Professional Documents
Culture Documents
AMEX HTTPS Comms Guide-April 2018
AMEX HTTPS Comms Guide-April 2018
AMEX HTTPS Comms Guide-April 2018
Table of Contents
April 2018 i
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 ii
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
1.0 Introduction
The Internet Direct HTTPS Communication Guide is written for programmers working on the behalf
of our Partners (including Merchants/Service Establishments, Authorized Processors, Third Party
Developers, Issuers and Terminal and Software Vendors) to develop interfaces to American Express.
This document covers only the communication connections used to transmit data. Specific file formats
and field definitions are explained in other American Express marketing and technical documents
(for example, one format for an Authorization Request message is defined in the American Express
Global Credit Authorization Guide).
Disclaimer: To the maximum extent permitted by law, American Express does not make and hereby
disclaims any and all representations, warranties, and liabilities, whether express or implied, or
arising by law or from a course of dealing or usage of trade, including implied warranties of
merchantability or fitness for a particular purpose or any warranty of title or non-infringement. You
must comply with laws and regulations applicable to the subject matter of this document. These laws
and regulations can differ from country to country, and you are solely responsible for being aware and
adhering to them in all countries where you implement this document.
April 2018 1
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 2
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
2.0 Internet Direct Services Offered
2.1 Overview
This document is provided for clients who wish to send various request messages to American Express
through the Internet by accessing specific American Express URLs, which are included in this guide.
This document contains technical details necessary for authorized Partners to communicate with
American Express systems via the American Express Internet Direct Gateway.
This manual includes a high-level explanation of the URL options offered, how to invoke the URLs
and Partner system requirements. Details on these functions and American Express global
specifications are available on the following Web site:
http://www.americanexpress.com/merchantspecs
The American Express Internet Direct Gateway allows Partners to transmit real-time Authorizations,
Submissions and approved region specific messages via the Internet. HTTPS is used to provide secure
access to the Gateway URLs.
Partners utilize the American Express Internet Direct Gateway solution by accessing the appropriate
URL. The actual request message data is embedded in a hidden parameter in the transmission to
American Express; and an HTTPS POST is used to transmit this data to the American Express
Internet Direct Gateway. No user ID or password is needed.
American Express uses TLS server authentication and transmits a TLS certificate in the handshake
message returned to the terminal/system. The Partner system must accept this certificate in addition to
certificate renewals as needed.
Internet Direct compatible applications should follow best-practices associated with the automatic
acceptance of certificates from trusted sources; if this requirement is not met it is likely that required
certificate renewals will prevent the processing of transactions.
American Express systems process the request and generate a response that is embedded in a hidden
parameter in the American Express-generated response.
Further details on this process are included in the sections that follow.
April 2018 3
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
2.3 Supported File Formats
April 2018 4
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
2.4 Usage Requirements
Whenever possible, a host should be used to connect to American Express instead of using a
direct terminal connection.
Terminals must be able to accept automatic updates for certificates, IP addresses, URL and
routing indicator changes
Terminals must be able to support automatic failover between the Internet Direct URLs
Uptime and connectivity are the responsibility of the Partner and their Internet Service Provider
(ISP)
It is highly recommended that a Partner have a secondary Internet Service Provider (ISP) to
fulfill any redundancy requirements external to American Express.
A Partner should have ability to utilize multiple routing indicators to route to different
locations.
Technical requirements change frequently; please download this guide after each April and
October release to review what’s new and to be prepared for any upcoming changes.
These requirements have been established to minimize the likelihood of a service disruption or outage
for a Partner. Implementations that do not follow these guidelines may be subject to unplanned outages
and downtime and may require manual intervention or coding changes with little advance notice at
Partner expense. Partners that cannot support these usage requirements should speak to their American
Express Technical Representative regarding alternate connectivity.
April 2018 5
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
3.0 Connectivity Details
Transaction must be sent to the Internet Direct Gateway web server. The URL will be provided by
the American Express Technical Representative.
It is highly recommended that a vendor has a secondary Internet Service Provider (ISP) to
fulfillany redundancy requirements external to American Express.
Detailed specifications for the HTTPS/1.1 protocol can be found in RFCs (7230-7237) on the
World Wide Web Consortium web site: http://www.w3.org/Protocols/
A transaction is transmitted in the request headers for the POST method. See examples of Internet
Direct Gateway transactions using the POST methods, beginning on page 23.
April 2018 6
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 7
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.0 Request Message
The following request message header values must be provided to insure proper processing by the
American Express Internet Direct Gateway:
– origin (Vendor Name/Developing Entity or Vendor and Port for Online PIN and GHDC)
– country (Country Code; see page 34)
– region (Region Code; see page 34)
– message (Authorization Message Type being sent; see page 15)
– MerchNbr (Merchant Number of merchant sending the Authorization Request Message)
– RtInd (Routing Indicator where Authorization Message is to be routed; see page 17)
Note: For details on populating these Header Values, see Request Message Header Value Descrip-
tions on page 10.
Perform a HTTPS POST to send the request message to the American Express Internet Direct
Gateway URL.
The Request Message (i.e., ISO Message or Auth XML value) should not be in the Header Values.
Instead, merchants/vendors must transport Request Message data as the Request POST parameter
AuthorizationRequestParam key value in the body of the Request Message (via browser and ter-
minal). This parameter value is the actual payload message.
An example of ascii hex encoding would be taking the string “qacafe” and mapping it to the ascii
hex value of 71 61 63 61 66 65. If you were to enter the ascii hex data into the
AuthorizationRequestParam parameter, you would enter the data without any spaces. For
example: “716163616665”, but without the quotes.
See details for request-message Browser and Terminal Headers on the following pages.
April 2018 8
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.0 Request Message (Continued)
Note:
HTTPS ‘Content-length’ is the length of the entire message body, including the length of the
hidden parameter ‘AuthorizationRequestParam=’.
Each and every header parameter should be separated by one CR[carriage Return]/LF[Line
Feed].
At the end of the Header parameters there should be two CR/LF before message body starts.
The extra CR/LF indicates the end of HTTPS header sections.
American Express Internet Direct application will not be able to process any messages in
Internet Direct application unless it follows HTTPS specification of message format as
depicted above.
April 2018 9
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.0 Request Message (Continued)
April 2018 10
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 11
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.1 Request Message Header Value Descriptions
Constant: None
Origin*: ProcessorName-PortNumber OR
ProcessorName-MerchantName-PortNumber
*Format required for Online PIN and GHDC / will be provided by American Express Technical
Representative during the certification process
April 2018 12
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
Constant: None
For valid codes, see Country and Region Codes on page 34.
April 2018 13
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.1 Request Message Header Value Descriptions (Continued)
Constant: None
Description: This header value contains a Region code that corresponds to the
American Express region in which the request message originates.
For valid codes, see Country and Region Codes on page 34.
April 2018 14
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.1 Request Message Header Value Descriptions (Continued)
Constant: None
Description: This header value contains a Message Type code that indicates
the type of data transported in this Request Message. Valid entries
include the following:
April 2018 15
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.1 Request Message Header Value Descriptions (Continued)
Constant: None
MerchNbr: 1804000001
April 2018 16
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
4.1 Request Message Header Value Descriptions (Continued)
Constant: None
Description: This header value contains a Routing Indicator code that directs
the message to the appropriate American Express system for
processing.
April 2018 17
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 18
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
5.0 Response Message: Browser and Terminal
Perform HTTPS POST operation on connection to retrieve response message from American
Express Internet Direct Gateway URL.
Then, extract Authorization Response message from stream content received from server.
April 2018 19
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
5.2 Common Network Socket Exceptions
Problem Cause
SocketException 1. Operation timed out. Host unavailable.
2. Could not connect. Could be due to invalid address.
UnknownHostException: User set incorrect URL. • Virgule “/” missing before actual path.
<host name> • Incorrect URL.
April 2018 20
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
6.0 Communication Details
This section contains diagrams and examples that illustrate TLS processing, basic cryptography
concepts of the TLS operation, and the HTTPS POST request and response flow, with header details.
TLS is a sophisticated encryption scheme that does not require the exchange of a secret key between the
client and server before the transaction is initiated. Instead, TLS public/private keys provide flexible
encryption that is setup when the secure transaction is transmitted.
Note: While the diagram on page 20 shows a typical example of an HTTPS POST browser request,
actual requests may vary depending on the origin of the authorization request (i.e., from a merchant’s
browser, or a terminal).
The following is an example of the ISO 8583 Message, Plural Interface Processing (PIP) Format from
a terminal. User application “/IPPayments/inter/CardAuthorization.do” will post
transaction data to the Internet Direct Gateway URL.
For details, see American Express Plural Interface Processing (PIP) Terminal Interface Specification
(POS020055).
ACK
April 2018 21
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
6.1.1 TLS Handshake on New TCP Connection
April 2018 22
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
6.1.2 Send HTTPS POST Request
Merchant needs to send the parameter below in the body of the message.
----------------------------------------------------------
AuthorizationRequestParam=<Authorization Request>
----------------------------------------------------------
April 2018 23
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
6.1.2 Send HTTPS POST Request (Continued)
TCP (FIN)
Web server initiates TCP connection release.
TCP (ACK)
April 2018 24
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
7.0 How to use the American Express Test System (ATS) via Internet
Direct
Overview
The American Express Test System (ATS) is a certification platform available to authorized Partners
to certify American Express transaction features. ATS has been developed to provide an enhanced
customer experience with an intuitive approach to how test transactions are validated and how
certifications are performed. Customers using American Express Authorization SDK or any other
supported transaction can use ATS to test. ATS allows streamlined testing and the ability to view test
transactions by accessing the ATS portal (www.amextestsystem.com).
Your American Express regional representative will work with you enable your ATS access; once
completed, testing with ATS will be available via this link.
Testing Setup
2. American Express Certification Analyst agrees upon an ‘Origin’ name with the customer
a. If using Online PIN or GHDC for Internet Direct please follow the guidelines for
‘Origin’ set up (the port provided for testing may be different than the one issued for
production). Please refer to your certification analysts for additional information
regarding the ‘Origin’ that should be used.
3. The customer can then begin testing using the following data:
d. All other Header values remain the same based on the standard guidelines
‘Go-Live’ Production
1. Once the American Express Analyst has indicated that all ATS testing and certification
is complete, the application is ready to ‘Go-Live’ into production. The following data
values must change to ensure successful transactions in the production environment:
d. All other Header values remain the same based on the standard production guidelines
April 2018 25
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
8.0 Steps to Create a Test Client Using Java Technology
The following example is Java code for opening a connection and sending an Authorization Request
message using the hidden parameter. Statements in bold text are comments.
If any systems running the Internet Direct payment solution uses JRE 1.6 Update 22 or later
sun.net.http.allowRestrictedHeader must be set to true. This ensures that all required headers are
passed properly as part of the HTTPS message.
//OPEN CONNECTION
… (Client’s code)
… (Client’s code)
April 2018 26
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
After the Partner sends the request to the Internet Direct Gateway, American Express returns a
server-side certificate to the merchant terminal/system.
The terminal/system accepts the certificate.
The American Express Internet Direct Gateway continues processing the message.
April 2018 27
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
9.0 Steps to Create a Test Client Using .Net Technology (C#)
Below is the list of classes, which come with .Net Framework 2.0. Users may use the following to
develop the client using C#.
HTTPSWebRequest Class —
HTTPSWebResponse Class —
This class contains support for HTTPS-specific uses of the properties and methods of the
WebResponse class. The HTTPSWebResponse class is used to build HTTPS stand-alone
client applications, which send HTTPS requests and receive HTTPS responses.
April 2018 28
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
9.1 Example of C# Client
BuildReqStream(ref webrequest);
HttpWebResponse webresponse;
webresponse = (HttpWebResponse)webrequest.GetResponse();
loResponseStream.Close();
webresponse.Close();
return Response;
}
webrequest.ContentType = "text/xml";
return webrequest;
}//End of secure CreateWebRequest
}
finally
{
myWriter.Close();
}
}
April 2018 29
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
10.0 Steps to Create a Test Client Using C++
See Connect and Send method examples in the code sample on the following pages.
/////////////////////////////////////////////////////////////////////////////////////////////
//Method: Connect
//Purpose: Connection method takes two parameters the HostAddress and Port
/////////////////////////////////////////////////////////////////////////////////////////////
bool XHttpConnection::Connect(const char *ptHostAddress, unsigned short nHostPort,
const char *ptUser, const char *ptPassword, bool bSecure)
{
DWORD dwFlags = 0;
if (m_pxInternetSession == NULL)
{
if (Initialize() == false)
{
return false;
}
}
try
{
if (bSecure)
{
dwFlags = INTERNET_FLAG_SECURE;
}
m_pxHttpConnection = m_pxInternetSession->GetHttpConnection(ptHostAddress, dwFlags,
nHostPort,ptUser,ptPassword);
}
catch(CInternetException *pIntEx)
{
TCHAR szCause[255];
pIntEx->GetErrorMessage(szCause,255);
//Log
return true;
April 2018 30
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
10.2 Example of C++ Client — Send Method
////////////////////////////////////////////////////////////////////////////////////////////
//Method: Send
//Purpose: To transmit data through the System
//Parameters:
// ptMessage - Message to be sent
// ptHeaders - Headers to be added (example Accept:text/*\r\n) -
// SHOULD be all the headers
// ptVerb - POST/GET
// ptObjectName - Who we're sending to ??CardAuthorization.do
// ptHttpVersion
///////////////////////////////////////////////////////////////////////////////////////////
int XHttpConnection::Send(CString* ptMessage, CString *ptHeaders, int iVerb, CString *ptObjectName,
CString ptHttpVersion, DWORD *pStatusCode)
{
try
{
m_pxFile = m_pxHttpConnection->OpenRequest(iVerb, //Verb
(LPCTSTR) ptObjectName, //target object- ?? whatever .do ?? CardAuthorization.do
NULL, //(LPCTSTR) ptHeaders, NOT SURE IF THIS IS THE HEADERS
1, //always use 1 for context, this is only child of session
NULL, //if null, only accept text
(LPCTSTR) ptHttpVersion, //HTTP version, default is HTTP/1.0, Amex wants HTTP/1.1
INTERNET_FLAG_RELOAD | INTERNET_FLAG_SECURE); //cache, HTTPS
m_pxFile->AddRequestHeaders((LPCTSTR) ptHeaders);
DWORD iSize = ptMessage->GetLength();
//The headers are confusing, can load them in OpenRequest, AddRequestHeaders and SendRequest
BOOL bOK = m_pxFile->SendRequest(NULL,0,(LPVOID) ptMessage, iSize);
if (bOK)
{
m_pxFile->QueryInfoStatusCode(*pStatusCode);
}
else
{
*pStatusCode = 0;
}
return (int) iSize;
}
catch(CInternetException *pxIntEx)
{
TCHAR szCause[255];
pxIntEx->GetErrorMessage(szCause,255);
g_Log.PutEntry( (LPSTR)(LPCTSTR)theEdglibApp.GetTaskName(), //log the CInternetException
"XHttpConnection::Send", HTTP_EXCEPTION,
TRACING_ELMNT_EDGLIB,
EDGLIB_RECORDING_SOURCE_SOCKETS,
"%s", szCause) ;
Disconnect();
return -1;
}
}
April 2018 31
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
11.0 Rejection, Errors and Failures
Time-Out Failures — Message processing may infrequently exceed the maximum time allotted;
in which case, a “time-out” error message is displayed on the terminal or monitor. In addition,
communication and system-associated failures not related to actual message content are reported
as “time-out” failures, and no further error descriptions are provided.
The American Express Internet Direct Gateway times out after 30 seconds (i.e., after 30
seconds, American Express initiates a connection close and sends the merchant/ vendor a
“null” response, with status code “200”).
Request Message Rejection and/or Errors — American Express returns response messages that
include status and/or error codes that indicate the reason the financial request was denied/declined
or rejected.
If American Express internal systems are unable to parse the request, or if the message does not
match the required format, a blank string (“”) with no status code is returned as a response.
April 2018 32
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 33
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
12.0 Country and Region Codes
Refer to the American Express Global Codes & Information Guide for a complete list of Country
codes.
LAC: Countries in Latin America (Note: Puerto Rico, Caribbean and Virgin Islands should also
be coded as LAC)
CAN: Canada
April 2018 34
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
13.0 Routing Codes
Internal Teams should reach out to the GAN Production Support mailbox for a complete and up to
date list of routing codes. Each message specification and/or PIN transaction may require use of a
unique code; please review before proceeding with certification.
April 2018 35
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 36
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
3.2 03/08/16|L.Chmielewski
• Page 5, Added recommendations regarding guide usage
• Page 25, Changed ATS routing indicator, added ATS test link
• Page 41, Added notation regarding use of routing indicator
April 2018 37
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 38
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 39
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
– Changed 010, as indicated, “APACS30 Traffic routed to BSH07 UK Stratus (Brighton)— Servicing UK,
Belgium (including Luxembourg), Holland, France, Italy, Finland and Poland
– Changed 011, as indicated, “GICC traffic routed to FRA03 German Stratus (Frankfurt) — Servicing
Germany, Switzerland and Sweden”.
– Added codes 012, 014, 015 and 016.
• Page 15: Changed text from “Message Types (use in message parameter, on previous page)” to “Message
Types — The following Message Type codes are used in the request-message Browser and Terminal Header
message parameters, which are described on page 10. Also, added the following Message Types: ISO
Global EDC, APACS 40, GFSG XML BAR, GFSG XML DCR, GFSG XML IDR, GFSG XML IR and
PRICE.
• Page 19: Changed subsection title, as indicated, “Standard HTTP Response Messages from Server”.
• Page 20: Changed subsection title, as indicated, “5.2 Java Error Response Messages Common Network
Socket Exceptions”. Also, changed “Problem” entries, as indicated:
– java.net.SocketException
– java.net.UnknownHostException:<host name>
– java.io.FileNotFoundException
• Page 21, Section 6.0 – Communication Details: Revised introductory paragraphs to clarify and improve
readability, with no change to technical content.
• Pages 23 and 25 (three occurrences): Changed text, as indicated,
“…qwww215318.americanexpress.com…”
• Pages 34-Error! Bookmark not defined.: Converted part of existing paragraph into Note 1, added “Note
2” for “prohibited countries” and updated Country and Region Codes table.
April 2018 40
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 41
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Internet Direct HTTPS Communication Guide
April 2018 42
This document contains sensitive, confidential and trade secret information, and must not be disclosed to third parties
without the express prior written consent of American Express Travel Related Services Company, Inc.