• See our Sage 50 Advanced Query Tool – AccountsMate
    Live Webinar Demonstration
  • Transition from TASBooks to Sage 50
    Easy with the Right Partner and Remarkably Beneficial
  • See our Sage 50 Advanced Query Tool – AccountsMate
  • Transition from TASBooks to Sage 50

Sage RTX Service – White list URLs – Customer guide

Sage RTX Service – Customer guide

The Sage Payroll system consists of many parts, but we will talk about them at a high-level here:

  • The Sage Payroll desktop software you interact with on a daily basis.
  • Web services (online processing of data to be submitted to revenue).

Sage has developed a web service platform that facilitates integration with government gateways including the Revenue ROS service for PAYE Modernisation. This service is provisioned with AWS.




The service has been developed using secure development and test procedures and guidelines. AWS Shield is used to mitigate against attack as well as providing a level of web application firewall capability. All interfaces are secured authentication and use encrypted channels.


Protecting data/regulatory compliance


The RTX Service is fully compliant with UK Data Protection Act 1998 and supports the EU General Data Protection Regulation (GDPR).


URLs to be Whitelisted


The following URLs are used by Sage in the process of connecting to the Revenue service for PAYE Modernisation.


Item URL Description
Sage RTX Service* https://api-rtx-ie-prod-ros.sagertx.com The URL of the Sage Real Time Exchange (RTX) Service. This is where the product sends the data that we need to be able to process anything.
Amazon Web Service S3 buckets* https://rtx-ie-prod-ros-s3-eu-west-1-files.s3.eu-west-1.amazonaws.com Amazon Web Service is the cloud infrastructure that Sage use to host, process and store the information for the Sage Real Time Exchange (RTX) Service.
Sage Token Service* https://www.sagetokenservice.com Sage Token Service is used to authenticate your interactions with Sage Services.

* Please note that none of the above will work when viewed via a web browser. The above URLs need to be accessed via defined protocols and secured requests.


Data transit and storage


For full details of Sage Governance, please visit https://trust.sage.com/governance


Data in transit


Data in transit from desktop to Revenue is transmitted via encrypted channels and secured with authentication.




Data pertaining to submissions is stored in an S3 bucket in AWS.  This bucket has server-side encryption configured. When you use server-side encryption, Amazon S3 encrypts an object before saving it to disk in its data centres and decrypts it when you download the objects. The exact fields stored in this data differs per client but its will be a superset of the data required to generate the necessary submissions.


Mongo DB


Data pertaining to registration and the configuration of the service is stored in a MongoDB cluster. Collections are:

  • Organisation.
  • Company.
  • Subscription.
  • Tracking.
  • RequestMetadata.

There is no sensitive data stored in any of these collections. Nevertheless, all data is encrypted at rest and access is limited to appropriate personnel.


AWS Parameter store


Data pertaining to the configuration of the service is stored in AWS Parameter Store.  Typical values are database connection strings and passwords.  AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.  All values are saved as secure strings and access is limited to appropriate personnel.

What data is stored


Only data which is critical to the function of the RTX Service is stored, and a thorough assessment of this data has been conducted prior to the design and implementation of the system.
For the purpose of the RTX Service, the Data Processor is Sage UK Ltd.