PayConex is Bluefin’s payment gateway, and can be used independently or integrated in multiple ways.

PayConex provides merchants with a consolidated gateway experience for both card & ACH. Our APIs, gateway, iFrames, and Hosted payments support both card & ACH. We are compliant with card brand standards and all of our payment channels are tightly integrated to the PayConex gateway which provides merchants and consumers with a seamless experience across all of our channels.

PayConex Portal

The PayConex Portal is a web-based user interface through which transactions can be run, the transaction history can be viewed, and basic reports can be generated. Transactions can include sales, refunds, authorizations, store, or reissues. It is also possible to set up recurring transactions. The PayConex Portal also allows the management of account settings, users, and for agent accounts, it allows accessing and managing child accounts.

Bluefin API Library

The Bluefin API Library is a set of Internet-based APIs that allow an external software to communicate directly with the payment gateway.

  • PayConex API The PayConex API (QSAPI) allows our clients to programmatically submit transactions through the PayConex gateway.
  • Reporting Service API The Bluefin Reporting Services API (RSAPI) provides our clients with access to reporting data and allows them to extract formatted exports of transaction data.
  • Scheduling Layer API The Bluefin Scheduling Layer (SAPI) allows our clients to create a wide range of recurring transaction scenarios.
  • Transaction Status API The Transaction Status API (TSAPI) ensures processing and communication integrity. It allows pre-fetch token IDs to be later submitted with a new transaction and to query the status of the transaction and whether it was received, approved, or declined.

PayConex API (QSAPI)

PayConex is Bluefin’s flagship transaction processing solution. The PayConex API (QSAPI) allows developers to programmatically submit transactions through the PayConex Gateway. QSAPI’s flexible solutions allow our clients several options for submitting transactions while maintaining PCI compliance through the entire process. QSAPI supports any application or device that can connect through the Internet-based API and also offers PCI compliance scope reduction through technologies such as end-to-end encryption (E2E) and tokenization. When used in conjunction with our Secure iFrame or Hosted Payment Forms features, a merchant can greatly reduce PCI compliance scope by bypassing any permanent or temporary storage of cardholder data (CHD) on servers, networks, or computing devices.

Reporting Services API (RSAPI)

The Reporting Services API (RSAPI) provides our clients with a level of access to reporting data rarely found in the industry. Using RSAPI, developers can request formatted exports of transaction data. RSAPI’s reports contain no sensitive cardholder data, such as card numbers, meaning the data provided by RSAPI is 100% PCI compliant.

Bluefin Scheduling Layer API (SLAPI)

The Scheduling Layer API (SLAPI) allows our clients to create recurring payment schedules without having to build a client-side recurring payment solution. This API allows our clients to create a wide range of recurring transaction scenarios to manage the unique transaction processing needs of their business. This API also allows our clients to access existing recurring payment records using our secure PCI compliant token system to modify, cancel, or view recurring payment schedules and details.

Transaction Status API (TSAPI)

From time to time, an Internet Service Provider (ISP) or upstream Internet network (the backbone of the Internet) may lose a packet or timeout on a communication during the response from QSAPI to your system. This is where TSAPI comes to the rescue. Developers can use TSAPI to mitigate issues with packet loss and communication breakdown by pre-fetching token IDs and submitting them with a new transaction. If there is ever an Internet timeout, a developer can query TSAPI to obtain the status of the transaction and whether it was received, approved, or declined. This reduces duplicate charges and enhances the overall integrity of the communication process.

Payment iFrame

The Payment iFrame allows a merchant to embed an iFrame on their checkout page that will encrypt sensitive payment data entered by a user. This encrypted value is called an eToken.

After encrypting the payment data the Payment iFrame returns an "eToken" to the browser. A developer can pass that eToken from their webpage to their web server and process payments through the PayConex API using the eToken value in place of unencrypted credit card or ACH account numbers.

The Payment iFrame and the accompanying JavaScript client library allow the developer to perform card or ACH transactions in a PCI compliant manner while also affording them greater programmatic control over the look and feel of the embedded input form.

PCI Scope

The Payment iFrame reduces PCI scope by enabling a merchant to outsource the capture of sensitive credit and debit card or ACH payment data to Bluefin.

With our Payment iFrame solution the merchant never handles card or ACH payment data directly. PayConex controls the capture of the data, sends it for encryption, and releases an encrypted token (eToken) to the browser which can then be used with the PayConex API for further payment processing.


This diagram outlines the typical flow of a Payment iFrame transaction.

Different Environments Impacted by PCI Scope

The diagram above outlines the typical flow of a Payment iFrame transaction. The colors represent the different environments impacted by PCI scope:

  • The iFrame Controller deals directly with the card or check data and is exclusively controlled by Bluefin.
  • The Merchant Server handles eTokens and non-sensitive card data which includes the expiration date as well as the first digit and last four digits of the card number. This part is controlled by the merchant.
  • The User's Browser is the end user's environment which is beyond the control of both the merchant and Bluefin.