses. |
Once you begin your integration and whitelisting, you will get access Sandbox. You can also download Postman to begin testing different use cases.
Important Notices
API Request Recommendation in ProductionRequests per second are recommended at 1 transaction per second (1 txn/second)and a maximum of 3-5 transactions per second (3-5 txns/second) .
iFrame Tokens will expire after 5 minutes.
RetrieveAccount by ReferenceID should only be used in the case of a HTTP Communications Error (i.e. An AccountID was not returned back).
RetrieveTransaction by ReferenceID should only be used in the case of a HTTP Communications Error (i.e. A TransactionID was not returned back).
If you continue to use RetrieveAccount / RetrieveTransaction by ReferenceID, the API will return a Status Code of 421 (Misdirected Request):
- For RetrieveAccount by ReferenceID if the Account was created over 24 hours ago
- For RetrieveTransaction by ReferenceID if the Transaction was created over 24 hours ago
Rate Limiting in SandboxTabaPay implements rate limiting in the Sandbox Environment. Sandbox is a Shared Environment used by many Clients and meant only for Development purposes.
Rate Limits Triggered in Production
Production rate limiting safeguards are designed to activate only in cases of unusually high or disruptive traffic patterns.
For example, rapid API request bursts or large batches of queued transactions submitted at once will trigger rate limits in Production to ensure overall platform stability for all clients.
What about PCI compliance?
For information regarding PCI compliance, refer to Are you PCI compliant?, and PCI DSS Compliance with TabaPay Card Processing.
Configurations for Value Added Services
Before you proceed with your launch plan, please email [email protected] to ensure you have configured value added services required for your business case. Whether it is enabling 3DS or Apple Pay, Google Pay, or ensuring you have turned ON Risk & Fraud Controls to eliminate fraud, L2 and L3 interchange benefits, it will be important for you to let us know so we can enable them for you.
Configurations can be on your side or oursIn order to fully ensure all your features are enabled for your business case, various configurations on our side or yours have to be set. Look for request to enable on docs, and let us know via [email protected] in any case you need help.
API Formatting Rules
To avoid unnecessary API errors, refer to Data for detailed formatting rules.
Please Follow Formatting RulesTabaPay APIs can accept any UTF-8 character; however, to be safe for other processes that may be using this data, we recommend the use of only the Base64 URL-Safe Character Set.
We will explicitly restrict the use of these characters:
, Comma (used in csv files) " Double Quotes (used in csv files) ~ Tilde ^ Caret | Pipe
We do recommend the use of only the Base64 URL-Safe Character Set.
Format of text in Free Form Fields (Name, address, etc):
- No resemblance of SQL statements or code
- No characters in set:
; | ^ ~ , " - No consecutive
. - Best character set to use: URL Safe Base 64
- Includes:
A-Z a-z 0-9 - _ [space] - If you deviate from this character set, some networks will reject the transaction entirely, solely based on the characters in the message (i.e. the text in the
"city"field"T√ourin"will be rejected by certain networks. - Avoid using consecutive characters that are not in the URL-Safe Base 64 character set, as our Web Application Firewall (WAF) will block anything that looks suspicious.
- Includes:
Network codes
When using the Create Transaction API, you will receive a network code in your response. In the example below, a networkRCcode of 00means the transaction was approved or completed successfully.
Note: not all networks may return this Network Response Code .
{
"SC": 200,
"EC": "0",
"transactionID": "TabaPay_TransactionID_",
"network": "Visa",
"networkRC": "00",
"status": "COMPLETED",
"approvalCode": "000000"
}For more potential response codes:
For other error, and status codes: