The following is an overview of the environments, end-points, and requirements for utilizing the PayConex API Library.
To begin integrating the first step is connecting to our certification environment.
If you have not been provided a certification account yet you may request access by following this link.
If you have any technical issues during the development or certification process please our Integrations team at [email protected] Members of our Integrations team can assist with technical or solutions questions that may arise.
There are two PayConex environments each with their own URL.
The certification test environment:
The production environment:
All preliminary development must be conducted and tested within the certification environment.
Important API Credential Information
You will be issued different API credentials for certification and production. After the development and certification process is completed you will need to update your software to use the production environment's URL, and the PayConex API credentials with the new production account credentials.
There are four end-points that are available in the PayConex API Library:
Reporting Service API
Transaction Status API
Scheduling Layer API
Use of the PayConex Gateway and its API’s has certain minimum requirements that must be met. In addition, there are various security configurations that are enforced, which are explained below.
A merchant account that can accept transactions through First Data, Paymentech (PNS-Tampa) Netconnect, Elavon, Vital/TSYS, or ACHWorks/TSS is required. Other processors are being added, so please inquire with your sales representative for a current list of processor interfaces in progress.
The merchant account must be properly underwritten and configured to support the intended payment channel: Ecommerce, Card Not Present (CNP), Card Present (swipe), etc.
The merchant account must have the appropriate entitlements configured to support the appropriate bankcard or charge-card type: Visa, MasterCard, Discover, American Express, Diners Club, JCB, ACH and EBT.
An appropriate PCI PED/PTS-compliant injected keypad or swipe device in order to accept PIN numbers, swiped card tracks, or to implement P2PE (point-to-point encryption) or E2E (end-to-end encryption) is required.
The application must be capable of performing a CGI FORM POST over TLS1.1 or greater (HTTPS) via port 443 and storing access credentials securely.
The software application, any service provider or host that is transmitting, storing, or processing cardholder data, and the merchant must be in compliance with the appropriate PCI SSC (Payment Card Industry Security Standards Council) security initiative, PCI-DSS (Data Security Standard) for merchants and service providers, or PA-DSS (Payment Application) for software vendors. PCI compliance for the application and merchant are the responsibility of the merchant and its application partners. For customers who want to ensure their PCI compliance, Bluefin provides an array of compliance services as part of their added service lines. Please contact your sales representative for more information.
Did you know?
Implemented correctly, the PayConex transaction process is PCI compliant. If you have any concerns about the PCI compliance of your existing corporate infrastructure, your legacy applications, or how to properly implement QSAPI for compliancy, please contact us at [email protected] to have a representative discuss our PCI compliance consulting services.
When you secure your merchant account with Bluefin, you have access to a very unique resource. Bluefin is one of a handful of merchant account providers who maintain their own Merchant Compliance Assistance Department. This means that your questions about PCI are answered expeditiously, you have access to our convenient online tools, and if you have need of external scans or need assistance with preparing for an on-site audit by a QSA (Qualified Security Assessor), Bluefin can serve as your expert advocate.
For PCI compliance and security reasons, merchants should not store cardholder data for any reason. Tokenization functionality is described herein that will allow merchants to perform reissues, refunds, returns, voids, and recurring billing without the need to store the card number.
Updated about a month ago
Follow this link to the next article for information on authenticating a PayConex API request