Using the PayConex™ APIs

An overview of the environments, endpoints, and requirements for utilizing the PayConex API Library.

There are two PayConex environments (one for testing and one for processing) each with its own base URL for connecting to the PayConex API.

To begin an integration, the first step is to get connected to the PayConex certification environment.

If you have not been provided a certification account yet you may request access by following this link.

If you have any technical issues during the development or certification process please contact our Integrations team at [email protected]. Our team members can assist you with any questions that may arise.

📘

Important API Credential Information

You will be issued different API credentials for certification and production. After the development and certification process is completed you will need to update your software to use the production environment's URL, and the PayConex API credentials with the new production account credentials.

All preliminary development must be conducted and tested within the certification environment.

Further information about base URLs, API end-points, and establishing connections with the PayConex API can be found in our guide on Connecting to the API.

API Requirements

Use of the PayConex Gateway and its APIs has certain minimum requirements that must be met. In addition, there are various security configurations that are enforced, which are explained below.

  1. A merchant account that can accept transactions through First Data, Paymentech (PNS-Tampa) Netconnect, Elavon, Vital/TSYS, or ACHWorks/TSS is required. Other processors are being added, so please inquire with your sales representative for a current list of processor interfaces in progress.

  2. The merchant account must be properly underwritten and configured to support the intended payment channel: Ecommerce, Card Not Present (CNP), Card Present (swipe), etc.

  3. The merchant account must have the appropriate entitlements configured to support the bankcard or charge-card type: Visa, MasterCard, Discover, American Express, Diners Club, JCB, ACH and EBT.

  4. An appropriate PCI PED/PTS-compliant injected keypad or swipe device in order to accept PIN numbers, swiped card tracks, or to implement P2PE (point-to-point encryption) or E2E (end-to-end encryption) is required.

  5. The application must be capable of performing a CGI FORM POST over TLS1.1 or greater (HTTPS) via port 443 and storing access credentials securely.

  6. The software application, any service provider or host that is transmitting, storing, or processing cardholder data, and the merchant must be in compliance with the appropriate PCI SSC (Payment Card Industry Security Standards Council) security initiative, PCI-DSS (Data Security Standard) for merchants and service providers, or PA-DSS (Payment Application) for software vendors. The merchant and their application partners are responsible for PCI compliance for the application. For clients who want to ensure their PCI compliance, Bluefin provides an array of compliance services as part of their added service lines. Please contact your sales representative for more information.

📘

Did you know?

Implemented correctly, the PayConex transaction process is PCI compliant. If you have any concerns about the PCI compliance of your existing corporate infrastructure, your legacy applications, or how to properly implement QSAPI for compliancy, please contact us at [email protected] to have a representative discuss our PCI compliance consulting services.

When you secure your merchant account with Bluefin, you have access to a very unique resource. Bluefin is one of a handful of merchant account providers who maintain their own Merchant Compliance Assistance Department. This means that your questions about PCI compliance are answered expeditiously, you have access to our convenient online tools, and if you need external scans or assistance with preparing for an on-site audit by a QSA (Qualified Security Assessor), Bluefin can serve as your expert advocate.

For PCI compliance and security reasons, merchants should never store cardholder data, for any reason. Tokenization functionality is described herein that will allow merchants to perform reissues, refunds, returns, voids, and recurring billing without the need to store the card number.


What’s Next

Follow this link to the next article for information on connecting to the PayConex API.