Guides
Go to payrails.com
Start typing to search…

Amex

This guide will help you obtain SFTP credentials and encryption keys to ingest settlement and payout data from American Express (AMEX) into your Payrails account.

Prerequisites

You will need:

  • An active American Express Merchant Account
  • SFTP Access: A dedicated SFTP username and password assigned to your merchant account
  • PGP Encryption: A PGP key pair (you must hold the Private Key) for file decryption

Step-by-step instructions

Step 1: Gather SFTP Credentials and Connection Details

To configure the secure file transfer, you will need to gather the following information:

1. SFTP Host and Port

To configure the secure file transfer (SFTP) and decryption, we require the following credentials:

  • SFTP Credentials (AMEX Gateway)
    • Host: fsgateway.americanexpress.com
    • Username: The specific AMEX SFTP username assigned to your merchant account (e.g., PAYRAILS...).
    • Password: The password associated with this SFTP user.
    • Port: Confirm standard port 22 is used.
  • PGP Decryption
    • PGP Private Key: The full PEM encoded private key block to decrypt the files.
    • Passphrase: (Optional) If the private key is password-protected.

2. Verify Data Lifecycle & Storage

Before integrating, confirm the file lifecycle logic on your AMEX SFTP server to ensure consistent data retrieval and support for backfills:

Folder Structure

Confirm that new reports land in the /outbox/ directory and are automatically moved to /sent/ after download.

Retention Policies

  • Inbox Retention: Verify how long files remain in /outbox/ if not picked up (standard is typically 7 days)
  • Archive Retention: Verify how long files persist in /sent/ before permanent deletion (standard is typically 24 hours)

Backfill Availability

Determine if older files are available in /sent/ or a separate archive path for re-ingestion.

Step 2: Share credentials with Payrails

  1. Share your SFTP and PGP credentials in a secured way with Payrails.
  2. You can use your preferred secrets manager or vault tool like 1Password Shared Vaults, AWS Secrets Manager or GCP Secrets Manager.
  3. If a shared vault is not possible, you can also share credentials over PGP-encrypted file.

Updated about 3 hours ago