Integrating to the BluePay Gateway to accept secure online payments is a simple and intuitive experience. Discover your options below, choose what's best for your business and we'll support you along the way.  

After you figure out what you need, we'll work with you through testing, complete with a dedicated sandbox account that allows you to do dry runs with your API payment processing system.

What's New?

New Statuspage URL

The BluePay Gateway Statuspage is now located at

Documentation Updates

The following documents have been updated. See the Revision History in each guide for more information:

If you have any of the following downloads bookmarked, you will need to update your bookmarks because the filenames have changed.

Request a Sandbox Account

Email to request a sandbox account. The BluePay Gateway team will send an email with your login credentials within 24 business hours.

When you're ready to get paid, we'll help you flip the switch. This last step assumes that you've got code in place and have finished testing. You'll also need an active merchant account.

Payment Modules

The BluePay Gateway payment modules integrate into popular shopping carts, ERP and CRM systems, billing software, POS software, nonprofit software and more.

Once you have downloaded the module for your software, you’re ready to begin testing.

Android SDK

The BluePay Android SDK can be used to process authorizations, sales, generate tokens as $0 authorizations, and process card-present transactions. The SDK includes swipe support for the IDTech UniMag II and Shuttle.

Download the BluePay Android SDK


The BluePay iOS SDK can be used to process authorizations, sales, generate tokens as $0 authorizations, process card-present transactions. The SDK includes swipe support for the IDTech UniMag II and Shuttle.

Download the BluePay iOS SDK

Microsoft Dynamics GP

The Microsoft Dynamics GP Payment Module integrates your accounting and back-end systems with BluePay's payment environment.

See instructional videos available in the left navigation.

To learn more, please contact


Payment.js allows merchants working with various First Data APIs and gateways to tokenize payment credentials for later transactions without collecting, processing, or otherwise being able to view those payment credentials in their untokenized form, thus lowering their PCI compliance requirements. 

Visit Payment.js documentation


These third-party WordPress plugins are compatible with the BluePay Gateway. 

Plugins available via CDI. 

JD Edwards

Integrating JD Edwards ERP systems with BluePay’s payment gateway gives you PCI-certified security and customization of your payment experience to meet your specific needs.

Learn More


Integration of the Oracle ERP system with BluePay’s payment environment keeps your customers’ data secure and decreases your liability.

Learn More


Using SAP with BluePay’s payment solution provides efficient and secure credit card processing, allows customers to purchase from you via tablets and smartphones, and lets you decide exactly what functions you need.

Learn More

Embed a Payment Form

The BluePay Gateway can host your payment forms for quick, efficient and secure online transactions, without the worry of PCI compliance. 

  • Submit a request for the BluePay Gateway to host your Payment Form.
  • We'll post the form on our secure server and send you confirmation with the form's URL.
  • Embed that URL in your site or application.
  • Test the form and your processes.
  • Activate your account.
  • Customers visit the form on BluePay's secure server.
  • We collect information and process your payments.
  • You'll receive payment confirmations and other information.

Outlined below are four "ready-to-use" templates for payment forms. Click the links to view the samples or download a spreadsheet of available templates. Additionally, custom templates can be created. 

Sample Payment Form Templates:

After you have chosen the template that you would like to use, create a URL to that template with this tool: URL Generator

API Documentation

Recommended APIs

BluePay Post (bp10emu)

Our primary transaction processing API. Name/value pairs are posted to the gateway which responds with name/value pairs.

Samples: PHP, Perl, Ruby, Java, Python, C#, C++, Visual

BluePay Redirect (bp10emu)

The customer fills out a html form served from the merchant’s web server. When they click submit the information they filled in is sent to the redirect interface. It then processes the transaction and redirects the customer’s web browser to a web page on the merchant’s web server.

BluePay Hosted Payment Form (shpf)

Service where a order form can be securely hosted on the BluePay gateway server. Primarily used as a front end for BluePay 2.0 Redirect.

Tool: Hosted Payment Form URL Generator


Javascript method to tokenize payment information from a merchant's payment form.

BluePay AIM Emulator (

This interface allows existing integrations to communicate to the BluePay gateway.

Manual CSV Upload

File upload of transactions to be processed using the gateway's web site.

BluePay CSV Upload (bp20bu)

Interface to upload comma delimited files into the gateway for processing.

Sample: PHP

    BluePay CSV Upload Report (bpbureport)

    Interface to check the status of and download results of CSV files uploaded into the gateway for processing.

      BluePay Rebill Administration (bprebadmin)

      This interface is for updating and cancelling rebillings set up in the BluePay Gateway.

      Samples: PHP, Perl, Ruby, Java, Python, C#, C++, Visual

        BluePay Customer Token Administration (bp20tokenadmin)

        Interface for creating, updating and reading Customer Token data.

          BluePay Daily Report 2 (bpdailyreport2)

          A new version of the reporting interface for the retrieval of transaction data. 

          Retrieve by transaction date samples: PHP, Perl, Ruby, Java, Python, C#, C++, Visual

          Retrieve by settlement date samples: PHP, Perl, Ruby, Java, Python, C#, C++, Visual

            BluePay Single Transaction Query (stq)

            Interface that can retrieve information of a single transaction using the transaction ID, merchant defined order_id or other search criteria.

            Samples: PHP, Perl, Ruby, Java, Python, C#, C++, Visual

              BluePay Reserve Query (reserveq)

              Interface that can retrieve information on ACH reserve payments using a date range and other fields.

              BluePay Manager CSV Export

              Export of transaction data in Comma Separated Value (CSV) format using the gateway's website.

                Rebill Post

                Post to remote application when a recurring billing transaction is processed.

                Trans Notify Post

                Post to remote application when transactions are processed by the gateway.

                Samples: PHP, Perl, Ruby, Java, Python, C#, Visual

                  Deprecated APIs

                  BluePay 2.0 Post (bp20post)

                  Name/value pairs are posted to the gateway which returns results as name/value pairs. Same concept as BluePay 1.0 Post but the data is formatted differently.

                  Samples: PHP, Perl, Ruby

                    BluePay XML Post (asby)

                    XML based interface to the gateway that can be used for basic transaction processing. See BluePay 1.0 Post if advanced features are needed.

                    BluePay Daily Report (bpdailyreport)

                    A reporting interface for the retrieval of transaction data.

                    Sample: Perl

                      Code Samples



                      Get Data


                      Hosted Payment Forms



                      Get Data


                      Hosted Payment Forms



                      Get Data


                      Hosted Payment Forms



                      Get Data


                      Hosted Payment Forms



                      Get Data


                      Hosted Payment Forms



                      Get Data


                      Hosted Payment Forms



                      Get Data


                      Hosted Payment Forms

                      Visual Basic.NET


                      Get Data


                      Hosted Payment Forms

                      Status & Support

                      BluePay Gateway Status

                      Get real-time notifications on the BluePay Gateway operational status.


                      Contact Our Integration Team

                      For technical questions related to the BluePay Gateway, please contact us directly at

                      Handling Stored Credential Transactions

                      In October 2017, Visa and Mastercard issued new rules regarding the use of stored credentials. This mandate requires specific handling and transmission of stored credentials (in this case, tokens representing payment data). See the following documentation from Visa and Mastercard for detailed information:

                      The BluePay Gateway is certified for compliance with this mandate, for merchants processing on the Cardnet/North ISO8583 platform.

                      Understanding Stored Credentials

                      A stored credential is information (including, but not limited to, an account number or payment token) that is stored by a merchant or its agent to process future transactions.

                      If your application stores cardholder data for use in future one-time or recurring payments, you must do the following to become compliant with this mandate:

                      • Disclose to cardholders how those credentials will be used.
                      • Obtain cardholders’ consent to store the credentials.
                      • Notify cardholders when any changes are made to the terms of use.
                      • Inform the account issuer that payment credentials are now stored on file, either by processing a payment or a $0 account verification.
                      • Identify the initiator (cardholder or merchant) and frequency (one-time or scheduled) of the transactions with appropriate indicators when using stored credentials.
                      • Provide proactive notification of future payment transactions and ability to cancel a subscription or recurring payment.

                      Additionally, merchants offering subscription services in Europe must send an electronic reminder notification (email or SMS/text message, if cardholder accepted future notification) and a link to online cancellation at least seven (7) days before initiating a recurring transaction if a trial period, introductory offer or promotional period has expired.

                      Identifying Cardholder and Merchant-Initiated Transactions

                      Payment applications must determine whether each applicable transaction is a Cardholder-Initiated Transaction (CIT), or a Merchant-Initiated Transaction (MIT).

                      A Cardholder-Initiated Transaction is any transaction in which the cardholder is actively participating in the transaction (by phone, online, or in-person) using stored credential and payment details, for example:

                      • A cardholder creating a standing order for a recurring, fixed-amount payment for goods or services (for example, a scheduled rent payment).
                      • A cardholder authorizing a payment on an account over the phone.

                      A Merchant-Initiated Transaction is any transaction in which the cardholder is not available to participate:

                      • A follow-up payment after an initial cardholder-initiated transaction.
                      • A direct deposit agreement for the payment of goods or services (for example, a recurring bill payment for a streaming service subscription).

                      Integrated Payment Application Changes

                      If you or your merchants use an application that integrates the BluePay Gateway APIs to accept and manage transactions, you must update your application to become compliant with this mandate.

                      This feature is available for merchants processing on the CardNet/North ISO8583 platform, using one of the following integrations:

                      The changes required to comply with this mandate affect merchants who:

                      • Store and reuse payment tokens and customer information to process recurring payments through an E-commerce or ERP application.
                      • Create and store customer profiles and process card-not-present payments using the associated stored payment information.

                      If your payment workflows use either of these methods to store and reuse customer data, you will need to update your integration to identify the initial and subsequent payments.

                      New Authorization Request Parameters

                      To support the requirements to identify stored credential transactions, the BluePay Gateway APIs include the following new parameters, which must be included in the authorization request for all E-commerce, telephone, and recurring payments using stored customer payment information.

                      The following field names are case-sensitive, and vary depending on your integration method.

                      For the BluePay Post (bp10emu) and BluePay 2.0 Post 2.0 (bp20post), these field names are capitalized as shown below.  For Manual CSV Upload and BluePay CSV Upload (bp20bu) integrations, the field names are lowercase. See the API documentation for your integration method for specific details.

                      FieldMax LengthTypeDescription
                      STORED_INDICATOR1ANThe STORED_INDICATOR field indicates whether the transaction is a one-time payment, first in a series, or subsequent payment using stored credentials.
                      • F - The first transaction in a series or a one-time payment using stored credentials. 
                      • S - A subsequent transaction using stored credentials.

                      Note: When STORED_INDICATOR is F, you must also specify the RESPONSEVERSION as 8 or higher to retrieve the STORED_ID value in the response. 

                      STORED_ID15NRequired when STORED_INDICATOR is S, and used to associate subsequent transactions in a series with the initial transaction.

                      The STORED_ID is returned in the authorization  response from the initial stored credential transaction (when STORED_INDICATOR is F), and must be provided in subsequent transactions in the series (for example, in a recurring billing arrangement).


                      1ANThe STORED_TYPE parameter specifies whether the transaction is initiated by the customer or merchant.

                      • C - Customer-Initiated Transaction (CIT)
                      • M - Merchant-Initiated Transaction (MIT)

                      Expand the following topic for additional sample scenarios:

                      Stored Credential Sample Scenarios

                      The STORED_TYPE and STORED_INDICATOR fields are specific to the BluePay Post (bp10emu) API. see the BluePay Post API documentation for additional information.



                      A new customer makes a one-time purchase on your web store or app, and opts to create an account to store their billing and payment information.CF
                      A patient calls your office to make a one-time payment over the phone. The customer provides their billing information to an associate, who enters it into your application. When asked, the customer agrees to store their billing information for future payments.CF
                      A patient calls your office to make a one-time payment over the phone, and their billing information is already stored for use in your application.CS
                      A new customer creates an account on your website and enrolls in a subscription service, which is billed monthly. Your application processes the initial payment or a $0 authorization to verify the billing details.



                      A customer previously enrolled in your subscription service, and is automatically billed for the monthly amount using their saved billing details.MS
                      An existing customer purchased multiple items from your web store, and checked out with their stored profile; however, only some goods were in stock at the time of the order. 

                      The customer is charged twice for the split shipment, where:
                      • The customer is initially charged for the in-stock goods at the time of the order.
                      • The customer is charged a second time for the remainder of their purchase once the goods are available.

                      Developer FAQ

                      What is the maximum number of transactions that the Transaction Search can return?


                      How can a gateway user be set to have the "Include Column Headers" option for CSV export checked by default?

                      1. From the User List page, under Options choose Preferences.
                      2. Click the “Edit” button.
                      3. Change the value of “Print CSV Headrers” from “No” to “Yes”.
                      4. Click the “Save” button.

                      What causes an "Invalid field name" error when the field names are correct in a batch upload file?

                      The file is probably using Unicode encoding. Open the file in Notepad and save file using ANSI encoding.

                      Can the BluePay Gateway process foreign currencies?

                      Yes, using Fiserv’s Global ePricing service.

                      Where can I see a sample of an online application?

                      Why is the CVV result no match when the CVV value is correct but the expiration date is incorrect?

                      The CVV value is not a value stored by the card issuer. It is a value calculated using the card number, expiration date and other information on file with the card issuer. Because the expiration date is used in that calculation, supplying the wrong expiration date causes the calculated value to not match the one on the card. When the values don’t match, a no-match CVV response is returned.

                      What user permissions must be set to give a gateway user view only access?

                      account.view, scope.account, scope.hier, trans.view

                      With which banks can ACH transactions be processed directly?

                      • American Charter Bank
                      • Bank of America
                      • Capital One
                      • Central Bank
                      • Chase Bank
                      • Comerica Bank
                      • First Republic Bank
                      • Metabank
                      • PNC Bank
                      • Regions Bank
                      • US Bank
                      • Wells Fargo Bank

                      How long is a transaction available for use as a Master ID on a new transaction?

                      The encrypted card number is kept for seven (7) years.

                      What is Rebill Retry and how does it work?

                      If a rebill credit card transaction is declined, the gateway can automatically reattempt the transaction after a configurable amount of time. This option is not available for ACH. IT must enable and configure this option.

                      Why is a test transaction declined?

                      The results of a test transaction are determined by the dollar amount of the transaction without cents. If the dollar amount is odd, an approval is returned. If the dollar amount is even, a decline is returned. This allows testing of both transaction result types.

                      If "Customer Receipt" is checked in the settings, will customer receipt emails be sent when a rebilling executes?


                      Does BluePay issue SSL certificates?

                      BluePay does not issue SSL certificates. The merchant would need to contact a certificate authority to get an SSL certificate. Some of the larger companies issuing SSL certificates are GoDaddy, Thawte, Comodo and Verisign. GoDaddy is usually the least expensive option.

                      When using a USB card swipe with the Virtual Terminal, is the address information required?

                      Address information is not required when the track data is submitted in the "Swipe Result" field. Using "Swipe Result" causes a transaction to be treated as a card present transaction.

                      What does RRNO stand for?

                      RRNO is an acronym for Reference Routing Number. It is more commonly known as the transaction ID.

                      How can a demo account be configured to process test ACH transactions?

                      Send an email to with your demo account ID requesting that ACH processing capability be added. The number sequence 123456780 can be used as the routing number on test ACH transactions.

                      Which shows on a BluePay Manager receipt — the Account Name or the DBA Name?

                      The Account Name is displayed on the receipt.

                      How can I locate my Account ID and credentials?

                      If you’re not sure where to find your Account ID or Secret Key:

                      1. Log into your BluePay account.
                      2. Click Administration.
                      3. Click Accounts.
                      4. Click List.
                      5. Click the View icon.

                        Your Account ID and Secret Key are displayed.

                      Instructional Videos

                      Processing Transactions

                      Fraud Management

                        Microsoft Dynamics GP Plugin