Introduction
The ShieldConex® Manager APIs are designed to perform actions that would typically be carried out within the ShieldConex® Manager UI but from external applications or services. The most notable one would be creating a tokenization template and, straight away, use it for tokenizing the sensitive transaction data.
By leveraging these APIs, partners can integrate ShieldConex® Manager capabilities into their own services, providing enhanced functionality and a more cohesive user experience for their clients. These integrations allow for greater automation and customized solutions that align with the specific needs and preferences of each partner and their clients.
This is the detailed documentation on each API endpoint, including parameters, request formats, and response structures.
Before diving into the APIs, we recommend getting familiar with our ShieldConex® Manager User Guide:
Note
The API includes most of the parameters and functionalities available for Users, Partners, Clients, Templates, Transactions via the UI except for some features that may pose a security risk and are handled by Bluefin internally such as creating partners on their own without the partner
parents
, etc.
Hierarchy of Organizations
This diagram depicts the parent-child relationship among the User roles, noting that a lower level isn't permitted to manage a higher level.

ShieldConex® Hierarchy Diagram of Organizations
System Level: The topmost level, consisting of internal Bluefin employees with the ability to create Partner and Client users.
Partner Level: Organizations with a direct relationship with Bluefin, overseeing multiple Clients and Sub-Partners. They have visibility into all their sub-partners and clients.
Sub-Partner Level: Used for more granular organization beneath the Partner level. Sub-Partners have their own users but do not have visibility into the parent Partner or other Sub-Partners.
Client Level: The entities directly associated with a tokenization template, beneath Partners, and linked with the Partner's services.
User Types
All of the following three organization levels have two user types, the Admin and the User. All of the user role types are as follows:
- System Level
- System Administrator
- System User
- (Sub) Partner Level
- Partner Supervisor
- Partner User
- Client Level
- Client Administrator
- Client User
- Virtual Terminal User
User Roles
Since it is the user credentials that are used in the API requests, they also dictate the permissions for managing Users, Partners, Clients, and Templates. User Roles are designed to allow System Level users (and lower) to restrict other users and partners in their group, upholding a well-organized and secure structure of the hierarchy.
The following tables outline the available operations for each user role, providing what operations are permitted for managing Users, Partners, Clients, and Templates based on their assigned roles. This helps to understand how permissions are distributed and ensures that the appropriate level of access is granted according to each user's role. We don't put Transactions into this kind of category as they are only intended for viewing, which is permitted on every Level Role.
System Users have the access to most features in ShieldConex and visibility of all organizations and users. But only System Administrators have the additional privilege to create System-level users.
Check out User Roles Access Matrices to see other operations available from the ShieldConex Portal such as System Notifications, Transactions, Reports, etc.
Note
Manage applies to all permission including View (GET), Create (POST), Update (PATCH), and Delete (DELETE). — implies that the user roles has no permissions for any operations. For the REST operations, see API Overview.
System Access
The table below outlines user rights for the System level: System Admin and System User.
ShieldConex Interface | System Admin | System User |
---|---|---|
Users | Manage | Manage (Except for other System Admins and Users) |
Partners | Manage | Manage |
Clients | Manage | Manage |
Templates | Manage | Manage |
Transactions | View | View |
Virtual Terminal | Tokenize/Detokenize | Tokenize/Detokenize |
Partner Access
The table below outlines user rights for the Partner level: Partner Supervisor and Partner Users.
ShieldConex Interface | Partner Supervisor | Partner User |
---|---|---|
Users | Manage (all users within the partner organization) | Manage (Partner Users and lower) |
Partners | Create (Sub-Partners) | Create (Sub-Partners) |
Clients | Create | Create |
Templates | Manage | Manage |
Transactions | View | View |
Virtual Terminal | Tokenize/Detokenize | Tokenize/Detokenize |
Client Access
The table below outlines user rights for the Client level: Client Admin and Client Users.
ShieldConex Interface | Client Admin | Client User | Virtual Terminal User |
---|---|---|---|
Users | Manage (all users within the organization) | — | — |
Partners | — | — | — |
Clients | — | — | — |
Templates | Manage | — | — |
Transactions | View | View | — |
Virtual Terminal | Tokenize/Detokenize | Tokenize/Detokenize | Tokenize/Detokenize |
In this documentation, we are using the System Admin User Role to demonstrate the API request configurations for all the endpoints. Most of the sample requests are meant to have the minimal parameters usage to get you started quickly. To look into more depth of all the parameters supported, see API References.
Virtual Terminal User
Virtual Terminal User has the lowest level of access as it solely allows the usage of Virtual Terminal feature.
For example, this role lets you limit team members access to strictly using this feature. This can be configured in the portal for new users as well as for existing Client Administrators and Users.
As with all the user roles, this role is either added during user creation or modification by going to Manage -> Users
.

ShieldConex® Portal | Adding Virtual Terminal User
Virtual Terminal Feature
The Virtual Terminal feature allows users to perform real-time interactions with ShieldConex tokens directly from the Portal interface, providing valuable support for debugging and oversight (monitoring activities).

ShieldConex® Portal | Virtual Terminal Feature
Virtual Terminal Logging
In addition, the new Virtual Terminal Audit Logging feature provides a comprehensive record of user actions inside the ShieldConex Virtual Terminal. Every key activity is securely logged, giving administrators the visibility they need for compliance, troubleshooting, and internal oversight.
From the Portal, Virtual Terminal Logging feature can be found under Manage -> Virtual Terminal Logging
.

ShieldConex® Portal | Virtual Terminal Logging
Updated about 5 hours ago