QSAPI Request Format
Below are all of the variables that can be posted to QSAPI along with a brief description of their function.
| Variable Name | Max | Type | Req'd | Description |
|---|---|---|---|---|
| account_id | 12 | Numeric | Yes | The Payconex account identification number that you are issued after your account has been setup. |
| ach_account_type | n/a | Enumerated | No | This is the type of bank account for ACH/electronic check transactions. It will default to checking if none is specified. The allowed values are: Checking: checking account Savings: savings account |
| ach_opcode | n/a | Enumerated | No | For processor-specific ACH features. 01, 02, 03, S, R |
| ach_sec_code | n/a | Enumerated | No | The Standard Entry Class (SEC) code that is required for ACH/echeck transactions. If no SEC code is provided, the default that is set up for the account is used. Please note that if you provide an SEC Code here that the account is not underwritten for, the bank will decline the transaction. Acceptable types are: CCD: Cash Concentration or Disbursement. This is the default type for corporations. Requires a signature. PPD: Prearranged Payment & Deposit. Requires a signature. WEB: Web-originated, ecommerce transactions. TEL: Telephone-initiated transactions. Voice recording required. POP: Point-of-Purchase, in-person transaction. ARC: Accounts Receivable. This is for converting a check into an electronic ACH transaction. RCK: Re-presented Check. This is used to present a declined check an additional time. DEF: This can be sent to tell PayConex to use the default ACH SEC code. Sending nothing will result in the same action. |
| allow_partial | 1 | Numeric | No | Allows for support of partial auths. By default, QSAPI assumes all transactions do not support partial auth unless specified. Values for partial auth are: 0: declares no partial auths allowed. Unneeded declaration however since by default partial auths are not allowed. 1: partial auths allowed. *only supported in QSAPI 3.7 or higher |
| api_accesskey | 32 | Alphanumeric | Yes | The secret key that you will be provided when your Payconex account is set up and when you have requested access to QSAPI. |
| authorization_code | 6 | Alphanumeric | No | For credit/debit cards, this is the 6-digit authorization code from a previously authorized transaction that is required to be provided with a Force transaction. It may also be obtained by calling the merchant account processor for a force code. For EBT cards, this is the authorization code that is required along with the voucher number to capture a prior authorized transaction. |
| bank_account_number | 17 | Numeric | No | The bank account (DDA) number that is required for an ACH/electronic check. |
| bank_routing_number | 9 | Numeric | No | The bank routing (ABA) number that is required for an ACH/electronic check. |
| card_expiration | 4 | Numeric | Yes | The card expiration date in the format of MMYY. This does not include hyphens, dashes, spaces, or slashes. It is required if submitting a card. It is not required for ACH/electronic checks. |
| card_number | 16 | Numeric | Yes/No | The card number with no spaces, dashes, or hyphens. Required for card transactions using KEYED entry (see page 55-56). It is not required for ACH/electronic checks. |
| card_track1 | ? | Character | No | Should use "card_tracks" parameter instead. The characters from track one of the magnetic stripe on a card. Track 1 begins with “%” and ends with “?” and includes the cardholder name. If you do NOT use "card_tracks", this is the primary choice in choosing which track to send. Track 1, Track 2, or both can be sent, but NOT with "card_tracks". Track data may not be stored for any reason. |
| card_track2 | ? | Character | No | Should use "card_tracks" parameter instead. The characters from track 2 of the magnetic stripe on a card. Track 2 begins with “;” and ends with “?” and does not include the cardholder name. Track 1, Track 2, or both can be sent, but NOT with "card_tracks". Track data may not be stored for any reason. |
| card_tracks | ? | Character | Yes/No | The characters from the full, un-modified payload from the magnetic stripe on a card. This is now the preferred method to send card track data and replaces both "card_track1" and "card_track2" parameters, so do not send "card_tracks" in combination with those. Track data may not be stored for any reason. Required for card transactions using SWIPED entries (see page 55-56). |
| card_verification | 4 | Numeric | No | The CVV/CVC/CID value which is the 3 digits from the signature panel on the back of a Visa/MasterCard/Discover or the 4 digits from the front of an American Express. |
| cashback_amt | 9 | Numeric | No | Amount requested as cash back (cash returned to the customer) |
| cashier | 100 | Character | No | The name or id of the cashier that is submitting the transaction. This is shown with PayConex transaction details as the originator of the transaction. You may use any designation you wish. Good choices are the user name of the POS clerk, email address, or the name of the application that is connecting. |
| check_number | 15 | Numeric | No | The number of the check used for electronic checks that are processed via ACH. It is optional. |
| city | 100 | Character | No | The city portion of the cardholder or account holder address. This is not sent to the processor. It is only stored for your reporting purposes. |
| company | 50 | Character | No | The company name for cardholder or account holder address. This is not sent to the processor. It is only stored for your reporting purposes. |
| country | 3 | Alphabetic | No | This is a 2- or 3-character country code value for the card/account holder: Country codes can be obtained at http://www.iso.org/iso/country_codes Note: We do NOT validate the value. |
| custom_data | 65K | Character | No | An open variable. Many developers use this variable to transmit structured data formats or serialized variables. You can send through many variable=value pairs through this single variable. |
| custom_id | 50 | Character | No | This is a custom identifier that can be used for any purpose you wish. Often times this is a customer number, or some other foreign key used to match up reports and transactions lists with customer information on your database. For some processors, such as Paymentech, this ID is passed through to the processor and available in their reporting. This can ease syncing up reporting. |
| disable_avs | 1 | Boolean | No | Disable Address Verification. |
| disable_cvv | 1 | Boolean | No | Disable Card Verification such as CVV, CVC, CID. |
| disable_fraudfirewall | 1 | Boolean | No | Disable any Fraud Firewall controls. |
| disable_redirect | 1 | Boolean | No | Disabling redirect will override the success_url and decline_url settings and force the return of transaction response in the format specified by response_format. This setting is required for using AJAX API calls. |
| ebt_type | n/a | Enumerated | Yes/No | For EBT (Electronic Benefits Transfer), the type can be as follows: FOOD: this is for a food sale CASH: this is for a cash sale VOUCHER: this is for a voucher Required if tender_type=EBT |
| ebt_voucher | 15 | Numeric | No | The EBT Voucher number for prior (phone) authorized EBT transactions. Required if "ebt_type" is VOUCHER |
| 100 | Character | No | The email address of the cardholder/account holder. It does not expect any specific format, is not sent to the processor, and is stored only for your reporting use or sending email receipts. | |
| etoken | ??? | Alphanumeric | No | eToken value of a previously ran Bluefin iFrame transaction. Typically used in a Sale transaction, with the eToken variable and value sent. No card or PAN needed when using eToken. |
| first_name | 50 | Character | Yes/No | Card: The first name of the cardholder as it appears on the front of the card. It is not required for cards. ACH: The first name of the account holder as it appears on the front of the check or bank statement. *It is required by NACHA to provide first and last name. |
| group | 12 | Alphanumeric | No | Groups are pre-configured flexible groups that can be used for various reasons, including: a) to direct transactions to separate back-end merchant accounts or depository accounts. Please work with your Bluefin Representative to configure any of these options. b) to assign transactions to a specific grouping that you wish. |
| input_group | 10 | Character | No | An open variable. Used to identify or group transactions together in some fashion. |
| installment_count | ??? | Numeric | No | Used exclusively for installment transactions. Total number of installments. Please note that the installment count value never decreases, only the installment number should increase. *only supported in QSAPI 3.7 or higher |
| installment_number | ??? | Numeric | No | Used exclusively for installment transactions and is the current installment number. *only supported in QSAPI 3.7 or higher |
| ip_address | 15 | NNN.NNN.NNN.NNN | No | IP address of the client which initiated the transaction. |
| ksn | ? | Alphanumeric | No | The Key Sequence Number (DUKPT) portion for PIN debit, PIN EBT, or EMV transactions. It must be obtained from a PCI PTS/PED Certified device that is injected by Bluefin’s Encryption Service Organization or Key Injection Facility (KIF). The KSN may never be stored for any reason. |
| last_name | 50 | Character | Yes/No | Card: The last name of the cardholder as it appears on the front of the card. It is not required for cards. ACH: The last name of the account holder as it appears on the front of the check or bank statement. It is required by NACHA to provide first and last name. It is required by NACHA to provide first and last name. |
| level2_merchant_reference | 25 | Alphanumeric | No | Used exclusively for level 2 transactions. Required for level 2 transactions. Merchant determines any custom alphanumeric value. *only supported in QSAPI 3.7 or higher |
| level2_order_id | 17 | Alphanumeric | No | Used exclusively for level 2 transactions. Merchant determines any custom alphanumeric value. *only supported in QSAPI 3.7 or higher |
| level2_tax | ??? | Numeric with decimal | No | Used exclusively for level 2 transactions. Required for level 2 transactions. For Visa cards, value must be expressed as greater than 0.00, for MasterCard value may be expressed as 0.00 if desired. *only supported in QSAPI 3.7 or higher |
| level2_zip | 10 | Numeric with hyphen | No | Used exclusively for level 2 transactions. REQUIRED for level 2 transactions and it is probably the same value as the "zip" variable value. This value is not validated like the "zip" variable value, so any alphanumeric value up to 10 digits is valid. *only supported in QSAPI 3.7 or higher |
| merchant_reference_num | 11 | Numeric | No | An optional merchant reference number that can be passed to processor for reconciliation purposes. |
| payment_type | 11 | Enumerated | No | The type of payment for this transaction. Valid values can be: ECOMMERCE INSTALLMENT RECURRING MOTO (Mail & Telephone Order) |
| phone | 20 | Alphanumeric | No | The phone number of the cardholder/account holder. It does not expect any specific format, is not sent to the processor, and is stored only for your reporting use. |
| pin | ? | Alphanumeric | No | The encrypted PIN Block portion for PIN debit or PIN EBT transactions. It must be obtained from a PCI PTS/PED Certified device that is injected by Bluefin’s Encryption Service Organization or Key Injection Facility (KIF). This PIN Block may never be stored for any reason. |
| reissue | 1 | Boolean | No | Reissue a transaction. If included (set to 1), either a bfid (ShieldConex tokens) or a "token_id" with known existing transaction id must be included. Amount, name, description, expiration can be changed. |
| response_format | 5 | Enumerated | No | Desired response format. FORM: www-form-urlencoded string (default format) JSON: JavaScript Object Notation DEBUG: human readable array output |
| restaurant_gratuity | 9 | Numeric | No | Used exclusively for restaurant transactions. Value can be 0 ~ 999999.99. Value must contain decimal point with two decimal point values. *only supported in QSAPI 3.7 or higher |
| restaurant_server_id | 3 | Numeric | No | Used exclusively for restaurant transactions. Value can be null, 0 ~999 *only supported in QSAPI 3.7 or higher |
| scx_token_bank_account_number | 1 | Numeric | No | ShieldConex tokenized version of bank_account_number parameter. See ShieldConex on PayConex section for more details. |
| scx_token_bank_routing_number | 1 | Numeric | No | ShieldConex tokenized version of bank_routing_number parameter. See ShieldConex on PayConex section for more details. |
| scx_token_card_expiration | 1 | Numeric | No | ShieldConex tokenized version of card_expiration parameter. See ShieldConex on PayConex section for more details. |
| scx_token_card_number | 1 | Numeric | No | ShieldConex tokenized version of card_number parameter. See ShieldConex on PayConex section for more details. |
| scx_token_card_verification | 1 | Numeric | No | ShieldConex tokenized version of card_verification parameter. See ShieldConex on PayConex section for more details. |
| scx_token_email | 1 | String | No | ShieldConex tokenized version of email parameter. See ShieldConex on PayConex section for more details. |
| scx_token_first_name | 1 | String | No | ShieldConex tokenized version of first_name parameter. See ShieldConex on PayConex section for more details. |
| scx_token_last_name | 1 | String | No | ShieldConex tokenized version of last_name parameter. See ShieldConex on PayConex section for more details. |
| scx_token_phone | 1 | Numeric | No | ShieldConex tokenized version of phone parameter. See ShieldConex on PayConex section for more details. |
| scx_token_street_address1 | 1 | String | No | ShieldConex tokenized version of street_address1 parameter. See ShieldConex on PayConex section for more details. |
| scx_token_zip | 1 | Numeric | No | ShieldConex tokenized version of zip parameter. See ShieldConex on PayConex section for more details. |
| send_customer_receipt | 1 | Boolean | No | Use this to override the default setting to send or not send email receipts to the customer. |
| send_merchant_receipt | 1 | Boolean | No | Use this to override the default setting to send or not send email receipts to the merchant. |
| state | 2 | Alphabetic | No | The two-digit state code of the cardholder or account holder address. This is not sent to the processor. It is only stored for your reporting purposes. |
| street_address1 | 100 | Character | No | Street address of the cardholder or bank account holder. |
| street_address2 | - | Character | No | Suite number or other qualifying part of the address. NOT sent to the processor. Total of address1 and 2 are 100 maximum and will be truncated. |
| surcharge_amt | 9 | Numeric | No | Amount charged for fees, etc. |
| tender_type | n/a | Enumerated | Yes | The payment tender type that you are submitting. The following enumerated values are allowed: CARD: credit, debit, and check cards ACH: ACH , EFT, or electronic check EBT: Electronic Benefits Transfer (Elavon only) DEBIT: PIN Debit card only (Elavon/Omaha/North) |
| timestamp | 19 | YYYY-MM-DD HH:MM:SS | No | If used, MUST be included in a hash for authenticated transactions. See "Appendix: Using HASH for Authenticated Transactions" |
| token_id | 12 | Numeric | No | 12-digit transaction_id of a previous transaction. The token_id is used for reissues, refunds, and recurring transaction creation. Please see the SLAPI documentation for more information. |
| transaction_amount | 9 | Numeric with decimal | Yes | This is the dollar (or other currency) amount of the transaction. Only numbers and a single decimal are allowed. Commas are not allowed. The maximum amount is 999999.99. That is 1 cent less than 1 million. This is because the decimal is counted in the max size. Values with no decimal and no cents are allowed. Values with only a single number after the decimal are allowed and will be assumed to have a trailing 0. |
| transaction_description | 65K | Character | No | A description of the payment. This is an open field. If emails are sent to the customer or merchant, this will show in the “Description:” field. You may use this to send any information that you wish. It can store up to 65,000 characters. |
| transaction_id | 12 | Numeric | No | The transaction_id returned from a TSAPI "GET_TRANSACTION_ID" request. It is used to create a new transaction with the specified transation_id. Please see the TSAPI documentation. |
| transaction_type | n/a | Enumerated | Yes | The type of transaction you are requesting, with these enumerated values allowed: AUTHORIZATION: authorizes (holds) the funds on the card but does not transfer them. Most banks support a $0.00 authorization in order to validate the card number, expiration date, and account status. This does, however, incur an authorization charge on the merchant account and a transaction charge in Payconex. SALE:authorizes the funds on the card and flags the transaction to be captured for settlement at the next settlement time. REFUND: refunds a previous sale. If the transaction has not yet been settled, then this results in a void. Otherwise, for Cards only, it results in a credit back on the card. ACH transactions can't be refunded once they are submitted for settlement (NOTE: For actual transaction settlement times, contact Bluefin support). You can specify an amount less than the original sale amount. Requires token_id. CREDIT: puts money onto a card or into a bank with no offsetting sale. Most operations can be managed via REFUND. Only allowed if account is configured to allow Credits. CAPTURE: flags a previous authorization to be captured for settlement at the next settlement time. Requires token_id. STORE: stores credit card/ach account info for later use. COPY: copies a transaction from one account to a destination account (under same Agent). Copy is done as a Store transaction. STORE: stores credit card/ach account info for later use. SETTLEBATCH: settles all un-settled sales, refunds, credits, or authorizations that have been captured. FORCE: forces through a transaction. A 6-digit authorization_code must also be provided. REVERSAL: removes an authorization request on a credit card or debit/ebt. Requires token_id (Elavon, Chase Paymentech, FD RapidConnect only) BALANCE: request account balance on an EBT/Debit card (Elavon only). CANCEL: removes a refund request on a credit card or debit/ebt. Requires the refund token_id (RapidConnect only) |
| zip | 10 | Numeric with hyphen | No | The 5-digit format or 5+4 formatted zip code of the cardholder or accountholder. For example, 12345 or 12345-1234. Only numbers and a hyphen are allowed. INTERNATIONAL: Can contain any combination of letters or numbers, and either a space or a hyphen. |
Updated almost 3 years ago
What’s Next