ORCA Format Expressions
Overview
ORCA Format Expressions were introduced to provide a flexible, universal way to handle payment processor-specific message formatting requirements.
Many payment processors require messages to be delivered in a precise, proprietary format. To meet these requirements without limiting flexibility, ORCA includes a lightweight scripting language (called Format Expressions) that lets you dynamically transform and structure data - at runtime - exactly as your chosen payment processor expects.
As with all operations in ShieldConex® Orchestration, all transformations of sensitive data performed by ORCA Format Expressions take place and are executed entirely within Bluefin's PCI DSS compliant environment.
This feature effectively makes a wide range of polyfill formatting options available on demand, giving you powerful control over the final message payload while keeping your integration clean and maintainable.
NoteBefore checking out this page, make sure you are familiar with the following documentation in order to fully understand the purpose and target use case of Format Expressions:
Why ORCA Format Expressions?
While ShieldConex® tokenization and detokenization are already highly flexible, Format Expressions are specifically designed for Decryptx® actions.
This scripting language is most valuable when you need to:
- Extract a PCI-validated P2PE-encrypted payload from a terminal
- Parse, transform, and format the decrypted data based on the required criteria
- Forward the data to the payment processor in the exact format they require
This combination allows you to securely decrypt sensitive card data on the fly and deliver it in a processor-compliant message — all within a single orchestrated call.
Key Benefits
- Supports nested function calls with the standard string operations such as
substring,concat, etc. - Reduces custom code on your side
- Ensures compatibility with a wide variety of payment processors
- Maintains strong security by keeping sensitive operations within the ShieldConex / Decryptx environment
Using ORCA Format Expressions
The main use case of Format Expressions is in the ORCA configuration setup where the merchant can securely manipulate with the P2PE decrypted pieces of data.
These fields include the following supported polyfill references:
| Reference Variable | Description |
|---|---|
rawTrack2 | The complete track2 payload containing the start and end sentinels. e.g. ;4124939999999990=2212101123456789?; |
track2 | Defined as PAN=EXP[CVV][serviceCode]?LRC, and is equal to rawTrack2 without the sentinels e.g. 4124939999999990=2212101123456789 |
track2equivalentLower | Track2 equivalent with a lower case d e.g. 4124939999999990d2212101123456789 |
track2equivalentUpper | Track2 equivalent with a lower case d e.g. 4124939999999990D2212101123456789 |
rawTrack1 | Track1 with the sentinels e.g. %B4124939999999990^TEST/BLUEFIN^2212101123456789? |
track1 | Track1 without the sentinels e.g. B4124939999999990^TEST/BLUEFIN^2212101123456789 |
pan | The card number e.g. 4124939999999990 |
expiry | The expiry month and year (MMYY format) e.g. 1222 |
expiryMonth | The expiry month e.g. 12 |
expiryYear | The expiry year e.g. 22 |
fullYear | The full expiry year e.g. 2022 |
expiryRaw | The expiry month and year (YYMM format) e.g. 2212. This enhances compatibility with specific ISO payment processors format |
cvv | The 3-character CVV (captured during keyed transactions on idtech). |
discretionary | The track's discretionary data e.g. 123456789 |
firstName | The cardholder's first name e.g. Jane, TEST |
firstNameAndSurname | The cardholder's complete name. e.g. Jane Smith, TEST BLUEFIN |
rawName | The cardholder's name as it appears on the track. e.g. TEST/BLUEFIN |
From an ORCA configuration, it is the formatExpression where the developer can securely reference and manipulate with this card data by referencing them as a function argument by field name.
Last Four Digits of the Card Number
ORCA Configuration
For example, here is how we can simply extract the last four digits of the pan, which is Primary Account Number/Card Number of the P2PE payload.
{
"proxy": {
"method": "post",
"target": "{The target URL/IP Address}",
"logSettings": {
"requestMasks": [
{
"pattern": "all",
"transformationPath": "$.Card.PAN",
"transformationType": "jsonpath",
"transformationSource": "body"
}
],
"responseMasks": [
{
"pattern": "all",
"transformationPath": "$.Result.Secret",
"transformationType": "jsonpath",
"transformationSource": "body"
}
]
},
"authorization": {
"type": "passthrough"
}
},
"requestActions": [
{
"type": "parser",
"authorization": {
"type": "basic",
"username": "{partnerID}",
"password": "{partnerKey}"
},
"instructions": [
{
"format": "expression",
"formatExpression": "substring(pan, 11, 4)",
"dataType": "string",
"instructionType": "substitution",
"transformationPath": "$.Card.PAN",
"transformationType": "jsonpath",
"transformationSource": "body"
}
]
}
]
}
substring(...)Function UsageIf you are seeing the usage of the
substringfunction for the first time, refer tosubstring(...)Function Usage below.
Request Configuration
POST https://proxy{-*}.shieldconex.com/api/v1/partners/{partnerID}/configurations/{configReferenceID}
{
method: "POST",
headers: {
"dpx-device-serial": "{deviceSerial}",
"dpx-device-type": "{deviceType}",
"dpx-payload": "{devicePayload}",
"Authorization": "{authKey}",
"Content-Type": "application/json",
},
body: {
"Card" : {
"PAN" : "XXXXXXXXXXXXX"
}
}
}
NoteAfter Decryptx® extracts and decrypts the P2PE data from the device payload, the Format Expressions of the ORCA config are applied at runtime.
Then, ShieldConex® Orchestration reinserts and forwards the transformed data, securely over the TLS protocol, to the designated endpoint; that is, the payment processor. For the detailed workflow, make sure to examine the PointConex Use Case.
The decrypted payload accepted by the target destination is the following:
{ "Card": { "PAN": "9999" } }
Common Use Case: Formatting Expiration Date
One of the most frequent uses of ORCA Format Expressions is formatting the card expiration date to match the exact requirements of a specific payment processor.
Many processors expect the expiration date in a precise format (e.g., MMYY, MM/YY, YYYY-MM, or MMYYYY).
Using Format Expressions, you can easily transform the raw expiration data (typically provided as month and year) into the required string format without writing custom code on your side.
ORCA Configuration
{
"proxy": {
"method": "post",
"target": "{The target URL/IP Address}",
"logSettings": {
"requestMasks": [
{
"pattern": "all",
"transformationPath": "$.Card.PAN",
"transformationType": "jsonpath",
"transformationSource": "body"
}
],
"responseMasks": [
{
"pattern": "all",
"transformationPath": "$.Result.Secret",
"transformationType": "jsonpath",
"transformationSource": "body"
}
]
},
"authorization": {
"type": "passthrough"
}
},
"requestActions": [
{
"type": "parser",
"authorization": {
"type": "basic",
"username": "{partnerID}",
"password": "{partnerKey}"
},
"instructions": [
{
"format": "pan",
"default": "mydefault",
"dataType": "string",
"instructionType": "substitution",
"transformationPath": "$.Card.PAN",
"transformationType": "jsonpath",
"transformationSource": "body"
},
{
"format": "expression",
"formatExpression": "concat(substring(expiryMonth, 0, 2), substring(fullYear, 2, 2))",
"dataType": "string",
"instructionType": "substitution",
"transformationPath": "$.Card.Expiry",
"transformationType": "jsonpath",
"transformationSource": "body"
}
]
}
]
}Request Configuration
POST https://proxy{-*}.shieldconex.com/api/v1/partners/{partnerID}/configurations/{configReferenceID}
{
method: "POST",
headers: {
"dpx-device-serial": "{deviceSerial}",
"dpx-device-type": "{deviceType}",
"dpx-payload": "{devicePayload}",
"Authorization": "{authKey}",
"Content-Type": "application/json",
},
body: {
"Card" : {
"PAN" : "XXXXXXXXXXXXX",
"Expiry": "XXXX"
}
}
}
NoteAfter Decryptx® extracts and decrypts the P2PE data from the device payload, the Format Expressions of the ORCA config are applied at runtime.
Then, ShieldConex® Orchestration reinserts and forwards the transformed data, securely over the TLS protocol, to the designated endpoint; that is, the payment processor. For the detailed workflow, make sure to examine the PointConex Use Case.
The decrypted payload accepted by the target destination is the following:
{ "Card": { "PAN": "9999", "Expiry": "1222" } }
You can easily adjust the expression to support other formats such as:
-
MM/YY→"12/27"-
{ "format": "expression", "formatExpression": "concat(expiryMonth, concat('/', expiryYear))" }
-
-
MM-YYYY→"12-2027"-
{ "format": "expression", "formatExpression": "concat(expiryMonth, concat('-', fullYear))" }
-
-
YYYYMM→"202712"-
{ "format": "expression", "formatExpression": "concat(fullYear, expiryMonth)" }
-
NoteIf you are having trouble coming up with your desired
formatExpression, please contact the Bluefin Integrations Team at [email protected].
substring(...) Function Usage
substring(...) Function UsageSignature
substring(string, start, length)The substring() function extracts a portion of a string starting at a specified position and returns a string of the requested length.
Usage
The substring() function is available only when the JSON field has "format": "expression".
Parameters
| Parameter | Type | Description | Required |
|---|---|---|---|
string | string | The original string from which to extract the substring | Yes |
start | integer | Zero-based starting index (0 = first character) | Yes |
length | integer | Number of characters to extract (optional – if omitted, extracts to the end) | No |
Examples
Basic Usage
{
"format": "expression",
"value": "substring(pan, 0, 6)"
}Nested Example | Used in Combination with concat
concat{
"format": "expression",
"formatExpression": "concat(substring(pan, 0, 6), concat('******', substring(pan, 12, 4)))"
}Usage Notes
- The function is only evaluated when the field has
"format": "expression". If used in a normal string field, it will be treated as literal text - Negative start values are not supported.
- If start is beyond the length of the string, an empty string is returned
- If length exceeds the remaining characters, the function returns all characters from start to the end of the string
- String literals must be enclosed in single (
') quotes - Arguments can be field references, string literals, or nested function calls
concat() Function Usage
concat() Function UsageSignature
concat(value1, value2)The concat() function joins exactly two strings into a single string.
If you have more than two strings to concatenate, you can capitalize on the nested expressions functionality as demonstrated in the examples below.
Availability
Just like the substring() function, the concat() function can only be used when the JSON field has "format": "expression". The actual expression must be provided in the sibling field "formatExpression".
Correct Structure:
{
"fieldName": {
"format": "expression",
"formatExpression": "concat(...)"
}
}Examples
1. Basic concatenation | Formatting expiration date
{
"format": "expression",
"formatExpression": "concat(expiryMonth, concat('/', fullYear))"
}2. Masking a PAN (common use case)
{
"format": "expression",
"formatExpression": "concat(substring(pan, 0, 6), concat('******', substring(pan, 12, 4)))"
}Usage Notes
concat()accepts exactly two arguments only- To concatenate more than two values, you must nest multiple
concat()functions - String literals must be enclosed in single (
') quotes - Arguments can be field references, string literals, or nested function calls
Updated about 2 hours ago