Secure file transmission

Fulfill these security requirements to ensure secure file transmission.

SFTP account management 

If the SFTP server of Alipay is used, contact technical support to obtain the credentials to login to the SFTP server. 

If the SFTP server of a partner is used, partners must complete the SFTP server system configuration on Alipay first. 

File transfer process 

File exchange happens between Alipay and partners. 

For the file sender, the file uploading process is as follows:

image.png

Figure 1. File uploading process


For file receiver, the file downloading process is as follows: 

image.png

Figure 2. File downloading process 

Pre-upload process 

Before the transmission, encrypt files by using the PGP algorithm to enhance the transmission security. A .asc suffix is added to the encrypted file to differentiate it from the unencrypted file. 

Upload files 

To prevent temporary files from being wrongly downloaded, rename the file by appending a .tmp suffix to the file name before uploading. After the transmission is completed, rename the file back to the original name by removing the .tmp suffix. 

Download files 

Do not download the temporary file, which is ended with a .tmp suffix. 

After the file is downloaded, decrypt the file by using the PGP algorithm. 

File retention 

Files on the SFTP server can be kept for seven days. Files older than seven days are automatically removed from the server.