Secure file transmission
Fulfill these security requirements to ensure secure file transmission.
SFTP account management
If the SFTP server of Alipay is used, contact technical support to obtain the credentials to login to the SFTP server.
If the SFTP server of a partner is used, partners must complete the SFTP server system configuration on Alipay first.
File transfer process
File exchange happens between Alipay and partners.
For the file sender, the file uploading process is as follows:
Figure 1. File uploading process
For file receiver, the file downloading process is as follows:
Figure 2. File downloading process
Before the transmission, encrypt files by using the PGP algorithm to enhance the transmission security. A .asc suffix is added to the encrypted file to differentiate it from the unencrypted file.
To prevent temporary files from being wrongly downloaded, rename the file by appending a .tmp suffix to the file name before uploading. After the transmission is completed, rename the file back to the original name by removing the .tmp suffix.
Do not download the temporary file, which is ended with a .tmp suffix.
After the file is downloaded, decrypt the file by using the PGP algorithm.
Files on the SFTP server can be kept for seven days. Files older than seven days are automatically removed from the server.