Skip to content
Art2link ESB v2.02 LTS HomeDocumentationBlogContact
Core concepts/Adapters/SFTP adapter
Adapter

SFTP adapter

A send-side adapter that drops files onto an SFTP server. Path and filename are templatable; the response is an acknowledgement only.

ADAPTER · SEND SFTP Drops files to an SFTP server — acknowledgement response only Shipping DIRECTION ↑ Send MODES One-way · Two-way AUTHENTICATION SFTP Authentication PORT Send port RESPONSE Ack only

The SFTP adapter takes a message off the bus and writes its body to a file on an SFTP server. The destination directory, filename, and write behaviour are all configurable on the send port; the SFTP Authentication paired with the adapter carries host, port, credentials, and the expected host key fingerprint.

Path and filename templating

Where the file lands is computed at runtime by templating the directory and filename against the message and Application variables. Two patterns dominate: predictable filenames (good for downstream pickers that look for a specific name) and unique filenames (good for high-volume streams where collisions would be a problem).

Predictable filename REMOTE DIRECTORY /incoming/{{Variable.partner_code}}/orders FILENAME order-{{xpath(/Order/Id)}}.xml RESOLVES TO /incoming/ACME/orders/order-7831.xml collisions possible — pair with Overwrite policy Unique filename REMOTE DIRECTORY /incoming/{{Variable.partner_code}}/orders FILENAME order-{{now('yyyyMMdd-HHmmss')}}-{{guid()}}.xml RESOLVES TO order-20260514-093212-a8e6...xml never collides — reader must enumerate the directory
i
Atomic write. The adapter writes to a temporary filename and renames into place when the upload completes. Downstream pickers that watch the destination directory never see a half-written file. The temp suffix is configurable.
Authentication — password or SSH key

The SFTP adapter pairs with an SFTP Authentication. Two credential shapes are supported:

Password username password · · · · · · host_key_fingerprint: SHA256:… simpler; partner exchanges a password rotate periodically — nothing in SFTP forces expiry SSH key username private_key (.pem / openssh) host_key_fingerprint: SHA256:… stronger; partner authorises a public key passphrase optional but recommended

Both shapes require the host key fingerprint to be configured on the Authentication. The adapter will refuse to connect to a server whose host key does not match. This is the SFTP equivalent of certificate pinning — if the partner changes their server key without telling you, the connection fails rather than trusting blindly.

What you configure on the SFTP adapter

Placeholder field set — verify against the running product.

Remote Directory — required; absolute or relative path on the server. Templatable.
Filename — required; the file name to write. Templatable.
Overwrite Policy — required; one of Fail if exists, Overwrite, or Append suffix (appends an incrementing suffix to avoid collision).
Create Missing Directories — optional toggle; default off. When on, parent directories are mkdir -p'd on demand.
Temp Filename Suffix — optional; the suffix used during atomic write (default .tmp).
Content Encoding — optional; UTF-8, ASCII, Binary, etc. Drives how the message body is serialised before upload.
Permissions (chmod) — optional; numeric mode (e.g. 0640) applied after rename. Off by default.
Connection Timeout — optional; how long the adapter will wait to establish the SSH session.
Authentication — required; picker filtered to SFTP Authentication objects in the same Application.

That is the SFTP adapter

File drop over SSH. Path and filename templated, atomic write on by default, host key pinned. Acknowledgement-only response. Back to Adapters.