PayConexDecryptxShieldConexTECS Platform
API Reference
Request SandboxContact Us

Bluefin 3DS Support

Guide on Bluefin 3DS Integration for PayConex™ V4 API

Overview

This section is an addition to the 3D Secure page and it specifically targets the configuration and usage of 3D Secure for the PayConex™ V4 API.

To understand the basics and purposes of 3DS protocol and Bluefin 3DS support in the PayConex™ environment, we recommend that you first familiarise yourself with some background information in the following documentation:

Checkout Component 3DS flow

It is essential to understand the communication bridge that takes place between the Checkout Component and 3D Secure to efficiently use this feature.

🚧

Note

3DS feature is only supported for iframe configurations selecting card payments. For more, see Creating a Configuration and Creating an Instance.

PayConex™ Checkout Component with Bluefin 3DS Flow

PayConex™ Checkout Component with Bluefin 3DS Flow

  1. Challenge Initiation: The Checkout Component is loaded with bearerToken. Once the customer fills out the initial form, and if the 3DS feature is enabled, a request is sent via the PayConex™ V4 API to the issuers to initiate a challenge. At this point, the communication bridge between the issuers and the Checkout Component is established.
  2. Challenge Completion: The challenge is displayed to the customer, awaiting completion.
  3. Tokenization: After the customer successfully completes the challenge, the Checkout Component again communicates with PayConex™ V4 API and ShieldConex® to tokenize the sensitive data and returned 3DS data.
  4. Token for Transaction Processing: The token is returned to the Checkout Component and prepared for vaulting for reuse, completing the workflow.

📘

Did you know?

This 3DS solution is also integrated in the Bluefin TECS Web for all kinds of transactions including MITs, CITs, and COF transactions. To compare the PayConex™ system and TECS Web integrations, check out TECS 3D Secure Transaction.

Requirements

The user must enable the 3D Secure option in the PayConex™ Portal settings, under the Security Features section, using our Bluefin 3DS solution as the 3DS service. In the PayConex™ Portal, this service is labeled and referred to as BLUEFIN, as shown in the example below.

PayConex™ Portal Security Features

PayConex™ Portal Security Features

🚧

Note

The Bluefin Administrators must first enable this security feature for iframe configurations to support and integrate 3D Secure. If you do not see it in the Settings, please reach out to the Bluefin Technical Team for assistance.

Configuring 3D Secure

In the V4 API environment, 3D Secure is enabled and configured during the setup of the iframe configuration and instance. This can also be done at the time of iframe instance creation, where it is also possible to override a configuration. Once the bearerToken is generated, the Checkout Component instance is securely loaded.

🚧

Note

threeDSecureInitSettings are individual 3D Secure settings that are defined per instance.

The threeDSecureInitSettings parameter is required only with with threeDSecure set to "required" and one of the allowedPaymentMethods being "CARD" or "GOOGLE_PAY".

Iframe Configuration

To support 3D Secure, we must first set threeDSecure to "required" in our iframe configuration. Alternatively, it can be overwritten at the time of instance creation. This is defined in cardSettings.

POST /api/v4/accounts/{accountId}/payment-iframe

{
  "label": "Multi-Payment iframe",
  "language": "ENGLISH",
  "timeout": 600,
  "allowedPaymentMethods": [
    "CARD"
  ],
  "allowedParentDomains": [
    "tools.bluefin.com"
  ],
  "cardSettings": {
    "cvv": "required",
    "billingAddress": {
      "address1": "required",
      "address2": "optional",
      "city": "required",
      "state": "required",
      "zip": "required"
    },
    "capturePhone": "omit",
    "threeDSecure": "required",
    "captureEmail": "omit",
    "captureShippingAddress": false
  },
  "currency": "USD",
  "savePaymentOption": "required"
}

*Required Scopes: pcx:iframe:*, pcx:iframe:create

📘

Also See

Before digging into the iframe configuration request, make sure you have brushed up on Iframe Configuration.

Iframe Instance

When creating an iframe instance, along with many other options comes the main 3DS initialization settings that qualify for 3D Secure chargeback protections. The following endpoint returns the bearerToken that loads our Checkout Component.

POST /api/v4/accounts/{accountId}/payment-iframe/{resourceId}/instance/init

{
  "label": "my-instance-1",
  "amount": "20",
  "threeDSecureInitSettings": {
    "transactionType": "GOODS_SERVICE_PURCHASE",
    "deliveryTimeFrame": "ELECTRONIC_DELIVERY",
    "threeDSecureChallengeIndicator": "NO_PREFERENCE",
    "reorderIndicator": "FIRST_TIME_ORDERED",
    "shippingIndicator": "BILLING_ADDRESS"
  }
}

*Required Scopes: pcx:iframe:instance:*, pcx:iframe:instance:create

📘

Also See

Before digging into the iframe instance request, make sure you have brushed up on Iframe Instance Creation.

Iframe Instance Overwriting cardSettings

As mentioned above, it is possible to configure the 3DS settings during the iframe instance creation.

POST /api/v4/accounts/{accountId}/payment-iframe/{resourceId}/instance/init

{
  "label": "my-instance-1",
  "amount": "20",
  "cardSettings": {
    "cvv": "required",
    "billingAddress": {
      "address1": "required",
      "address2": "optional",
      "city": "required",
      "state": "required",
      "zip": "required"
    },
    "capturePhone": "omit",
    "threeDSecure": "required",
    "captureEmail": "omit",
    "captureShippingAddress": false
  },
  "threeDSecureInitSettings": {
    "transactionType": "GOODS_SERVICE_PURCHASE",
    "deliveryTimeFrame": "ELECTRONIC_DELIVERY",
    "threeDSecureChallengeIndicator": "NO_PREFERENCE",
    "reorderIndicator": "FIRST_TIME_ORDERED",
    "shippingIndicator": "BILLING_ADDRESS"
  }
}

*Required Scopes: pcx:iframe:instance:*, pcx:iframe:instance:create

Here is a breakdown of the 3D Secure settings shown in the example request.

cardSettings.threeDSecure

OptionDescription
"required"The iframe instance requires the 3D Secure to be completed.
"omit"The iframe instance omits the 3D Secure altogether.

threeDSecureInitSettings

transactionType

Each option provides context about the nature of the transaction, helping to ensure accurate processing and risk assessment.

OptionDescription
"GOODS_SERVICE_PURCHASE"Indicates a purchase of goods or services. This is the most common type of transaction for retail or eCommerce.
"CHECK_ACCEPTANCE"Refers to the acceptance of a check as a form of payment.
"ACCOUNT_FUNDING"Represents a transaction that involves funding an account, such as adding funds to a digital wallet or prepaid card.
"QUSAI_CASH_TRANSACTION"Refers to transactions similar to cash withdrawals, such as purchasing traveler’s checks, foreign currency, or gambling tokens.
"PREPAID_ACTIVATION"Refers to activating a prepaid account or card, often involving an initial funding transaction.

deliveryTimeFrame

As the setting name suggests, this is the time for the goods to be delivered. The descriptions are pretty much self-explanatory given the options.

OptionDescription
"ELECTRONIC_DELIVERY"Electronic Delivery.
"SAME_DAY_SHIPPING"Same day shipping.
"OVERNIGHT_SHIPPING"Overnight shipping.
"TWO_DAYS_OR_MOSRE_SHIPPING"Two-day or more shipping.

threeDSecureChallengeIndicator

OptionDescription
"NO_PREFERENCE"We suggest that our merchants leave this option blank. This option is the most frictionless.
"PREFER_NO_CHALLENGE"Preference for no challenge to be presented to the end user.
"PREFER_A_CHALLENGE"Preference for the issuing bank to present a challenge to the end user.
"OVERWRITE_NO_CHALLENGE"Challenge is never presented to the end user.
"REQUIRES_MANDATE_CHALLENGE"This option dictates that a challenge must be presented to the end users.

reorderIndicator

This setting indicates whether the order is new or was ordered before.

OptionDescription
"FIRST_TIME_ORDERED"First time ordered.
"REORDER"Reordered.

shippingIndicator

OptionDescription
"BILLING_ADDRESS"Ship to cardholder's billing address. See Transaction Metadata billingAddress.
"MERCHANT_VERIFIED_ADDRESS"Ship to another verified address on file with merchant.
"NOT_BILLING_ADDRESS"Ship to address that is different than the cardholder's billing address.
"SHIP_TO_STORE"Ship to Store / Pick-up at local store (Store address will be populated in shipping address fields).
"DIGITAL_GOODS"Digital goods (includes online services, electronic gift cards and redemption codes).
"TRAVEL_AND_EVENT_TICKETS"Travel and Event tickets, not shipped.
"PICK_UP_AND_GO_DELIVERY"Indicates that the customer will pick up the purchased items in person or that the delivery service is immediate and does not involve standard shipping processes. Often used for express orders or convenience-driven transactions like curbside pickup.
"LOCKER_DELIVERY"Indicates that the purchased items will be delivered to a secure locker for the customer to retrieve at their convenience. Commonly used in scenarios like package lockers at residential complexes, stores, or designated pick-up locations.
"OTHER"Other (for example, Gaming, digital services not shipped, emedia subscriptions, etc.).

3D Secure Transaction Processing

Finally, we include the token returned by the Checkout Component via the JavaScript SDK and we are set to make a transaction request. To see how to get this token, check out Using the SDK section and the checkoutComplete event.

📘

Note

The PayConex™ token already includes the 3DS-Authenticated data, so we simply use it in the transaction request.

Request

POST /api/v4/accounts/{accountId}/payments/sale

{
  "bfTokenReference": "PAYCONEX_TOKEN",
  "posProfile": "ECOMMERCE",
  "amounts": {
    "total": "5.00",
    "currency": "USD"
  }
}

*Required Scopes: pcx:payments:*, pcx:payments:card_not_present:*, pcx:payments:card_not_present:sale

Response

The transaction request generates a result similar to the following when it comes to 3D Secure metadata.

{
  "transactionId": "000000048726",
  "status": "CAPTURED",
  "timestamp": "2025-04-10T20:01:32.000000Z",
  "customer": {
    "name": "Jane Smith",
    "email": "[email protected]",
    "phone": "+14441234321",
    "billingAddress": {
      "address1": "123 Plain St",
      "address2": "West Side",
      "city": "Atlanta",
      "state": "GA",
      "zip": "90210",
      "country": "USA"
    }
  },
  "trace": {
    "history": [
      {
        "action": "transaction",
        "requestId": "784232bb-e082-4701-a3bb-4f7a955577fc",
        "correlationId": "24c2269c-e8a9-49dc-99ba-a907e6a8a325",
        "timestamp": "2025-04-10T15:01:29-05:00"
      }
    ],
    "networkTransactionId": "015100666209509G467"
  },
  "amounts": {
    "currency": "USD",
    "approved": "5.00",
    "requested": "5.00",
    "balance": "5.00"
  },
  "auth": {
    "code": "OK5137",
    "processorMessage": "APPROVED",
    "message": "APPROVED",
    "networkName": "VISA",
    "avsResponseCode": "Y"
  },
  "card": {
    "name": "Jane Smith",
    "last4": "9990",
    "expiry": "1225",
    "brand": "VISA"
  },
  "binData": {
    "program": "STANDARD"
  },
  "threeDSecure": {
    "protectionEnabled": true,
    "eci": "05",
    "status": "Y",
    "statusResult": "Authenticated",
    "version": "2.2.0",
    "token": "ji+A0S72pd/RFOrr1fwCKXKqDno=",
    "transactionId": "2abe7b65-45cd-4a58-bcd3-8b10b8f8f50e"
  },
  "transactionType": "SALE",
  "entryMode": "KEYED",
  "refundObject": {
    "refundBalance": "5.00"
  }
}

threeDSecure

As part of the transaction metadata shown in the example response above, this is 3DS-related data indicating whether 3DS was enabled for that certain transaction including status, version, token, etc.

Here is a comprehensive breakdown.

ParameterTypeDescriptionExample
protectionEnabledbooleanWhether the transaction has the 3D Secure enabled.true
ecistringElectronic Commerce Indicator: A payment system-specific value provided by the ACS to indicate the outcome of the cardholder authentication attempt. This code is returned by the issuing banks and credit card-specific networks to notify a merchant about the authentication of the cardholder and the status of the card holder's issuing bank under the 3D Secure Authentication program. This value is represented by 2 characters. For Visa ECI values, check out 5.1 Electronic Commerce Indicator (ECI).
For Mastercard ECI values, see E-Commerce Commerce Indicator.		"05"
statusstring3DS status from 3rd party.
For Mastercard 3DS status values, check out Mastercard Identity Check Program Guide under Whitelisting Status Response.
For Visa 3DS status values, check out Common Visa 3DS Status Values. Enumerations: [ Y, A, I, N, U, C, R ]		"Y"
statusResultstringWhether the transaction was successfully 3DS-Authenticated with the protection enabled."Authenticated"
versionstring3DS Protocol version"2.2.0"
tokenstringPayment System-specific authentication value provided as part of the ACS registration for each supported DS. It is 28 characters long."ji+A0S72pd/RFOrr1fwCKXKqDno="
transactionIdstringA universally unique transaction identifier assigned by the DS to distinguish a single transaction. It is 36 characters long."2abe7b65-45cd-4a58-bcd3-8b10b8f8f50e"

Test Card Numbers

The following set of test card numbers can be used to evaluate the different ECI values and 3DS statuses. Where the status and ECI are a ? the card number is triggering a challenge, the results will depend on the option selected in the dropdown on the challenge dialog set in the iFrame options.

📘

Note

These cards are intended solely for testing purposes and should only be used in the Testing/Certification environment. They allow merchants and developers to simulate real-life scenarios to gain a better understanding of how 3D Secure operates.

3D Secure 2.0 Test Cards

Card NumberNetworkPromptECIStatus/Success
4124 9399 9999 9990VisaN5Y
4485 6600 0000 0007VisaN7N
4485 6666 6666 6668VisaY?? - Depends on the challenge completion
4160 2944 4444 4449Visa--Error: Card Not Enrolled
5406 0044 4444 4443MastercardN2Y
5415 2444 4444 4444MastercardN0N
5472 0655 5555 5557MastercardY?? - Depends on the challenge completion
6011 9933 3333 3334DiscoverN5Y
6011 4023 4444 4445DiscoverN7N
6011 9922 2222 2228DiscoverY?? - Depends on the challenge completion
3700 009999 99990AmExN5Y
3700 002222 22228AmExN7N
3400 001111 11117AmExY?? - Depends on the challenge completion