Bolt P2PE is a cloud-based solution that allows software companies to integrate with CardConnect's PCI Point-to-Point Encryption (P2PE) validated solution.

By integrating with Bolt P2PE, merchants and software partners will be able to quickly achieve EMV acceptance (no certification required), P2PE level of PCI compliance, tokenization/token management, and gain access to the CardPointe platform.

Bolt P2PE terminals will maintain a connection to the Bolt P2PE services hosted by CardConnect. This will allow terminal firmware updates to be pushed from CardConnect's Terminal Management System (TMS).

How it Works

  1. POS software sends a request via REST to the Bolt P2PE API.
  2. The Bolt P2PE service connects to the Bolt terminal device via secure socket.
  3. Based on the command sent, the customer is presented with a prompt (for example, "Please Insert, Swipe, or Tap Card.")
  4. Upon card entry, encrypted data is sent to the Bolt P2PE services hosted on CardConnect servers.
  5. Bolt P2PE will provide a CardSecure Token in the response to the POS application via REST.
  6. POS software uses the Token as the account parameter within an Authorization Request on the CardPointe Gateway.
  7. Authorization Response from the CardPointe Gateway communicated back to POS software.

Device Provisioning

Ordering Terminal Devices

Once your integration to the Bolt P2PE API and CardPointe Gateway is complete, you will need to work with the CardConnect Integration Support team to provision and ship the terminal devices to the destination.

To get started, contact CardConnect and provide the following information:

  • Merchant ID(s) (MIDs) that will be using Bolt terminals
  • Device Type
  • Device Quantity
  • Bolt App Version
  • Location where terminals are to be delivered
  • Special shipment requirements (priority overnight/requested delivery date)

Once CardConnect receives the required information, we will work with our vendor to prepare the order. We will then provide an estimated delivery date and a tracking number.

Terminal Management System (TMS)

Terminals will be configured with the CardConnect Bolt application, which allow them to receive commands sent to the Bolt Service from an integrated client using CardConnect's Terminal Management System (TMS).

As part of its P2PE-validated solution, CardConnect uses TMS to monitor and manage access to merchant terminals, configure devices, and authenticate terminal use with the CardSecure application.

During provisioning, TMS is populated with terminal details such as:

  • Hardware Serial Number (HSN)
    • Bolt App Version
    • Last Hello
    • Order ID
    • Site Name (for example: "bolt-terminal.cardpointe.com")
  • Merchant ID (MID or merchid)
    • Merchant Address/Location
    • Bolt Domain & Port
    • Bolt Reconnect Time
  • Order ID
    • Device Type
    • Quantity
    • Key/Site ID

Bolt P2PE terminals maintain a persistent connection to CardConnect via secure socket (TLS 1.2) which provides CardConnect the ability to push Bolt terminal application updates to a device.


Upon receipt of a Bolt P2PE terminal device, merchants will receive a welcome kit containing the terminal device, any included cables and accessories, and a letter detailing further setup instructions.

Partners should preemptively notify their merchants that the Bolt service URL and associated IP addresses will need to be white-listed on their firewall.

Once a terminal device has been connected to the network and has established its IP address, it will attempt to call the Bolt service. In the event that a connection with the Bolt service cannot be made, the terminal will display "Unbolted." Otherwise, once the terminal reads "Bolted," the payment interaction between the client application and CardConnect can proceed.

Solution Features


The Client Application must be able to send requests and receive responses via REST API.

Terminal Devices

Bolt P2PE supports the following terminal devices:

By integrating the above devices, you can leverage the following capabilities:

  • Point-to-Point Encryption (P2PE)
  • EMV pre-certification
  • Signature capture
  • NFC acceptance

Features vary by device and by processor.

Custom Image & Theme

Bolt devices support the ability to display a custom image, such as your merchant’s or software’s logo, and to modify the color of the header, footer, and font that displays within the user interface. This allows you to match the style of the Bolt device's interface with your software solution to create a more seamless experience for the end user.

Image Requirements

Ensure that your image meets the following requirements:

FormatDeviceMax SizeDimensions (X) x (Y)
JPEG or PNGiSC2501MB480 x 272 pixels
JPEG or PNGiSMP41MB320 x 240 pixels
JPEG or PNGiPP3501MB320 x 240 pixels
JPEG or PNGiPP3201MB128 x 64 pixels
Theme Requirements
Banner/Footer ColorHex to RGB
Banner/Footer Font ColorHex to RGB

To add an image or modify the color of the header, footer or font, email cardpointesupport@cardconnect.com with the:

  • Associated merchant ID
  • Image file
  • Hex to RGB color code(s)

Our Support Team will upload the changes to your device within 5 business days.

Sample Apps

CardConnect provides sample applications in Java and AngularJS that provide examples for how to integrate the Bolt P2PE API.

JAVA - Desktop Implementation

To use, first modify the client.properties file and set hsn = to the HSN displayed on the terminal.

For example:

For use with Java Client 1.0.0

base.url = https://bolt-qa.cardpointe.com:6443/api/v1
api.key = aDlzqEdIK1EWFl6NqlEV2I1Iz0RghqRNdvFu19fWe2s=
merchant.id = 888888888887
hsn = 15225SC80709732
readcard.include.signature = true
readcard.amount.display = true
readmanual.include.signature = true
readmanual.expiration.date = true

For use with Java Client 2.0.0

base.url = https://bolt-uat.cardpointe.com:6443/api/v2
api.key = aDlzqEdIK1EWFl6NqlEV2I1Iz0RghqRNdvFu19fWe2s=
merchant.id = {your merchid}
hsn = {your terminal hsn}
connect.force = true
readcard.include.signature = true
readcard.amount.display = true
readcard.include.pin = true
readcard.beep = true
readcard.aid = credit
readmanual.include.signature = true
readmanual.expiration.date = true
readmanual.beep = tru

For use with Java Client 3.0.0

View on Github

base.url = https://bolt-qa.cardpointe.com:6443/api/v3
api.key = aDlzqEdIK1EWFl6NqlEV2I1Iz0RghqRNdvFu19fWe2s=
merchant.id = 888888888880
connect.force = true
readcard.include.signature = true
readcard.amount.display = true
readcard.include.pin = true
readcard.beep = false
readcard.aid = credit
readmanual.include.signature = true
readmanual.expiration.date = true
readmanual.beep = false
authcard.include.signature = true
authcard.amount.display = true
authcard.beep = false
authcard.auth.merchant.id =
authcard.aid = credit
authcard.include.avs = true
authcard.include.pin = true
authcard.capture = true
authmanual.include.signature = true
authmanual.amount.display = true
authmanual.beep = false
authmanual.auth.merchant.id =
authmanual.include.avs = true
authmanual.include.cvv = true
authmanual.capture = true

To run any version, you need Java 1.8 installed:

java -jar tokenmux-service-java-desktop-client-X.0.0-SNAPSHOT.jar

AngularJS - Desktop Implementation

The Bolt API should not be called directly from a web application. A proxy should be setup between the JavaScript and your server.

A community-compiled list of CORS enabled proxies can be found here as reference.

There's also cors-anywhere for Node.Js


$scope.tmuxurl = "proxy"