Reconciliation is the quiet backbone of parking payment operations. Every transaction that leaves a pay station must eventually tie back to a settled deposit in the operating account, a processor fee line, and — if everything went right — a gate-event record. How that data arrives from the processor drives how fast exceptions get caught and how much engineering effort the operator absorbs.
The two dominant delivery mechanisms are SFTP flat files and REST APIs. They are not interchangeable.
What SFTP Reporting Looks Like
Most major acquirers still deliver end-of-day settlement reports as fixed-width or delimited files dropped on an SFTP endpoint between 2 a.m. and 6 a.m. local. A typical day yields three to six files: authorization activity, settled transactions, chargeback notifications, adjustments, and funding summary.
Strengths:
- Stable. File formats change rarely. Parsing code written in 2018 often still works.
- Auditable. Each file is a discrete artifact, easy to archive and hand to auditors.
- Bandwidth efficient. A day’s activity for a mid-size operator may be under a megabyte.
Weaknesses:
- Latency. You learn about yesterday today, not about today today.
- Brittle to schema drift. When a processor adds a column, silent parser failures are common.
- Fan-out pain. If you use three processors across a portfolio, you now maintain three file parsers.
What API Reporting Looks Like
Modern processors expose REST endpoints for transaction search, settlement batches, chargebacks, and funding events. Polling or webhook-driven ingestion lets operators see authorizations within seconds of the cardholder tap.
Strengths:
- Freshness. Near-real-time visibility into authorizations, declines, and settlement transitions.
- Schema discoverability. JSON responses with documented fields; changes usually announced with deprecation windows.
- Selective retrieval. Query only what changed since last poll rather than downloading the full day.
Weaknesses:
- Rate limits and pagination complexity. A portfolio pulling 50,000 transactions a day across locations must carefully manage API quotas.
- Webhook reliability. If the operator’s endpoint is down, events are queued or dropped depending on the provider. Idempotency and replay handling become the operator’s problem.
- Moving target. APIs version faster than file formats.
Reconciliation Fidelity Is the Real Question
Both channels eventually reconcile to the same settled totals. The practical decision is how quickly the operator needs to know when something diverges — a declined settlement, a held batch, a chargeback initiation — and how much engineering time is available to maintain ingestion.
NACHA and the Federal Reserve publish guidance on funds transfer timing that directly affects ACH-originated reconciliation windows, which interact with card reconciliation when operators offer monthly parker ACH debits alongside transient card volume.
Hybrid Is Usually Correct
Most mature operators run both: API for intraday monitoring and alerting, SFTP for end-of-day reconciliation of record. The API tells the operations team that a batch settled; the flat file is what the accounting team ties to the bank deposit.
A reasonable hybrid pattern:
- Subscribe to webhook events for authorization, settlement, and chargeback.
- Persist events to an internal store.
- Each morning, reconcile the event store against the SFTP settlement file.
- Flag any transaction that appears in one channel but not the other for manual review.
What to Ask a Processor During Selection
- What files are delivered, at what cadence, and in what format? Can sample files be provided?
- What API endpoints exist for transaction search, settlement, and chargeback? What are the rate limits?
- Are webhook events available? What is the retry policy?
- How are schema changes communicated and how much advance notice is given?
FAQ
Is real-time API reconciliation worth the engineering cost for a small operator?
For a single-location operator with one processor, nightly SFTP parsing is usually sufficient and significantly cheaper to maintain. API integration earns its keep once volume or portfolio complexity makes intraday exceptions expensive to miss.
How long should reconciliation files be retained?
PCI DSS requires transaction log retention for at least one year with three months immediately available. Tax and audit requirements often push this to seven years. Storage is cheap — err long.
What’s the most common reconciliation error?
Timing mismatches. A transaction authorized on day N and settled on day N+1 appears in different daily files. Operators who reconcile by settlement date rather than authorization date avoid most of this class of error.
Should chargeback data come via the same channel as settlement?
It can, but chargebacks often warrant a faster notification path because representment windows are short. Many operators push chargeback webhooks directly to a dispute-handling inbox or ticketing system.
