Legacy partners, EDI systems, accounting packages, and carrier integrations still speak FTP. Your stack speaks HTTP. Instead of running an SFTP box and polling it with a cron job, FTPasHTTPS acts as the bridge: it terminates the FTP connection and forwards each uploaded file to your API as a real-time webhook. This guide shows the exact config and the payload your endpoint receives.
How FTP-to-webhook works
FTPasHTTPS is a virtualized FTP server. There is no filesystem behind it — every upload is a stream that maps onto an HTTP request.
- Your partner connects with any FTP, FTPS, or SFTP client and authenticates against a user you created.
- They issue an
STORto upload a file. FTPasHTTPS opens the data connection and begins reading bytes. - Those bytes are streamed into the body of an HTTPS
POSTto your configured webhook URL, with file metadata in the headers. - Your endpoint processes the file and returns an HTTP status. 2xx → FTP
226 Transfer complete; 5xx → FTP451 Action aborted. - If the POST fails, FTPasHTTPS retries with exponential backoff, then routes to a dead-letter queue. Every attempt is written to the audit log.
Config & example webhook payload
Configure the webhook once on your FTPasHTTPS server. A minimal server definition looks like this:
server.config# FTPasHTTPS server configuration protocol: FTPS # FTP | FTPS | SFTP mode: passive # active + passive supported webhook: url: https://api.example.com/ingest/ftp method: POST sign_with: hmac-sha256 # X-FTPasHTTPS-Signature header retries: 5 # exponential backoff dead_letter: true users: - username: acme-partner auth: password # or ssh-key for SFTP
When acme-partner uploads orders-2026-06-20.csv, your endpoint receives a request whose body is the raw file and whose headers carry the metadata. A JSON envelope is also available if you prefer structured delivery:
Content-Type: application/octet-stream X-FTPasHTTPS-Signature: sha256=9f86d081884c7d659a2feaa0c55ad015... X-FTPasHTTPS-Event: file.uploaded { "event": "file.uploaded", "server": "acme-prod", "protocol": "FTPS", "file": { "name": "orders-2026-06-20.csv", "path": "/inbound/orders-2026-06-20.csv", "size_bytes": 48213, "sha256": "e3b0c44298fc1c149afbf4c8996fb924..." }, "user": "acme-partner", "received_at": "2026-06-20T08:14:02Z" }
Verify the X-FTPasHTTPS-Signature header against your shared secret before trusting the payload, then return 200 OK to complete the FTP transfer.
FTPasHTTPS vs the DIY way
The traditional approach is an SFTP server plus a cron job that polls a directory and shells out to a script. Here is how the two compare:
| DIY: SFTP box + cron + script | FTPasHTTPS | |
|---|---|---|
| Latency | As slow as your cron interval (1–15 min) | Near-instant — POST fires during the upload |
| Files on disk | Yes — landing dir, attack surface, cleanup | None — streamed in memory |
| Retries | You build them | Automatic backoff + dead-letter queue |
| Auth of payload | Roll your own | HMAC-SHA256 signed webhooks |
| Ops burden | Patch SSH, rotate keys, monitor cron | Managed — you configure a URL |
| Audit trail | grep through logs | Full structured audit logs |
When to use FTP-to-webhook
- A partner can only push files over FTP/FTPS/SFTP but your app is API-driven.
- You want uploads processed the moment they arrive, not on a polling schedule.
- You need to drop the SFTP box and cron job you are currently babysitting.
- Compliance wants no files sitting at rest on an ingestion server.
- You need a signed, auditable trail of every file received.
If your real goal is to land files in object storage rather than call an API, see the SFTP to S3 guide instead — FTPasHTTPS can forward to S3, GCS, Azure, or another SFTP server natively.
Protocols, modes, and what each plan unlocks
FTPasHTTPS implements FTP (RFC 959), FTPS (RFC 4217 over TLS 1.2/1.3), and SFTP (SSH key auth). Both active and passive data modes are supported, over IPv4 and IPv6, so even strict legacy clients connect without changes on their side. The webhook bridge described above works the same regardless of which protocol the client speaks — the protocol only changes how the client authenticates and negotiates the data channel, not how the bytes reach your endpoint.
Webhooks themselves start on the Starter plan (€19/server/month: 1,000 transfers, FTP+FTPS). The Free plan (€0, no credit card) is FTP-only with 100 transfers a month, which is enough to prototype the integration end to end. Professional (€49) adds SFTP, custom domains, inline transformations, and schema validation; Enterprise (€99) adds SSO/SAML, a dedicated IP, and PGP. Pick the lowest tier that covers the protocols and volume your partners need, then upgrade as you onboard more of them.