Reporting-2 icon

Deliver reports into your cloud storage

Learn how to automatically deliver Adyen reports directly into your cloud storage.

You can automatically generate and deliver reports directly into your Amazon Web Services Simple Storage Service (S3) bucket or Google Cloud Storage. By delivering reports to a cloud storage container, you can avoid the need to build and maintain data ingestion pipelines.

Requirements

Before you begin, take into account the following requirements and limitations.

Requirement Description
Integration type Make sure that you have built an online payments, in-person payments, or an Adyen for Platforms platform integration.
Customer Area roles Make sure that you have one of the following role(s).
Online or in-person payments:
  • Merchant report
  • Merchant admin
Adyen for Platforms:
  • Generate Balance Platform reports
Limitations Delivering reports into cloud storage is in limited availability. Contact your Adyen account manager to enable this feature.

Not all reports can be delivered to cloud storage, and we only support reports generated on the company account. Supported reports:

Online or in-person payments:
Adyen for Platforms:
Setup steps Before you begin, make sure that you have set up cloud storage for Amazon Simple Storage Service (S3) or Google Cloud Storage.

How it works

You set up your report generation in your test or live Customer Area. When the report is available, and you have configured your reports, encryption, and cloud storage environment, the data is automatically delivered to the cloud.

In your Customer Area:

  1. Set up reports.
  2. Set up encryption.

Continue by following the instructions for your specific cloud storage provider:

Set up reports

Set up the report configuration for all reports that you want to deliver to cloud storage. We currently only support a limited set of reports, and only reports generated for the company account.

Delivering reports to cloud storage follows the same generation schedule, column, time zone and file format configuration as reports that you generate in or download directly from your Customer Area.

In your Customer Area:

  1. Select Reports.
  2. Under Report overview, you can select a report category from the drop-down menu or enter the name of a specific report in the Search bar. By default, All reports is selected.
  3. From the list of reports, select the report you want to configure under the Name column.
  4. Select Manage report. This gives you the option to generate the report automatically or manually.
  5. Select Automatic to add a schedule. Select a frequency and select Schedule.
  6. Optionally select Column configuration to add or remove columns in the report.

When you have configured the reports, contact your Adyen account manager listing all the reports you want to be delivered to cloud storage.

Set up encryption

All reports that are delivered to the cloud must be encrypted.

In your Customer Area:

  1. If you have not already done so, generate a PGP key.
  2. Register your PGP public key with Adyen, specifying Cloud Sync as the Purpose of the key.

This key will be used to encrypt all the reports.

Amazon Web Services S3 configuration

  1. Create an Amazon S3 bucket using the AWS Management Console. This bucket is the destination for reports. You can configure different buckets or folder paths per report.

  2. Contact Adyen to share the Amazon S3 bucket details. Contact our Support Team or your account manager with the following information:

    • The ARN of the Amazon S3 bucket:
      For example: arn:aws:s3:::my_corporate_bucket

    • Optionally, include the folder path:
      For example: /reportname/path/to/folder

  3. Adyen creates an IAM role after you provide the bucket name and, optionally, the folder path. We need one to two business days to set this up, and then share the ARN of the IAM role with you.

  4. Update your Amazon S3 bucket policy with the ARN role provided by Adyen and set the permissions. The Amazon documentation has an example walkthrough. The following is an example bucket policy configuration where you:

    • Replace the AWS value in Principal with the ARN of the IAM role provided to you by Adyen.
    • Replace the value(s) in Resource with the ARN(s) of your Amazon S3 bucket(s).
    • Include the PutObject permission

  5. Encrypt your Amazon S3 bucket.

    • If you use the default Amazon S3 bucket encryption with AWS S3 managed keys, shown as SSE-S3, no further action is required on your part.
    • If you use AWS's Key Management Service (KMS), shown as SSE-KMS, continue with the next step.

  6. This step is only required if you use AWS KMS. To upload an object encrypted with an AWS KMS key to Amazon S3, the IAM role will need kms:GenerateDataKey permissions on the key to replace the values as needed. See Amazon's documentation for the details.

See the Amazon S3 documentation to review security best practices. In general, make sure that:

  • Your S3 bucket is not publicly accessible
  • Access control lists (ACLs) are disabled
  • Permissions are granted with least privilege access
  • The data is encrypted

Google Cloud Storage configuration

  1. Create a Cloud Storage bucket within your Google Cloud Project (GCP). You can configure different buckets or folder paths per report.

  2. Contact Adyen to share the GCP bucket details. Contact our Support Team or your account manager with the following information:

    • GCP bucket name:
      For example: my-company-gcp-bucket

    • Optionally, include the folder path:
      For example: /reportname/path/to/folder

  3. Adyen creates a service account after you provide the bucket name and, optionally, the folder path. We need one to two business days to set this up, and then share the principal with you. For example, [email protected].
  4. Grant the principal access to the bucket following the Google Cloud Storage documentation. The principal should at least have the Storage Object Creator role.

See the Google Cloud Storage documentation to review best practices for cloud storage.

See also