SFTP / FTP
Forward SAP documents to remote servers via SFTP or FTP. Supports password and SSH key authentication, custom ports, and automatic directory creation.
Use Cases
- Legacy file server integration
- EDI document exchange
- Bank file transfers and payment processing
Forward SAP documents to remote servers via SFTP (SSH File Transfer Protocol) or FTP. FileRelay supports both password and SSH private key authentication, making it compatible with legacy file servers, EDI systems, and bank transfer endpoints.
Setup
- Obtain the SFTP/FTP server hostname, port, and login credentials from your server administrator
- Ensure the target directory exists on the remote server, or verify that the user account has permission to create directories
- For SSH key authentication:
- Generate an SSH keypair:
ssh-keygen -t ed25519 -f filerelay_key - Add the public key (
filerelay_key.pub) to the server's~/.ssh/authorized_keysfile - Copy the private key contents for use in FileRelay
- Generate an SSH keypair:
- Ensure the FileRelay connector can reach the server over the network (port 22 for SFTP, port 21 for FTP)
- In FileRelay, add an SFTP destination with the server hostname, credentials, and optionally a remote path
REPLACE: Screenshot of the SFTP connector configuration form in FileRelay
How It Works
FileRelay establishes a connection to the remote server using the configured protocol and credentials. It navigates to the configured base path, creates any necessary subdirectories, and uploads the document. The connection is established per upload and closed afterward to avoid stale session issues.
SFTP (over SSH) is used by default and is the recommended protocol. FTP is supported for legacy systems but transmits data unencrypted unless FTPS (FTP over TLS) is configured on the server.
Path Structure
Documents are uploaded to:
{path}/{subfolder}/{doc_id}.{ext}
- path — the configured remote directory (e.g.
/uploads/sap), or the user's home directory if omitted - subfolder — automatic subfolder based on routing rules (date, repository, or flat)
- doc_id — the SAP document ID
- ext — file extension based on MIME type
Directories are created automatically if the user has the necessary permissions on the server.
Authentication
Password Authentication
Provide the username and password fields. This is the simplest method and works with virtually all SFTP and FTP servers.
SSH Private Key Authentication (Recommended for SFTP)
Provide the username and private_key fields. The private key must be in PEM format:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAA...
-----END OPENSSH PRIVATE KEY-----
Supported key types:
- Ed25519 — recommended, smallest key size, strongest security
- RSA — widely supported, use 4096-bit keys
- ECDSA — good balance of security and performance
If the private key is passphrase-protected, provide the passphrase in the password field alongside the private_key.
Protocol Comparison
| Feature | SFTP (default) | FTP | FTPS |
|---|---|---|---|
| Port | 22 | 21 | 21 or 990 |
| Encryption | SSH tunnel | None | TLS/SSL |
| Key auth | Yes | No | No |
| Firewall friendly | Single port | Requires data ports | Requires data ports |
| Recommended | Yes | Legacy only | When SFTP unavailable |
Tips
- SFTP is preferred — Always use SFTP when possible. It encrypts both authentication and data transfer through a single SSH connection on port 22.
- Firewall rules — Ensure the FileRelay connector's IP address (or on-premise connector host) is allowed through firewalls protecting the SFTP server. Only port 22 (or your custom port) is needed for SFTP.
- EDI integration — For EDI workflows, set the
pathto the EDI translator's inbound directory. Many EDI systems poll a specific folder for new files and process them automatically. - Bank file transfers — Banking SFTP servers typically require IP whitelisting, SSH key authentication, and specific file naming conventions. Coordinate with your bank's technical team to set up the connection and verify file format requirements.
- Host key verification — FileRelay validates the server's SSH host key on first connection. If the server's host key changes (e.g. after a server migration), the connection will be rejected. Update the known host key in FileRelay to restore connectivity.
- Connection timeouts — For servers behind VPNs or on slow networks, FileRelay retries failed connections automatically with exponential backoff. Persistent failures are logged in the activity log.
- On-premise servers — For SFTP/FTP servers on your internal network, deploy the on-premise FileRelay connector to establish connectivity without exposing the server to the internet.
- File permissions — Uploaded files inherit the default umask of the SFTP user. If downstream systems require specific file permissions, configure the umask on the server side.
Configuration Fields
| Field | Type | Required | Description |
|---|---|---|---|
| host | string | Required | SFTP/FTP server hostname or IP address |
| port | integer | Optional | Server port (default: 22 for SFTP, 21 for FTP) |
| path | string | Optional | Remote base directory path (e.g. /uploads/sap) |
Credentials
| Field | Type | Required | Description |
|---|---|---|---|
| username | string | Required | Login username |
| password | string | Optional | Login password (use this OR private_key) |
| private_key | text | Optional | SSH private key in PEM format (use this OR password) |
All credentials are encrypted at rest using envelope encryption.
Ready to set up SFTP / FTP?
Create a free account and add this connector in under 2 minutes.