Bluefin's Developer Portal

Using the P2PE Manager APIs

The Decryptx management APIs provide a way to integrate software services with the Decryptx Platform. These APIs provide an alternative to the P2PE Manager. The APIs are designed to be used by both Decryptx Partners and Key Injection Facilities (KIFs). They expose different functionality to each types of users based on that user's role. The management APIs cannot be accessed by users with Client level user roles.

Partner User Access

The following table outlines the REST operations that a Partner user can access. These APIs are designed to allow Partners to integrate functionality for their Clients on their own services, therefore Partners have increased access to P2PE resources on the Management APIs when compared to the GUI. For example, a Partner cannot alter a device's state on the P2PE Manager GUI, whereas they can with the Management APIs.

EndPointGET (all)POSTGET (Single)PATCHDELETE
/api/v1/users✔*
/api/v1/partners
/api/v1/clients
/api/v1/decryption
/api/v1/devices✔*
/api/v1/deviceBuilds
/api/v1/deviceTypes
/api/v1/deviceStates
/api/v1/devices/{serial}/{type}/custody
/api/v1/locations✔*
/api/v1/shipments
/api/v1/attestations
/api/v1/transactions
/api/v1/kifs
/api/v1/injectkeys
/api/v1/virtualDevices/{partner}
  • If a resource has been used one or more times, it cannot be deleted.

KIF User Access

The following table outlines the subset of Management APIs that a user with a KIF role can access. Some resources will only appear if they are in a particular state. For example, a Device will appear in the GET all endpoint if it's deviceState is set to Unassigned, Assigned, or Injected. Once it is received by the merchant and set to stored or activating, it will no longer appear on the GET all devices response for the originating KIF.

EndpointGET (all)POSTGET (Single)PATCHDELETE
/api/v1/users✔*
/api/v1/partners
/api/v1/clients
/api/v1/decryption
/api/v1/devices
/api/v1/deviceBuilds
/api/v1/deviceTypes
/api/v1/deviceStates
/api/v1/devices/{serial}/{type}/custody
/api/v1/locations✔*
/api/v1/shipments
/api/v1/attestations
/api/v1/transactions
/api/v1/kifs
/api/v1/injectkeys
/api/v1/virtualDevices/{partner}
  • If a resource has been used one or more times, it cannot be deleted.

Authentication

Our Management APIs support basic, HMAC and RSA authentication. For testing purposes you can use basic or RSA encryption for authentication, however our production environment requires the use of HMAC.

API Authentication

Resource Mutability

With the Management APIs, as with the P2PE Manager, once a resource has been utilized it cannot be deleted. Only three resource types can be deleted: users, devices and locations. However, if a user has logged into the system even once, or a location/device has been used they cannot be deleted. As an alternative to deleting each of these resources can be set to inactive.

Transactions Endpoints

The transaction endpoints are included in the Management APIs for Partners that have their own (Domain 5) P2PE compliant decryption environment and who wish to use the P2PEManager to manage their partners, merchants and devices. Our transactions endpoints allow them to journal their decryption activity into the P2PE Manager, allowing the Partner to utilize the P2PE Manager for their device management and chain of custody. The Partner's Client can then benefit from the device management, chain of custody, and historical decryption activity even when decryptions occur outside of the Decryptx system.

Updated 22 days ago


What's Next

In order to get started, you'll want to check out our Authentication guide. If you've already covered that, continue on to our other guides.

API Authentication

Using the P2PE Manager APIs


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.