SFTP Integration
SFTP is the primary file transport protocol for enterprise partners. The platform supports both directions: inbound (we poll and download) and outbound (we push after transform).
Library Choiceβ
| Library | Verdict |
|---|---|
| JSch | Widely used, stable, but unmaintained (use fork com.github.mwiede:jsch) |
| Apache MINA SSHD | Actively maintained, full SSH2, better for connection pooling β recommended |
| sshj | Modern, clean API, good alternative |
Use Apache MINA SSHD (org.apache.sshd:sshd-sftp). It supports connection multiplexing, key exchange algorithms needed by modern servers, and a proper connection pool abstraction.
Inbound (Download) Flowβ
Outbound (Send) Flowβ
Connection Pool Designβ
- Each
SftpConnectorowns its pool (max size configurable, default 3) - Sessions are validated before borrow (send keep-alive / test channel)
- On validation failure: recreate session, re-authenticate
- Pool is torn down when integration is deleted or updated
Authentication Optionsβ
Prefer private key auth for production β passwords are susceptible to brute force and rotation is harder.
File Acknowledgement Strategyβ
| Strategy | Config | When to use |
|---|---|---|
Move to /processed | moveToPath: "/archive/processed" | Partner needs to verify delivery |
Move to /error | Automatic on pipeline failure | Quarantine bad files |
| Delete after download | deleteAfterDownload: true | Simplest, no archive needed |
| Leave in place | Default (no config) | When partner manages cleanup |
SFTP Config Exampleβ
{
"name": "Bank ABC Inbound Transactions",
"type": "SFTP",
"direction": "INBOUND",
"config": {
"host": "sftp.bankabc.com",
"port": 22,
"username": "transform_svc",
"remotePath": "/outbound/transactions/",
"filePattern": "*.csv",
"pollIntervalSeconds": 300,
"moveToPath": "/outbound/transactions/processed",
"authMethod": "PRIVATE_KEY"
},
"credentials": {
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\n...",
"passphrase": "optional"
}
}
warning
The credentials object in the request is write-only. It is encrypted immediately on receipt and never returned in GET responses.