diff --git a/modules/gateways/callback/xendit.php b/modules/gateways/callback/xendit.php
index 4b0f690..910dbe9 100644
--- a/modules/gateways/callback/xendit.php
+++ b/modules/gateways/callback/xendit.php
@@ -20,18 +20,18 @@
 // Create/Update credit card
 if ($action == 'updatecc' || $action == "createcc") {
     /*
-     * Make sure the 3DS authentication status = 1
+     * Make sure the CC authentication status = 1
      * That mean the CC token is valid to create the charge
      */
-//    if(!isset($postData['xendit_3ds_authentication_status']) || $postData['xendit_3ds_authentication_status'] == 0){
-//        logTransaction($gatewayParams['paymentmethod'], $postData, "3DS authentication failed");
-//        $creditCard->renderJson(
-//            [
-//                'error' => true,
-//                'message' => '3DS authentication failed.',
-//            ]
-//        );
-//    }
+    if(!isset($postData['xendit_cc_authentication_status']) || $postData['xendit_cc_authentication_status'] == 0){
+        logTransaction($gatewayParams['paymentmethod'], $postData, "CC authentication failed");
+        $creditCard->renderJson(
+            [
+                'error' => true,
+                'message' => 'CC authentication failed.',
+            ]
+        );
+    }
 
     /*
      * Make sure the credit card info has value
@@ -70,7 +70,7 @@
         $creditCard->renderJson(
             [
                 'error' => true,
-                'message' => 'Invalid Hash',
+                'message' => 'Invalid.',
             ]
         );
     }
diff --git a/modules/gateways/xendit.php b/modules/gateways/xendit.php
index 7eb60ae..70f9776 100644
--- a/modules/gateways/xendit.php
+++ b/modules/gateways/xendit.php
@@ -10,7 +10,7 @@
 require __DIR__ . '/xendit/autoload.php';
 
 // defines
-define('XENDIT_PAYMENT_GATEWAY_VERSION', '1.0.6');
+define('XENDIT_PAYMENT_GATEWAY_VERSION', '1.0.7');
 
 use WHMCS\Billing\Invoice;
 use Xendit\Lib\ActionBase;
@@ -203,7 +203,7 @@ function xendit_remoteinput($params)
         $cardSettings = $xenditRequest->getCardSettings();
         $canUseDynamic3ds = $cardSettings['can_use_dynamic_3ds'] ?? 0;
     } catch (\Exception $e) {
-        return (new ActionBase)->errorMessage($e->getMessage());
+        return $creditCard->errorMessage($e->getMessage());
     }
 
     // Client Parameters
@@ -300,7 +300,7 @@ function xendit_remoteupdate($params)
         $cardSettings = $xenditRequest->getCardSettings();
         $canUseDynamic3ds = $cardSettings['can_use_dynamic_3ds'] ?? 0;
     } catch (\Exception $e) {
-        return (new ActionBase)->errorMessage($e->getMessage());
+        return $creditCard->errorMessage($e->getMessage());
     }
 
     // Client Parameters
diff --git a/modules/gateways/xendit/assets/js/xendit.js b/modules/gateways/xendit/assets/js/xendit.js
index 04b982e..5d3304a 100644
--- a/modules/gateways/xendit/assets/js/xendit.js
+++ b/modules/gateways/xendit/assets/js/xendit.js
@@ -75,7 +75,7 @@ jQuery(function ($) {
             if (typeof err != 'undefined') {
                 failure_reason = err.message || err.error_code;
             } else {
-                failure_reason = 'We encountered an issue while processing the checkout. Please contact us. Code: 200035';
+                failure_reason = 'We encountered an issue while processing the update card. Please contact us. Code: 200035';
             }
             cc_xendit_form.validation.html(failure_reason);
             cc_xendit_form.form.append("<input type='hidden' class='xendit_cc_hidden_input' name='xendit_failure_reason' value='" + failure_reason + "'/>");
@@ -209,13 +209,9 @@ jQuery(function ($) {
             if(cc_xendit_form.canUseDynamic3DS()){
                 Xendit.card.threeDSRecommendation({'token_id': token_id}, cc_xendit_form.on3DSRecommendationResponse);
             }else{
-                let data = {'token_id': token_id, 'amount': '10000'};
-                Xendit.card.createToken(data, cc_xendit_form.onTokenizationResponse);
+                Xendit.card.createAuthentication({'token_id': token_id, 'amount': 0}, cc_xendit_form.on3DSAuthenticationResponse);
             }
 
-            // Check if it needs to use 3DS
-            Xendit.card.threeDSRecommendation({'token_id': token_id}, cc_xendit_form.on3DSRecommendationResponse);
-
             // Prevent form submitting
             return false;
         },
@@ -228,11 +224,11 @@ jQuery(function ($) {
             }
 
             if(response.should_3ds){
-                let data = {'token_id': $("input[name='xendit_token']").val(), 'amount': '10000'};
+                let data = {'token_id': $("input[name='xendit_token']").val(), 'amount': '0'};
                 Xendit.card.createAuthentication(data, cc_xendit_form.on3DSAuthenticationResponse);
                 return;
             }else{
-                cc_xendit_form.form.append( "<input type='hidden' class='xendit_cc_hidden_input' name='xendit_3ds_authentication_status' value='1'/>" );
+                cc_xendit_form.form.append( "<input type='hidden' class='xendit_cc_hidden_input' name='xendit_cc_authentication_status' value='1'/>" );
                 cc_xendit_form.form.submit();
                 return false;
             }
@@ -244,7 +240,7 @@ jQuery(function ($) {
                 return false;
             }
 
-            let threeDsAuthenticationSuccess = 0;
+            let ccAuthenticationSuccess = 0;
             if(response.status === 'IN_REVIEW' || response.status === 'CARD_ENROLLED' ){
                 $('body').append('<div class="three-ds-overlay" style="display: none;"></div>' +
                     '<div id="three-ds-container" style="display: none;">\n' +
@@ -255,20 +251,15 @@ jQuery(function ($) {
                 $("#three-ds-container").show();
                 return;
             }else if (response.status === 'APPROVED' || response.status === 'VERIFIED') {
-                threeDsAuthenticationSuccess = 1;
+                ccAuthenticationSuccess = 1;
                 $(".three-ds-overlay").hide();
                 $("#three-ds-container").hide();
             }
-
-            cc_xendit_form.form.append( "<input type='hidden' class='xendit_cc_hidden_input' name='xendit_3ds_authentication_status' value='"+ threeDsAuthenticationSuccess +"'/>" );
+            cc_xendit_form.form.append( "<input type='hidden' class='xendit_cc_hidden_input' name='xendit_cc_authentication_status' value='"+ ccAuthenticationSuccess +"'/>" );
             cc_xendit_form.form.submit();
             return;
         },
 
-        shouldAuthenticate: function (){
-            return $("input[name='should_authenticate']").val() == 1;
-        },
-
         canUseDynamic3DS: function (){
             return $("input[name='can_use_dynamic_3ds']").val() == 1;
         },
diff --git a/modules/gateways/xendit/handler/updatecc.php b/modules/gateways/xendit/handler/updatecc.php
index 6c90784..61851b7 100644
--- a/modules/gateways/xendit/handler/updatecc.php
+++ b/modules/gateways/xendit/handler/updatecc.php
@@ -40,7 +40,7 @@
     ])
 );
 if ($verificationHash !== $comparisonHash) {
-    die('Invalid hash.');
+    die('Invalid.');
 }
 
 if ($action === 'payment') {
diff --git a/modules/gateways/xendit/lib/ActionBase.php b/modules/gateways/xendit/lib/ActionBase.php
index 448258f..6fd123a 100644
--- a/modules/gateways/xendit/lib/ActionBase.php
+++ b/modules/gateways/xendit/lib/ActionBase.php
@@ -354,6 +354,9 @@ public function renderJson(array $data)
      */
     public function errorMessage(string $message = ''): string
     {
+        if (strpos($message, 'INVALID_API_KEY') !== false) {
+            $message = 'The API key is invalid.';
+        }
         return sprintf('<p class="alert alert-danger">%s</p>', $message);
     }