Bluefin® API Playground
Playground for Bluefin APIs for everyone!
Overview
On this page, the user can interact and test out Bluefin APIs in real time, including:
Together with the API response times, we showcase how performant the Bluefin APIs are overall.
At a very high level, users can review the structure of each request before it is sent to the Bluefin APIs for processing and then break down the corresponding responses.
Disclamer
For security reasons, we strongly advise against using your real sensitive card data on this page.
Instead, please use the following Test Accounts, Cards, and Cases.
Let's dive into Bluefin® Services!
Check out the narrated high-level intro videos to get a clear overview of
- Bluefin ShieldConex®
- Bluefin Decryptx®
- Bluefin Point-to-Point Encryption (P2PE)
- Bluefin ShieldConex® Orchestration
Click on a Bluefin® service icon below to get introduced to the service that interests you.
For additional Bluefin® content, visit the Bluefin Data Security YouTube channel, where we explore key cybersecurity challenges in the payments industry and explain how Bluefin® solutions address them.
ShieldConex® IFrame SDK
Sensitive data is collected safely using the ShieldConex® iframe.
To demonstrate the capabilities of ShieldConex®, we included some of the most common ShieldConex iframe configurations.
ShieldConex® Iframe can be fully customized to meet the requirements of your business - whether you are capturing ACH, PCI, PII, or PHI data.
P2PE Terminal Payloads
In order to simulate the card read/entry and P2PE encryption, we have included all the sample encrypted payloads extracted from a number of P2PE-enabled payment terminals.
Select one of the P2PE encrypted payloads based your preferred payment terminal. The payment terminal reads the card (in accordance with the card entry method) and encrypts it on hardware level via methods like SRED, outputting the P2PE encrypted payload similar to the ones below.
ShieldConex® Orchestration Use Cases
This section breaks down all of the ShieldConex ORCA use cases with their visual workflows, where the user can understand all of its key features.
If you need an introduction to ShieldConex® Orchestration, refer to ShieldConex® Orchestration | Introduction.
Direct POI Device Integration
Controller-Mediated Integration
POS-Connected POI Integration
As pointed out in the PointConex Use Case | Overview, Decryptx® ensures PCI compliance and safeguards sensitive information throughout the payment processing journey.
Iframe-based secure tokenization and detokenization processing
By using our embedded iframe approach to protect user interactions, you can avoid PCI and other compliance issues by working only with Bluefin tokens. Sensitive payment data, PII and PHI can be captured within the iframe, meaning that you avoid the need to handle this data in your systems. Instead, our iframe solution immediately tokenizes the sensitive data. All tokens are made available in one Bluefin API call, and can be used as-is for processor API interactions via the ShieldConex® Orchestration API.
API-Based Tokenization and Detokenization Processing
The orchestrated approach allows you to fully replace all sensitive data in your system with our tokens. Because the Orchestration API provides transparent detokenization, no changes to existing business logic are needed, and the tokens can be used as in-place substitutes. Our API allows you to perform a staged migration to tokens without disrupting your system integrations.
This method outlines the straightforward integration of tokenization and detokenization into your API workflow using ShieldConex® services. By utilizing this service, your application gains enhanced security without the complexity of manually managing sensitive data. ShieldConex® implements robust Bluefin security measures, including PCI compliance and data protection, thus alleviating security concerns in your app.
Bluefin® API Performance Overview
This section provides a statistical overview of API response times using a box plot visualization.
The chart enables comparison of latency distribution, variability, and performance across Bluefin API services.
Response time represents the total end-to-end duration from the moment an API request is submitted by an ISV until the corresponding response is received.
This duration includes internet transit, network overhead/latency, request handling, Bluefin service processing (including tokenization, detokenization, or decryption), and internal processing performed before the response is returned.
Note
Users may select a specific API to benchmark service performance in real time. Response time measurements are continuously collected and reflected in the chart to ensure that the displayed statistics remain accurate.
To get started with benchmarking, simply maximize the plot component below to begin.
Latency Overhead
Latency may vary depending on the user's geographic location, as Bluefin servers are hosted in Atlanta (USA). Users located further from this region may experience slightly increased response times due to network distance.
Updated 1 day ago