Generate Keypair
Use the following command:
ssh-keygen -t [rsa|ecdsa|ed25519]The following keys are accepted:rsaecdsaed25519
.pub file).Run cat <public_key_file> to view the public key to send to Lead.Example Public KeySend Public Key To Lead
Once your public key has been generated, send it to your Lead Implementation Manager as a plain text email.
Validate Lead Public Key (Host Key Generation)
Verify the fingerprint and add the public key to your known_hosts file by following the below steps:
-
Generate a public key fingerprint by running the below command:
- Prod
- Sandbox
ssh-keyscan sftp.lead.bank 2>&1 | ssh-keygen -lf -
The above command generates a public key fingerprint
-
Use the public key fingerprint and compare it with the fingerprint below:
- Prod
- Sandbox
2048 SHA256:PWqq5lPPd0zWCawxwSnqOkyy168esipmaPy2t3H1uFE sftp.lead.bank (RSA)
Add Lead Public Key To Your Known Hosts file
After the fingerprint is verified, run the below command to add the public key to your known_hosts file:
- Prod
- Sandbox
ssh-keyscan sftp.lead.bank >> ~/.ssh/known_hosts
Connect To SFTP Server
Connect by running the following command:
- Prod
- Sandbox
sftp -v -i \~/.ssh/your\_key username@sftp.lead.bank
Connectivity Details
| Environment | SFTP Server Hostname | Port |
|---|---|---|
| Sandbox | sftp.sandbox.lead.bank | 22 |
| Production | sftp.lead.bank | 22 |
Set-up Checks
- Static IP addresses are strongly encouraged for the IP allowlist.
- CSV files should use a pipe (|) delimiter.
- You may provide multiple SSH public keys for each environment.
- Lead supports RSA, ECDSA, and ED25519 keys.
- Both 2048 and 4096 bits are supported.
- It is strongly recommended to do periodic key rotation.
- Rotation of these keys can be processed upon request.
Folder Structure
All program related files will be dropped into folders on the SFTP server with the following access:- Read/Write: For all folders where you are the submitter
- Read Only: For folders where Lead is the submitter
We do not use the root directory of the SFTP server to store or handle files.
All dates in filenames must use the
YYYY-MM-DD format (e.g., 2025-12-31).| File | Submitter | Folder Name | File Example |
|---|---|---|---|
| Customer | You | customer | 2025-12-31_customer_v1.csv |
| Customer Relationship | You | customer-relationship | 2025-12-31_customer_relationship_v1.csv |
| Authorized Users | You | authorized-users | 2025-12-31_authorized_users_v1.csv |
| Applications | You | applications | 2025-12-31_applications_v1.csv |
| Accounts | You | accounts | 2025-12-31_accounts_v1.csv |
| Cards | You | cards | 2025-12-31_cards_v1.csv |
| Documents | You | documents | Refer to Documents row in Customer Applications Accounts Balances data schema |
| Balances | You | balances | 2025-12-31_balances_v1.csv |
| Transactions | You | transactions | 2025-12-31_transactions_v1.csv |
| Non-Posted Transactions | You | non-posted transactions | 2025-12-31_non_posted_transactions_v1.csv |
| Transactions Update | You | transactions-update | 2025-12-31_transactions_update_v1.csv |
| Collaterals | You | collaterals | 2025-12-31_collaterals_v1.csv |
| Network Settlement (Primary) | You or Issuing Processor | network-settlement/<primary network name> Example: network-settlement/visa | Format varies based on network. |
| Network Settlement (Secondary) | You or Issuing Processor | network-settlement/<secondary network name> Example: network-settlement/maestro | Format varies based on network. |
| Sales Request | Lead | sales-request | 2025-12-31_sales_request_v1.csv |
| Sales Response | You | sales-response | 2025-12-31_sales_response_v1.csv |
| ACH Outgoing | You | ach/outgoing | 2025-12-31_outgoing_ach_v1.ach |
| ACH Failed | Lead | ach/failed | 2025-12-31_outgoing_ach_v1.ach |
| ACH Incoming | Lead | ach/incoming | 2025-12-31_incoming_ach_return_noc_v1.ach 2025-12-31_incoming_ach_return_v1.ach 2025-12-31_incoming_ach_noc_v1.ach 2025-12-31_incoming_ach_forward_v1.ach |
| ACH Processed | Lead | ach/processed | 2025-12-31_outgoing_ach_v1.ach |
| Daily Activity Report | Lead | bank-account-reports | 2025-12-31_[partnername]-daily-activity-report_[epoch].csv |
| Daily Balance Report | Lead | bank-account-reports | 2025-12-31_[clientname]-daily-balance-report_[epoch].csv |
| ACH Cash Recon Report | Lead | bank-account-reports | 2025-12-31_[clientname]-ach-cash-recon-report_[UNIQUE-POSTFIX].csv |
File Naming
We utilize a consistent filename format that aims to:- Indicate the type of file
- Indicate the content represented in the particular file
- Prevent filename collisions for similar files
Example File Format
20260115T171640Z_incoming_ach_forwards_1768497400.ach
| 20260115T171640Z | incoming_ach_forwards | 1768497400 |
|---|---|---|
| Content Identifier | File Type | Epoch Time of File Generation |
| This will correspond to the content of the file. For loan origination files, this will be a date. For ACH files, this will be a date and time. | This indicates the meaning and format of the file. | This serves to prevent similar files from colliding and preserves generation time ordering for similarly named files. |
Example Invalid File Name
If the initial file version is invalid or changes are required, you must submit the updated version of the file — with an updated epoch time of version label, such as “v2”.| Original | 20260115T171640Z_incoming_ach_forwards_1768497400.ach |
|---|---|
| Updated Resubmission | 20260115T171640Z_incoming_ach_forwards_1768642400.ach Notice the updated epoch timestamp |
Common Pitfalls
You may receive the below error if your key permissions are too open:Permissions 0777 for ‘/Users/username/.ssh/id_rsa’ are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored.
chmod 600 ~/.ssh/id_rsa