Welcome to PayConex™

PayConex is Bluefin’s payment gateway, and can be used independently or integrated in multiple ways

PayConex provides the merchant a consolidated gateway experience for both card & ACH. Our APIs, gateway, iFrames, and Hosted payments support both card & ACH. We are compliant with card brand standards and all our payment channels are tightly integrated into the PayConex gateway which provides the merchants and consumers with a seamless experience across all our channels.

PayConex Portal

The PayConex Portal is a web-based user interface through which transactions can be run, the transaction history can be viewed and basic reports can be generated. Transactions can include sales, refunds, authorizations, store, or reissues. It is also possible to set up recurring transactions. The PayConex Portal also allows the management of account settings, users, and, for agent accounts, managing and accessing child accounts

Bluefin API Library

The Bluefin API Library is a set of Internet-based APIs that allows external software to communicate directly to the payment gateway. These are the following APIs :

PayConex API (QSAPI)

PayConex is Bluefin’s flagship transaction processing solution. The PayConex API (QSAPI) allows developers to programmatically submit transactions through the PayConex Gateway. QSAPI’s flexible solutions allow our customers several options for submitting transactions while maintaining PCI compliance through the entire process. QSAPI supports any application or device that can connect through the Internet-based API and also offers PCI compliance scope reduction through technologies such as end-to-end encryption (E2E) and tokenization. When used in conjunction with our Secure iFrame or Hosted Payment Form features, a merchant can greatly reduce PCI compliance scope by bypassing any permanent or temporary storage of cardholder data (CHD) on servers, networks, or computing devices.

Reporting Services API (RSAPI)

The Reporting Services API (RSAPI) provides our customers with a level of access to reporting data rarely found in the industry. Using RSAPI, developers can request formatted exports of transaction data. RSAPI’s reports contain no sensitive cardholder data, such as card numbers, meaning the data provided by RSAPI is 100% PCI compliant.

Transaction Status API (TSAPI)

From time to time, an Internet Service Provider (ISP) or upstream Internet network (the backbone of the Internet) may lose a packet or timeout on communication during the response from QSAPI to your system. This is where TSAPI comes to the rescue; TSAPI allows you to pre-fetch token IDs and then submit the token ID with a new transaction. This means a developer can use TSAPI to mitigate issues with packet loss and communication breakdown. If there is ever an Internet timeout, you can query TSAPI to give you the status of the transaction and whether it was received, approved, or declined. This reduces duplicate charges and enhances the overall integrity of the communication process.

Bluefin Scheduling Layer API (SLAPI)

The Scheduling Layer API (SLAPI) allows our clients to create recurring payments schedules without having to build a client-side recurring payment solution. This API allows our clients to create a wide range of recurring transaction scenarios to manage the unique transaction processing needs of their business. This API also allows our clients to access existing recurring payment records using our secure PCI compliant token system to modify, cancel, or view recurring payment schedules and details.

Payment iFrame

The purpose of the Payment iFrame is to allow a merchant to embed an iFrame on their checkout page that will encrypt sensitive payment data entered by a user. This encrypted value is called an eToken.

After encrypting the payment data the Payment iFrame returns an "eToken" to the browser. A developer can then pass that eToken from their webpage to their web server and process payments through the PayConex API using the eToken value in place of an unencrypted credit card or ACH account number.

The Payment iFrame and associated JavaScript libraries allow developers to perform card or ACH transactions in a PCI-compliant manner while also providing a greater level of control over the look and feel of the embedded elements within the Payment iFrame.

PCI Scope

The Payment iFrame reduces the PCI scope for the merchant by enabling them to outsource the capture of sensitive credit and debit card or ACH payment data to Bluefin.

In this scenario, PayConex controls the capture of the data, sends it for encryption, and releases an encrypted token (eToken) to the browser which can then be used with the PayConex API for further payment processing. With our Payment iFrame solution, the merchant never directly handles card or ACH payment data.


This diagram outlines a typical flow of a Payment iFrame transaction.

Different Environments Impacted by PCI Scope

The figure above outlines the typical flow of a Payment iFrame transaction. The colors represent the different environments impacted by PCI scope:

  • The iFrame Controllers deal directly with the card or check data and are exclusively controlled by Bluefin.
  • The Merchant Server handles eTokens and non-sensitive card data which include the expiration date as well as the first one-digit and last four digits of the card number. This part is controlled by the merchant.
  • The User's Browser is the end users' environment which is out of the control of both the merchant and Bluefin.

Did this page help you?