# Create an app with AI

Trustap supports AI-assisted API integrations using structured documentation, predefined rules, and reusable integration assets.

## How it works

To build an application with AI, follow these steps.

1. Provide your AI tool with Trustap guardrails.
2. Supply structured integration resources.
3. Use a guided prompt to generate the application.


## 1. Guardrails

Guardrails define how an AI should interact with the Trustap API.
Provide the [Trustap guardrail rule file](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-ai-rules.ts) to your AI to describe how to work with the Trustap API.

## 2. Integration resources

These files provide structured context for generating a working integration. Provide these files to your AI tool alongside the guardrails for a Trustap API online flow.

| File | Description |
|  --- | --- |
| [trustap-endpoints.ts](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-endpoints.ts) | API surface and request definitions |
| [trustap-integration-cookbook.ts](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-integration-cookbook.ts) | Implementation pattern for online transaction |
| [trustap-oauth.ts](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-oauth.ts) | OAuth flow handling |
| [trustap-online-cc-workflow.ts](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-online-cc-workflow.ts) | Card payment transaction flow |
| [trustap-state-machine.ts](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-state-machine.ts) | Transaction lifecycle and states |
| [trustap-ui.ts](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/trustap-ui.ts) | UI behaviour and interaction patterns |


## 3. Guided prompt: Build with Lovable

[Lovable.ai](https://lovable.ai) generates a full-stack application from structured prompts and supporting files.

### Pre-built prompts

Use the following pre-build prompts as a template to add Trustap to your AI-assisted project.

#### Create a application that implements a Trustap online flow using card payments

The prompt creates a [peer-to-peer marketplace](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/lovable-sample-prompt.md). Sellers post items to sell. Buyers select on-sale items and pay for them using Trustap. Sellers accept payment, and add shipping tracking details. Finally, sellers confirm delivery and retrieve the money from the transaction to receive a payout.

```markdown
# Vault P2P — Complete Build Prompt

## Overview

Build a **P2P escrow marketplace** called **"Vault P2P"** where users can list items for sale, and buyers can purchase them through **Trustap escrow** (credit card payments with hosted payment pages). The app uses **EUR (€)** as its default currency. All monetary values are stored as **integers in cents**.

No user authentication — this is a public prototype. All database tables have open RLS policies.

---

## Tech Stack

- React + TypeScript + Vite
- Tailwind CSS with shadcn/ui components
- Lovable Cloud (Supabase) for database + edge functions
- Trustap API for escrow transactions
- React Router for navigation
- TanStack React Query

---

## Design System

### Font
Import **Geist Mono** from Google Fonts for monospaced elements (prices, transaction IDs). Body uses system font stack (`Geist Sans, -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif`).

### CSS Variables (index.css)
Light mode:
```
--background: 0 0% 100%
--foreground: 222 47% 11%
--primary: 221 83% 53%
--primary-foreground: 210 40% 98%
--secondary: 210 40% 96%
--muted: 210 40% 96%
--muted-foreground: 215 16% 47%
--border: 214 32% 91%
--ring: 221 83% 53%
--success: 160 84% 39%
--warning: 38 92% 50%
--bg-subtle: 210 40% 98%
--radius: 0.75rem
```

Dark mode (`.dark` class):
```
--background: 222 47% 6%
--foreground: 210 40% 98%
--primary: 217 91% 60%
--border: 217 33% 17%
--muted: 217 33% 17%
--muted-foreground: 215 20% 65%
--bg-subtle: 222 47% 8%
```

### Custom Button Variant
Add a `trustap` variant to the Button component:
```
trustap: "bg-primary text-primary-foreground hover:bg-primary/90 shadow-md font-semibold"
```

### Custom Badge Variants
Add status badge variants: `pending`, `paid`, `in_transit`, `settled` — using muted yellows, greens, blues, and emeralds.

### Animations
Add a `fade-in` keyframe animation:
```
from: { opacity: "0", transform: "translateY(8px)" }
to: { opacity: "1", transform: "translateY(0)" }
```
Duration: `0.4s cubic-bezier(0.16, 1, 0.3, 1)`

---

## Routes

| Path | Component | Description |
|------|-----------|-------------|
| `/` | Index | Homepage with listing grid |
| `/sell` | CreateListing | Form to create a new listing |
| `/checkout/:id` | Checkout | Two-step checkout (info → review + pay) |
| `/dashboard` | Dashboard | Seller transaction management |
| `/oauth/callback` | OAuthCallback | Handles Trustap OAuth redirect |

---

## Database Schema

### Table: `listings`
| Column | Type | Default | Notes |
|--------|------|---------|-------|
| id | uuid | gen_random_uuid() | PK |
| title | text | — | required |
| price_cents | integer | — | required, in cents |
| image_url | text | unsplash placeholder URL | |
| seller_email | text | — | required |
| seller_name | text | — | required |
| trustap_seller_id | text | null | filled after guest user creation |
| created_at | timestamptz | now() | |

**RLS**: Public read + insert (no auth).

### Table: `transactions`
| Column | Type | Default | Notes |
|--------|------|---------|-------|
| id | uuid | gen_random_uuid() | PK |
| listing_id | uuid | — | FK → listings.id |
| trustap_transaction_id | integer | null | from Trustap API |
| amount_cents | integer | — | item price in cents |
| fee_cents | integer | null | Trustap fee in cents |
| charge_calculator_version | integer | null | from charge endpoint |
| buyer_email | text | — | |
| buyer_name | text | '' | |
| seller_email | text | — | |
| trustap_buyer_id | text | null | guest buyer ID (1-xxx) |
| trustap_seller_id | text | null | guest seller ID (1-xxx), later replaced with full UUID |
| tracking_carrier | text | null | |
| tracking_code | text | null | |
| payment_url | text | null | Trustap hosted payment URL |
| status | text | 'pending' | see status values below |
| created_at | timestamptz | now() | |
| updated_at | timestamptz | now() | |

**RLS**: Public read + insert + update (no auth, no delete).

**Enable realtime** on the `transactions` table:
```sql
ALTER PUBLICATION supabase_realtime ADD TABLE public.transactions;
```

### Transaction Status Values
`pending` → `joined` → `paid` → `tracked` → `delivered` → `complaint` / `complaint_period` → `resolved` → `funds_released` / `settled`

---

## Utility Library: `src/lib/marketplace.ts`

```typescript
// Format cents to display string
formatCents(cents: number, currency = "eur"): string
// Symbols: { eur: "€", usd: "$", gbp: "£" }

// Convert decimal string to cents
dollarsToCents(dollars: string): number

// Types
type TransactionStatus = "pending" | "joined" | "paid" | "tracked" | "delivered" | "complaint" | "complaint_period" | "resolved" | "funds_released" | "settled"

interface Listing { id, title, price_cents, image_url, seller_email, seller_name, created_at, trustap_seller_id? }
interface Transaction { id, listing_id, trustap_transaction_id?, buyer_email, seller_email, trustap_buyer_id?, trustap_seller_id?, amount_cents, fee_cents?, status, tracking_carrier?, tracking_code?, created_at }

// Status badge variant mapper
getStatusBadgeVariant(status): "pending" | "paid" | "in_transit" | "settled"

// Human-readable status labels
getStatusLabel(status): string
// e.g. "joined" → "Awaiting Payment", "paid" → "Funds in Escrow", "tracked" → "In Transit"
```

---

## Edge Function 1: `supabase/functions/trustap/index.ts`

**Purpose**: Proxy all Trustap API calls through a single edge function.

### Configuration
- **Base URL**: `https://dev.stage.trustap.com/api/v1`
- **Auth**: Basic Auth using `TRUSTAP_API_KEY` secret (username = API key, password = blank)
  ```
  Authorization: Basic ${btoa(apiKey + ':')}
  ```
- **CRITICAL**: Never use Bearer tokens for API requests. Only Basic Auth.

### Actions (dispatched via `action` field in request body)

#### `create_guest_user`
```
POST /guest_users
Body: { email, first_name, last_name, country_code, tos_acceptance: { unix_timestamp, ip } }
Returns: { id: "1-xxx-xxx-xxx" } — guest user IDs always start with "1-"
```

#### `calculate_charge`
```
GET /charge?price={priceCents}&currency={currency}
Returns: { charge, charge_calculator_version, ... }
⚠️ MUST be called immediately before creating a transaction
```

#### `create_transaction`
```
POST /me/transactions/create_with_guest_user
Header: Trustap-User: {seller_id}
Body: { seller_id, buyer_id, price, charge, charge_calculator_version, currency, description, creator_role, image_url? }
Returns: { id: 12345, status: "joined", ... }
```

#### `get_transaction`
```
GET /transactions/{transaction_id}
Returns: full transaction object with current status
```

#### `add_tracking`
```
POST /transactions/{transaction_id}/track_with_guest_seller
Header: Trustap-User: {seller_id}
Body: { carrier, tracking_code }
⚠️ Only call when status === "paid"
```

#### `confirm_delivery`
```
POST /transactions/{transaction_id}/confirm_delivery_with_guest_buyer
Header: Trustap-User: {buyer_id}
No body required
```

#### `claim_for_seller`
```
POST /transactions/{transaction_id}/claim_for_seller
Header: Trustap-User: {full_user_id}
⚠️ full_user_id is a UUID from OAuth id_token "sub" claim — NOT the guest "1-" ID
```

### Error Handling
All Trustap API errors should be caught, logged with the URL and status code, and re-thrown as JSON error responses with status 500.

---

## Edge Function 2: `supabase/functions/trustap-oauth/index.ts`

**Purpose**: Exchange OAuth authorization code for tokens and extract the permanent Trustap user ID.

### Token Exchange
```
POST https://sso.trustap.com/auth/realms/trustap-stage/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded  ⚠️ NOT JSON

Body (URLSearchParams):
  client_id: TRUSTAP_OAUTH_CLIENT_ID (from secrets)
  client_secret: TRUSTAP_OAUTH_CLIENT_SECRET (from secrets)
  grant_type: authorization_code
  code: {authorization_code}
  redirect_uri: {redirect_uri}
```

### Extract User ID
Decode the `id_token` JWT (base64 decode the payload segment). The `sub` claim contains the permanent Trustap user ID (UUID format, no "1-" prefix).

Return: `{ trustap_user_id: "<uuid>" }`

---

## Required Secrets

These must be configured in the backend:
1. `TRUSTAP_API_KEY` — Basic Auth username for all API calls
2. `TRUSTAP_OAUTH_CLIENT_ID` — OAuth client ID for seller account upgrade
3. `TRUSTAP_OAUTH_CLIENT_SECRET` — OAuth client secret for token exchange

---

## Frontend Client: `src/lib/trustap-client.ts`

```typescript
// Invoke the trustap edge function
callTrustap(action: string, params: Record<string, unknown>): Promise<any>

// Same but returns { data, error } without throwing
callTrustapRaw(action: string, params: Record<string, unknown>)

// Invoke the trustap-oauth edge function
exchangeOAuthCode(code: string, redirectUri: string): Promise<{ trustap_user_id: string }>

// Build Trustap hosted payment URL (browser redirect, NOT an API call)
getPaymentUrl(transactionId: number, redirectUri: string): string
// → https://actions.stage.trustap.com/online/transactions/{id}/guest_pay?redirect_uri={uri}

// Build OAuth authorization URL (browser redirect)
getOAuthUrl(clientId: string, redirectUri: string, state: string): string
// → https://sso.trustap.com/auth/realms/trustap-stage/protocol/openid-connect/auth?client_id=...&redirect_uri=...&response_type=code&scope=openid basic_tx:offline_create_join basic_tx:offline_accept_payment basic_tx:offline_cancel basic_tx:offline_claim&state=...

// Build profile completion URL
getProfileCompletionUrl(clientId: string, edit?: boolean): string
// → https://app.stage.trustap.com/profile/payout/personal?edit=true&client_id=...
```

---

## Page Details

### Home (`/`)
- Sticky header with Shield icon + "Vault P2P" brand, Dashboard link, "Sell Item" button (trustap variant)
- Hero section: "Secure P2P Transactions." heading, subtitle about Trustap escrow
- Grid of listing cards (1-3 columns responsive) fetched from `listings` table
- Each card shows image, title, seller name, price in €, "Escrow Protected" badge
- Clicking a card navigates to `/checkout/{id}`
- Empty state with "Create Listing" CTA

### Create Listing (`/sell`)
- Form fields: Item Title, Price (EUR) with € prefix, Image URL (optional), Your Name, Your Email
- Inserts into `listings` table
- Redirects to `/` on success

### Checkout (`/checkout/:id`)
Two-step flow:

**Step 1 — Info**: Buyer enters name + email → calls `calculate_charge` → shows fee breakdown
**Step 2 — Review**: Shows item price, Trustap fee, total → "Pay with Trustap" button

On submit:
1. Create guest seller (using listing's seller info + country_code "ie" + tos_acceptance)
2. Create guest buyer (using buyer info + country_code "ie" + tos_acceptance)
3. Create transaction via `create_transaction` with `creator_role: "seller"`
4. Build payment URL with `redirect_uri` = `window.location.origin` (home page)
5. Insert transaction record into database with status "joined"
6. Redirect buyer to Trustap hosted payment page (`window.location.href = paymentUrl`)

The `tos_acceptance` object: `{ unix_timestamp: Math.floor(Date.now() / 1000), ip: "127.0.0.1" }`

### Dashboard (`/dashboard`)
- Lists all transactions with listing info, status badges, amounts, fees, buyer email
- Realtime subscription on `transactions` table for live updates
- **Sync button**: Polls Trustap `get_transaction` to sync status
- **Add Tracking** (when status === "paid"): Carrier + tracking code form → calls `add_tracking` → updates local DB to "tracked"
- **Confirm Delivery** (when status === "tracked"): Calls `confirm_delivery` → updates to "delivered"
- **Connect Bank** (when status === "delivered" or "funds_released" AND seller is guest "1-"): Redirects to Trustap OAuth SSO for account upgrade

OAuth Client ID for bank connection: `5a3d7990-9f1c-4e11-8d67-3da5b160c50a`
OAuth redirect URI: `${window.location.origin}/oauth/callback`
State parameter: transaction's local DB `id`

### OAuth Callback (`/oauth/callback`)
1. Extract `code` and `state` (transaction ID) from URL params
2. Call `exchangeOAuthCode(code, redirectUri)` to get `trustap_user_id`
3. Look up `trustap_transaction_id` from transactions table using `state`
4. Call `claim_for_seller` with the full Trustap user ID
5. Update `trustap_seller_id` in local DB
6. Show success toast + redirect to `/dashboard`

---

## Critical Trustap Integration Rules

1. **Currency**: All amounts in integer cents. EUR is default.
2. **Guest IDs**: Always prefixed with `1-`. Full user IDs are plain UUIDs.
3. **Charge first**: Always call `calculate_charge` immediately before `create_transaction`.
4. **Auth**: Basic Auth only (`API_KEY:` with blank password). Never Bearer tokens.
5. **Trustap-User header**: Required on create_transaction (seller ID), add_tracking (seller ID), confirm_delivery (buyer ID), claim_for_seller (full UUID).
6. **Hosted payment**: Buyers pay via redirect to Trustap's hosted page. Never simulate payments.
7. **OAuth for payouts**: Guest sellers must OAuth-upgrade before receiving payouts. Use `sub` claim from `id_token`.
8. **Never invent**: Don't invent API endpoints, transaction states, or bypass the payment page.
9. **Redirect URIs**: Payment/action flows redirect to app root. OAuth flows redirect to `/oauth/callback`.

---

## Transaction Lifecycle State Machine

```
joined → paid → tracked → delivered → [complaint | complaint_period] → resolved → funds_released
```

- `joined`: Transaction created, awaiting buyer payment
- `paid`: Buyer paid via hosted page, funds in escrow
- `tracked`: Seller added shipping tracking
- `delivered`: Buyer confirmed receipt
- `complaint`: Buyer filed complaint (pauses payout)
- `funds_released`: Payout to seller complete

---

## Zod Validation Schemas

Create `src/lib/trustap-endpoints.ts` with Zod schemas for all Trustap API request/response types plus URL builder helper functions:

- `CreateGuestUserRequest/Response` — validates email, name, country_code (2-char), tos_acceptance object
- `CalculateChargeRequest/Response` — price (positive int), currency enum (gbp/eur/usd)
- `CreateTransactionRequest` — seller_id (1-xxx), buyer_id (1-xxx), creator_role, price, charge, charge_calculator_version
- `GuestPayRedirect` + `buildGuestPayUrl()` — transaction_id + redirect_uri
- `SSOAuthRedirect` + `buildSSOAuthUrl()` — client_id, redirect_uri, response_type, scope, state
- `SSOTokenExchangeRequest/Response` — includes id_token JWT
- `DecodedIdToken` — sub (UUID), email, preferred_username
- `ProfileCompletionRedirect` + `buildProfileCompletionUrl()` — client_id, edit
- `ClaimForSellerParams` — transaction_id + trustap_user_id (full UUID)
- `TransactionResponse` — comprehensive schema with all status fields, tracking details, timestamps

Carrier enum: `ups | dhl | fedex | an_post | royal_mail`
Currency enum: `gbp | eur | usd`
```

#### Add Trustap as a payment method for existing Lovable built marketplace

The prompt takes a [marketplace](https://trustap-docs--tpd-366-review-vibe-code-options-f-dc435d.preview.redocly.app/AI/lovable-integrate-existing-marketplace.md) that you have already built using Lovable and adds Trustap as an escrow-like payment option.

```markdown
# Add Trustap as payment processor to existing build prompt

## Overview
Add **Trustap** as the payment processor for this marketplace project. Use the attached support files as the authoritative source for all Trustap API logic:

1. `trustap-ai-rules.ts` – forbidden actions, auth rules, fee/transaction hints, guardrails.
2. `trustap-endpoints.ts` – all permitted endpoints (methods, URLs, headers, payloads).
3. `trustap-online-cc-workflow.ts` – ordered workflow for the online credit-card flow.
4. `trustap-base-urls.ts` – correct base URLs for stage/sandbox.

## Scope & Environment
- **Scope:** Full flow including OAuth seller account claim.
- **Environment:** Stage / sandbox.
- **Country:** Ireland (`ie`).
- **Currency:** EUR.

## Required Base URLs (stage)
- API: `https://dev.stage.trustap.com/api/v1/`
- Hosted actions (guest pay): `https://actions.stage.trustap.com`
- SSO (OAuth): `https://sso.trustap.com/auth/realms/trustap-stage/protocol/openid-connect`

## Secrets to request via the secrets tool
- `TRUSTAP_API_KEY`
- `TRUSTAP_OAUTH_CLIENT_ID`
- `TRUSTAP_OAUTH_CLIENT_SECRET`

Do **not** hardcode the OAuth client ID anywhere. Since secrets are not exposed to the frontend, create an edge function `trustap-oauth-config` that returns `client_id` to the browser, and have `SellerDashboard` fetch it before building the OAuth authorize URL.

## Hard Rules
- Only use endpoints defined in `trustap-endpoints.ts`. Never invent endpoints, states, or payment logic.
- All Trustap API calls use **Basic Auth**: username = `TRUSTAP_API_KEY`, password = empty. (`Authorization: Basic base64(API_KEY:)`).
- The `Trustap-User` header carries the guest id for guest-flow calls, and the **full Trustap user id** (JWT `sub`) for `claim_for_seller` — never mix them.
- All prices sent to Trustap are **integers in cents**.
- Poll transactions until status is `paid` before allowing the seller to add tracking; require `delivered`/buyer confirmation before completion.
- OAuth token exchange uses `application/x-www-form-urlencoded`, not JSON.
- Strip leading slashes from API paths so they resolve against the `/api/v1/` base.

## Database (Supabase migrations)
- `profiles`: add `trustap_guest_id text`, `trustap_user_id text`, `first_name`, `last_name`, `country_code` (default `ie`), `account_type` (`buyer` | `seller` | `admin`), `banned boolean`.
- `listings`: ensure `status` supports `available`, `pending_approval`, `sold`; include `price numeric`, `currency text`, `image_url`, `seller_id`.
- `transactions`: `listing_id`, `buyer_id`, `seller_id`, `price`, `currency`, `charge`, `status`, `trustap_transaction_id bigint unique`, `tracking_carrier`, `tracking_code`, timestamps.
- RLS so buyers/sellers can only read their own transactions; admin role via separate `user_roles` table + `has_role()` security-definer function.

## Edge Functions to create
All under `supabase/functions/`, sharing `_shared/trustap.ts` (basic-auth helper, `trustapFetch`, CORS, base URL constants):

1. `trustap-create-transaction` – ensures guest users for buyer & seller (creating via `/guest_users` with `tos_acceptance` + IP if missing), calls `GET /charge`, then `POST /me/transactions/create_with_guest_user` with `Trustap-User: <sellerguestid>` and `creator_role: "seller"`. Inserts a `transactions` row, locks the listing to `pending_approval`, and returns `pay_url = {ACTIONS_BASE}/online/transactions/{id}/guest_pay?redirect_uri=...`.
2. `trustap-poll-transaction` – `GET /transactions/{id}`, syncs status, marks listing `sold` on paid/tracked/delivered/funds_released, `available` on cancelled.
3. `trustap-track` – verifies Trustap status is `paid`, then `POST /transactions/{id}/track_with_guest_seller` with seller guest id. Allowed carriers: `an_post`, `royal_mail`, `ups`, `dhl`, `fedex`.
4. `trustap-confirm-delivery` – `POST /transactions/{id}/confirm_delivery_with_guest_buyer` with buyer guest id.
5. `trustap-oauth-claim` – exchanges code at `{SSO_BASE}/token` (form-encoded), decodes `id_token`, saves `sub` to `profiles.trustap_user_id`, then optionally `POST /transactions/{id}/claim_for_seller` with `Trustap-User: <full trustap user id>`.
6. `trustap-oauth-config` – returns `{ client_id: TRUSTAP_OAUTH_CLIENT_ID }` so the frontend can build the authorize URL without hardcoding.

Add detailed `console.error` logging in `trustapFetch` (status, method, path, response body) so 4xx/5xx responses are debuggable.

## Frontend
- `src/lib/trustap.ts` – currency helpers (symbol/format), carrier list, status label map.
- `src/pages/Auth.tsx` – collect `first_name`, `last_name`, `country_code` (default `ie`) and `account_type` at signup; persist to `profiles`.
- `src/pages/SellerDashboard.tsx` – list seller's listings/transactions; "Connect Trustap account" button that fetches `client_id` from `trustap-oauth-config` and redirects to the SSO authorize URL with `redirect_uri` pointing to `/seller/oauth/callback`; tracking form once a tx is `paid`.
- `src/pages/SellerOAuthCallback.tsx` – reads `code`, calls `trustap-oauth-claim`.
- `src/pages/BuyerDashboard.tsx` – buyer's transactions with poll + confirm-delivery buttons.
- `src/pages/PaymentReturn.tsx` – landing page after hosted-pay redirect; polls until `paid`.
- `ListingCard` / `ListingDetailModal` – "Buy with Trustap" button invoking `trustap-create-transaction` with `redirect_uri` = `/payment/return?tx=...`, then `window.location = pay_url`.
- Register all new routes in `src/App.tsx`.

## Auth
- Standard email/password signup + login (no anonymous, no auto-confirm email unless asked).
- Include Google OAuth provider.

Deliver this end-to-end so a buyer can purchase a listing, the seller can claim via OAuth, add tracking once paid, and the buyer can confirm delivery — all against Trustap stage.
```

## Debugging

After you build something using vibe-coding, it may not work as expected. Use the following to help understand the issues and explain to our support team what has gone wrong.

### Common things that go wrong

* `It worked in Lovable / Cursor / ChatGPT's code but not in my app`.
The AI may have written code that looks right but is missing a header, using the wrong method, or sending data in the wrong format. Try testing the same request in a tool like Postman or copy-paste your request details to us.
* `I keep getting 401`.
Your API key does not reach our server. Common causes: it's in the wrong place in your code, there's a typo, or it got accidentally hardcoded as a placeholder like `API_KEY`.
* `The AI says my code is correct but it still fails`.
AI coding tools are great at syntax but sometimes confuse our specific API rules. Share the code snippet and the error to help us identify issues.


### What to send us when you ask for help

Send the following pieces of information to our support team when looking for help.

1. The URL you were calling (e.g. https://api.stage.trustap.com/v1/orders)
2. The method (GET, POST, PUT, PATCH, DELETE)
3. The status code (the three-digit number)
4. The error message (the text that came back)
5. What you were trying to do in plain English


Additionally, try to prove the following if you can.

1. Your transaction ID.
2. A copy of what you sent (your request body — no real API keys or passwords)


## Disclaimer

Trustap provides AI tools to help with your integration. These tools are separate from our technical specifications. The written documentation is the only official guide for Trustap partners.

Use AI responses as a starting point. Do not treat them as absolute facts. Trustap is not responsible for errors in AI content or for user mistakes. Use the verified documentation as the primary source for all API calls and workflows.