EMV Certification Requirement
This page is specifically intended for ISVs doing their own device integration, which requires EMV certification no matter the API environment. For more information, make sure to revisit PayConex™ and Decryptx®.
For more information and the comprehensive list of Bluefin P2PE certified devices, check out:
- P2PE Devices
- Decryptx®: Bluefin Supported PCI-Validated P2PE Devices
- Decryptx®
- Decryptx® Parser
- Point to Point Encryption
- P2PE Manager®
- Device Management
- Processing Payloads
This page can also be used for educational purposes to demonstrate how the device P2PE encrypted payloads and parameters would be included in the V4 API request from scratch.
Here, we briefly cover some of the most common transactions as simple sale transactions with the deviceProfile of PAX_A80:
- Keyed transaction with CVV
- EMV debit
- Contactless
- For the full list of CP device transactions, also refer to API References.
For more on Decryptx®, see Decryptx® Introduction.
PAX_A80We use
PAX_A80in the following examples as it is the most generic model type for PAX payment payloads.
Card Present Endpoints
| API Endpoint | Method | Description |
|---|---|---|
/api/v4/accounts/{accountId}/payments/device-store | POST | Store a card from a device (card verification/COF transaction) |
/api/v4/accounts/{accountId}/payments/device-sale | POST | Process a sale transaction |
/api/v4/accounts/{accountId}/payments/device-auth | POST | Process an authorization transaction |
/api/v4/accounts/{accountId}/payments/device-credit | POST | Process a credit transaction |
/api/v4/accounts/{accountId}/payments/device-force | POST | Process a force transaction |
Note
PayConexâ„¢ Card Present endpoints are prefixed with
device-*since Card Present transactions are executed directly on the device. This naming convention also aligns well with the use case of MOTO Transactions.
Again, before processing CP transactions within our PayConex™ Gateway, it is crucial for Decryptx® to extract and decrypt the sensitive P2PE data that was previously acquired and encrypted at the POS. To do this, devices use an advanced encryption method known as SRED. With that in mind, all of the examples below contain the required "card" field that is encrypted at the POS.
Request Parameters
In a nutshell, here are some essential device parameters for the V4 API with most of these used in the examples below. For the comprehensive list of CP parameters, refer to API References.
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
transactionId | string | false | Use a pre-fetched transaction identifier in case there is a communication error or similar during the ongoing transaction. This is a 12-digit numeric value padded with zeros. See Initializing a Transaction. | "000000001861" |
description | string | false | Transaction description. | "USB Device Purchase - #1". |
customer | object | false | Customer-related data relevant to the transaction. | See customer. |
shippingAddress | object | false | This is the address to which the goods or services purchased by the customer are delivered. | See shippingAddress. |
trace | object | false | Additional custom tracing information such as cashier, clientIp sourceIp, customId, timestamp, etc. | See Transaction Metadata Trace and Processing a Sale for usage. |
rules | object | true | Transaction rules such as allowPartial, allowDuplicate where allowPartial enables partial authorizations on a per-transaction basis and allowDuplicate allows duplicate transactions by overriding the account settings. See Rules. | {"allowPartial": true,"allowDuplicate": true,"disableCVVCheck": false,"disableAVSCheck": false} |
tenderType | string | true | The payment tender type that you are submitting. During a sale, whether it's credit card, debit card, EBT, FSA (healthcare expenses) or other means. Possible enums are: [ "CREDIT", "DEBIT", "EBT", "FSA" ]. | "CREDIT" |
posProfile | string | true | The type of point of sale. See Point of Sale Profiles. | "ATTENDED_ON_PREM_POS" |
deviceProfile | string | true | The type of device used to run a transaction. See Device Profiles. | "PAX_A80" |
entryMode | string | true | Stands for any kind of card entry mode. See Entry Modes. | "KEYED" |
credentialOnFile | object | false | MIT/CITs parameters. Note that only the scheduleIndicator field is allowed, as CP transactions are always customer-initiated. See CITs and MITs. Enums: [ SCHEDULED, UNSCHEDULED ] | { "scheduleIndicator": "UNSCHEDULED" } |
tlv | string | false (depending on entryMode) | Tag length value (TLV) is a data encoding scheme. | 9F26086F520F4F3B... |
pinBlock | object | false (only for for PIN-capable devices) | A block of data consisting of PIN and KSN used to encapsulate a PIN during processing. See Device Profiles for PIN-capable devices. | {"pin": "1234567890123456","ksn": "FFFF9876540002400195"} |
ebt | object | false | For this field to be used, tenderType must be EBT. It specifies the kind of EBT including the following types:- CASH(cash sale)- FOOD(food sale)- VOUCHER(voucher sale)Note that the voucherNumber is required when the type is VOUCHER. | {"type": "VOUCHER","voucherNumber": "1212"} |
device | object | true (required for CP transactions) | The device data information to match the deviceProfile. | See below. |
card | object | true | The card's p2pe and masked credentials. | See below. |
cvm | object | false | The CVM (Cardholder Verification Method) information is included exclusively for the card issuers with the EMV standards for chip card transactions. Signatures are also used for printing receipts. | See below. |
savePayment | boolean | false | Include the bfTokenReference and shieldConexToken in response for reissuing payments. The PayConexâ„¢ token is not required to be used within 10 minutes as it is vaulted and does not expire by default in this case. | true |
device
deviceDevice metadata for the PayConexâ„¢ Gateway and payment processor.
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
type | string | false | The type of device. | "A920" |
serial | string | true | The device serial number. | "0820617507" |
app | string | false | The app where the transaction is run. | "BluePOS" |
appVersion | string | false | The app version. | "1.0.3" |
osVersion | string | false | The OS version of the device. | "Paydroid 6.3" |
capabilities | string | false | Value based on EMV tag 9F33. Only used for MSR and keyed transactions. See Device Profiles. | "E0F8C8" |
terminalRefNum | string | false | Typically used to store a reference number associated with a terminal device, such as a point-of-sale (POS) terminal, during a transaction. This reference number can help identify the specific terminal used for processing the transaction. | "1849f62aa367dee4" |
mode | string | false | Mode for ISV integration: [ "standalone", "semi-integrated" ] | "standalone". |
card
cardp2pe
p2peThese are all of the encrypted P2PE blocks that can be used.
| Parameter | Type | Description | Example |
|---|---|---|---|
ksn | string | Encrypted KSN | "FFFF9876540002400195" |
pan | string | Encrypted PAN | "B3804311123638D" |
cvv | string | Encrypted CVV block | "BC53B84FA4B8F12C" |
track1 | string | Track1 data | "A5F6CC974A943B3804311123638DB514ED6B113BAD13DF7FDED0B5B32ABE528E404CA40DC1BD4F8C7BA15DCEFE5EC56C0BC6A7F970FB872B" |
track2 | string | Track2 data | "0FE17E517D242848D8B01784C38D9914D82A48B298CDEC49301256CE720ED4B73A7E32FBC9922C15" |
cardTracks | string | Combination of track1 and track2 data and, preferably, additional discretionary data that is included in the card tracks. It replaces both track1 and track2 parameters, so the cardTrackscannot be used in combination with those. Intended for swipe transactions. | "02A600C0170018008292;4444********1111=****B3EFF7213793C0DFD61361BD6FE31E61B48CE4242C6A68E7000000000000000000000000000000000000000054313430393030303036629949960E00022001A2E35DDD" |
masked
maskedThese are the masked values from the POS.
| Parameter | Type | Example |
|---|---|---|
pan | string | "444433******1111" |
track1 | string | "%*5415********4444^TEST/BLUEFIN^****************?" |
track2 | string | ";6011********3331=****************?" |
cvm
cvmNote
As outlined in the table above, the CVM (Cardholder Verification Method) information is included exclusively for the card issuers with the EMV standards for chip card transactions. Signatures are also used for printing receipts.
With this parameter provided, the PayConex system modifies the transaction viaPATCHwhich then becomes available as transaction metadata viaGET.
| Parameter | Type | Description | Example |
|---|---|---|---|
method | string | Type of CVM including [ SIGNATURE, OFFLINE_PIN, ONLINE_PIN, NO_CVM_REQUIRED ] | "SIGNATURE" |
signature | string | Vector-based signature format: this format is used to capture and store handwritten signatures digitally. This signature can be captured on the device if supported. This property is required when the CVM method is SIGNATURE. | "0,65535^22,26^23,30^22,33^21,36^20,39^20,43^19,46^18,49^17,53^16,56^16,59^16,62^16,66^16,69^0,65535^8,48^8,45^11,44^14,42^17,40^20,39^0,65535^32,59^35,60^38,58^41,56^44,53^46,49^48,46^47,43^44,43^40,44^37,46^34,49^32,53^31,56^30,59^29,62^30,66^32,69^36" |
method
method| Enumeration | Description |
|---|---|
SIGNATURE | The cardholder's signature is used for verification and printing the receipt. |
OFFLINE_PIN | The cardholder enters their PIN, and the PIN verification is processed offline by the terminal. |
ONLINE_PIN | The cardholder enters their PIN, and the PIN goes off to the Processor and is verified online with the issuer. |
NO_CVM_REQUIRED | No cardholder verification method is needed for the transaction (e.g., for small, contactless transactions). |
Getting Device Profiles
For CP transactions, it is helpful to list all the device profiles associated with your PayConexâ„¢ account. This way, you can validate the capabilities of every device profile available to you.
Point of sale profiles and entry modes are also applied in combination with device profiles.
GET /api/v4/device-profiles
*Required Scopes: pcx:device_profile:read
Here are the tables based on the GET response and the devices respective model group.
PAX
| Device Name | Parser Device Type | Capabilities | EMV Contactless | Printing | Display | Tax Capable | Capture Card Data | PIN Capable |
|---|---|---|---|---|---|---|---|---|
PAX_S300 | generic | E0F8C8 | true | true | true | true | true | true |
PAX_S500 | generic | E0F8C8 | true | true | true | true | true | true |
PAX_Q20L | generic | E0F8C8 | true | true | true | true | true | true |
PAX_D190L | generic | E0F8C8 | true | true | true | true | true | true |
PAX_D210S | generic | E0F8C8 | true | true | true | true | true | true |
PAX_D220L | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A30 | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A35 | generic | E0F8C8 | true | false | true | true | true | true |
PAX_A77 | generic | E0F8C8 | true | false | true | true | true | true |
PAX_A80 | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A800 | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A920 | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A920PRO | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A920MAX | generic | E0F8C8 | true | true | true | true | true | true |
PAX_A3700 | generic | E0F8C8 | true | false | true | true | true | true |
PAX_A6650 | generic | E0F8C8 | true | false | true | true | true | true |
PAX_Q10L | generic | E0F8C8 | true | false | true | true | true | true |
PAX_ARIES6 | generic | E0F8C8 | true | false | true | true | true | true |
PAX_ARIES8 | generic | E0F8C8 | true | false | true | true | true | true |
PAX_IM30 | generic | E0F8C8 | true | false | true | true | true | true |
IDTECH
| Device Name | Parser Device Type | Capabilities | EMV Contactless | Printing | Display | Tax Capable | Capture Card Data | PIN Capable |
|---|---|---|---|---|---|---|---|---|
IDTECH | idtech | C00000 | false | false | false | false | true | false |
IDTECH_EMV | idtech | 600000 | true | false | false | false | true | false |
IDTECH_M130 | idtech | C00000 | false | false | false | false | true | false |
IDTECH_KEYED_ONLY | idtech | 800000 | false | false | false | false | true | false |
IDTECH_SWIPED_ONLY | idtech | 400000 | false | false | false | false | true | false |
IDYNAMO_5
| Device Name | Parser Device Type | Capabilities | EMV Contactless | Printing | Display | Tax Capable | Capture Card Data | PIN Capable |
|---|---|---|---|---|---|---|---|---|
IDYNAMO_5 | generic | 400800 | false | false | false | false | true | false |
IDYNAMO_5_GEN_II | generic | 400800 | false | false | false | false | true | false |
IDYNAMO_5_GEN_III | generic | 400800 | false | false | false | false | true | false |
WISEPAD
| Device Name | Parser Device Type | Capabilities | EMV Contactless | Printing | Display | Tax Capable | Capture Card Data | PIN Capable |
|---|---|---|---|---|---|---|---|---|
WISEPAD_2 | generic | 60F8C8 | true | false | true | true | true | true |
WISEPAD_W300 | generic | 60F8C8 | true | false | true | true | true | true |
INGENICO
| Device Name | Parser Device Type | Capabilities | EMV Contactless | Printing | Display | Tax Capable | Capture Card Data | PIN Capable |
|---|---|---|---|---|---|---|---|---|
INGENICO_GENERIC | generic | E0F8C8 | true | true | true | true | true | true |
INGENICO_IPP350 | generic | E0F8C8 | true | true | true | true | true | true |
Other
| Device Name | Parser Device Type | Capabilities | EMV Contactless | Printing | Display | Tax Capable | Capture Card Data | PIN Capable |
|---|---|---|---|---|---|---|---|---|
QUANTUMPAY_150 | generic | 400000 | false | false | false | true | true | false |
SHUTTLE_MAGSWIPE | generic | 402000 | false | false | false | false | true | false |
Note
In order for the PayConexâ„¢ Gateway to determine which device profile to use, it is critical that a particular device name as
deviceProfileis specified to run a CP transaction, varying based on the device model. The same device profile property is also used for registering a device. See Device Management.
API Examples
Keyed Transaction with CVV
POST /api/v4/accounts/{accountId}/payments/device-sale
{
"credentialOnFile": {
"scheduleIndicator": "UNSCHEDULED"
},
"tenderType": "CREDIT",
"entryMode": "KEYED",
"posProfile": "ATTENDED_ON_PREM_POS",
"deviceProfile": "PAX_A80",
"amounts": {
"currency": "USD",
"total": "27.50"
},
"card": {
"expiry": "1230",
"p2pe": {
"cvv": "BC53B84FA4B8F12C",
"ksn": "FFFF9876540002400195",
"pan": "B3804311123638D"
},
"masked": {
"pan": ""
}
},
"device": {
"type": "A920",
"serial": "0820617507",
"app": "BluePOS",
"appVersion": "1.0.0",
"osVersion": "PayDroid 6.3",
"capabilities": "E0F8C8"
}
}
*Required Scopes: pcx:payments:*, pcx:payments:device:*, pcx:payments:device:sale
EMV Debit
POST /api/v4/accounts/{accountId}/payments/device-sale
{
"rules": {
"allowPartial": true
},
"amounts": {
"additionalFee": "0.00",
"cashback": "2.00",
"currency": "USD",
"gratuity": "0.00",
"surcharge": "0.00",
"total": "25.00"
},
"card": {
"expiry": "1230",
"masked": {
"pan": "444433******1111",
"track2": ";444433******1111=**************?"
},
"p2pe": {
"ksn": "FFFF9876540002400195",
"pan": "B3804311123638D",
"track2": "0FE17E517D242848D8B01784C38D9914D82A48B298CDEC49301256CE720ED4B73A7E32FBC9922C15"
}
},
"device": {
"app": "BluePOS",
"appVersion": "0-22-4-dev-debug",
"mode": "standalone",
"osVersion": "22:5.1.1",
"serial": "0820619992",
"type": "A920"
},
"deviceProfile": "PAX_A80",
"entryMode": "CONTACT",
"pinBlock": {
"ksn": "FFFF3D3D3D0005600161",
"pin": "B2E7B2D1F0EB2E21"
},
"posProfile": "ATTENDED_ON_PREM_POS",
"tenderType": "DEBIT",
"tlv": "9F26086F520F4F3B45A7989F2701809F370430A92D3E9F3602007B950580800480009C010082021C009F3303E0F8C89F34034203009A032105245F2A0208409F02060000000030009F03060000000000009F3501225F3401015F24032212319F100706010A03A0A8009F1A0208408407A00000000310104F07A00000000310109F0607A00000000310109F0702FF009F0902008C9F1E0830383230363137359F3901059F4104000000019F530146"
}
*Required Scopes: pcx:payments:*, pcx:payments:device:*, pcx:payments:device:sale
Contactless
POST /api/v4/accounts/{accountId}/payments/device-sale
{
"amounts": {
"currency": "USD",
"total": "10.02"
},
"entryMode": "CONTACTLESS",
"card": {
"expiry": "1231",
"masked": {
"pan": "444433******1111",
"track2": ";444433******1111=**************?"
},
"p2pe": {
"ksn": "FFFF9876540002400195",
"pan": "B3804311123638D",
"track2": "0FE17E517D242848D8B01784C38D9914D82A48B298CDEC49301256CE720ED4B73A7E32FBC9922C15"
}
},
"device": {
"app": "BluePOS",
"appVersion": "0-18-1-dev-debug",
"capabilities": "E00808",
"mode": "standalone",
"osVersion": "23:6.0",
"serial": "1350024677",
"type": "A920"
},
"deviceProfile": "PAX_A80",
"posProfile": "ATTENDED_ON_PREM_POS",
"tenderType": "CREDIT",
"tlv": "9F26086F520F4F3B45A7989F2701809F370430A92D3E9F3602007B950580800480009C010082021C009F3303E0F8C89F34034203009A032105245F2A0208409F02060000000030009F03060000000000009F3501225F3401015F24032212319F100706010A03A0A8009F1A0208408407A00000000310104F07A00000000310109F0607A00000000310109F0702FF009F0902008C9F1E0830383230363137359F3901059F4104000000019F530146"
}
*Required Scopes: pcx:payments:*, pcx:payments:device:*, pcx:payments:device:sale