Production

What is the maintenance window for the Production Environment?

There should be no outage during normal maintenance. We have activity 24x7x365 and the low points seem to be around mid-week.

How quickly can we do a change (configuration) on the Production Environment?

To maintain our PCI Level 1, SOC1 Type 1, and SOC2 Type 2 compliance, we need to control our procedures and processes.

Schedule for Production changes:
(1) Have your request by Friday morning
(2) Changes will be implemented by end of day Monday (or Tuesday, if Monday is a Holiday)
So please plan ahead. This includes boarding new clients, changing limits, allowlisting IPs, etc.

Ready to go into Production?

In order to go into Production, we need the following things to be completed:

Activity Description
PCI AOC or
SAQ (select the correct questionnaire)
Sandbox Certification Just run your normal QA Tests against your Application connected to our backend (API)
And run various Error Conditions/Scenarios, see the Certification Test document from TabaPay Support
TabaPay Boarding Sheet Your Support Contact Information
Your Financial (Accounting) Information

Certification Test?

  • We want you to run your full QA tests on your Application that is connected to our backend (API).
  • We want to see the different types of requests that you may be sending us.
  • We can provide feedback on what we are seeing in your requests.
  • We want to catch issues during this testing versus on Production.
  • We can catch problems, here are some of the real issues we have seen before we revised our Certification Test: (1) Security Code was misspelled, so they (CVV2s) showed up in the clear in our logs which exposes us (PCI) and your customer. (2) Amounts were incorrectly formatted, so some requests were failing (.4) and others were not (0.40).
    That is why we want you to run your normal QA Tests on your Application that is connected to our backend (API) in the Sandbox Environment.

400s on Production

Once you certify, getting a 4xx error should be a rare occurrence. We strongly recommend completing the Production Certification Test in its entirety, specifically the portion where we recommend integrating your application with our API calls.
Also, please see Anti-Patterns to Avoid]

Locking your Client?

If the Bank and/or TabaPay detect abnormal patterns/behavior with regard to your:

  • API Requests, or
  • Limits, or
  • Settlement Account
    your Client state may become LOCKed. TabaPay will try to contact you first (Speak to your bank to see their procedure for handling abnormal/suspicious patterns.)
    If your Client is LOCKed, please contact TabaPay support: [email protected].

Disabling your IP Address?

If TabaPay detects abnormal/suspicious behavior from one of your allowlisted IP Addresses, we may have to block that IP Address. We have WAFs and IDS/IPSs protecting all Internet Facing Systems. We do not allow any kind of probes from Client systems. All probes will be shutdown.
If we do remove an IP Address, you have to resubmit a request to reenable the IP Address, so please contact TabaPay support: [email protected].

A reason for disabling your IP Address?

“Insanity is doing the same thing, over and over again, but expecting different results.”