A Secure File Transfer Protocol (SFTP) account can be necessary in different areas of Campaign.
Secure File Transfer Protocol (SFTP)
The SFTP feature allows you to import large files into Campaign (e.g. a database file), export files from Campaign (e.g. updated database files to transfer to your data warehouse) and set up recurring list imports (database or relational table).
You can also use SFTP for inserting external content into an email template and perform certain API processes (e.g. reporting or list import).
Campaign supports SFTP (SSH File Transfer Protocol). We do not support SCP (secure copy).
Access your SFTP
SFTP credentials you will need:
- Port Number 22
For SFTP information and other Acoustic URLs, see Standardized Acoustic URLs.
Pod information for setting up an SFTP account
To access your SFTP account, you first need to know your Campaign pod.
All active Campaign user accounts are already SFTP enabled. If you have an active Campaign user name and password, you are ready to go.
For example, if you log in to
campaign-us-1.goacoustic.com, your pod number is 1 and your SFTP host is
sftp://transfer-campaign-us-1.goacoustic.com. Also, the user name and password are the same as your Campaign user name and password.
In your respective SFTP, enter the port number for the appropriate protocol.
- SFTP = Port 22 (supports pods 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B)
See Standardized Acoustic URLs for the latest pod and SFTP address information.
If you have firewall restrictions in place, you may also need to update your whitelisting rules to reflect the new SFTP host name for your pod (for example, http://transfer-campaign-us-POD.goacoustic.com). For more information, see Whitelisting Acoustic Campaign by host name.
If the multi-factor security method is enabled, users cannot access the SFTP using user name and password. Use one of the following alternatives to access SFTP.
- Public key
The public key way of authenticating for SFTP now uses the same method for checking valid user names and passwords as the password way does. So if a user is blocked or disabled as indicated via the UI/API, then they'll likewise be prevented from successfully logging into SFTP.
Public key method does check for IP restrictions, if enabled for the org or user.
User name and password authentication
A failed SFTP login attempt increments the total number of failed login attempts for the user. Repeated failed attempts blocks the SFTP user based on the organization password policies.
A failed SFTP login attempt can be resolved by resetting the SFTP user's password within the Campaign UI.
Your organization can now place IP restrictions on SFTP access. After the user name and password prove valid, the process checks on IP restrictions. If there is a restriction in place, visible by checking Access Restrictions, and a user attempts to access from an IP not listed in access restrictions, then FTP access is not granted.
For authenticating with OAuth, the user name must be oauth in all lowercase and the password is the OAuth access token value. The user name oauth is case sensitive.
Once the FTP service sees the oauth user name, it validates the token. If the token is invalid or expired, then no FTP access is granted.
The OAuth app that access is granted for must allow SFTP resources.
OAuth authentication for SFTP bypasses IP restrictions for SFTP, similar to the way OAuth functions for Transact.
Authenticate to SFTP with OAuth
You can authenticate to your SFTP client by using an OAuth access token.
Note: SFTP OAuth requires you to use an application and access credentials that were created after the Campaign 16.4 release.
This implementation of OAuth is case-sensitive. To authenticate by using OAuth, your username must be OAuth in all lowercase, and the password must be the OAuth access token. Once the SFTP service sees the OAuth username, it validates the token. If the token is invalid or expired, then SFTP access is denied.
The OAuth tokens have a lifetime of 4 hours, but can be refreshed after 3 hours. If you request one before the start of the third hour, you receive the same access token that you were issued earlier. If you request an access token after the start of the third hour, a new access token is generated. Therefore, it can be reasoned that your user account has two access tokens available for use. It is recommended to request a new token after 3 hours to prevent the single access token from expiring.
When you set up the OAuth access by using the user interface, you should choose the same username that you have used for creating the
- Register your application.
- Go to Application Account Access under Organization Settings and then select the section header.
- To register your new application, click Add Application and fill out the fields. After you click Add, you will be presented with your new client id and client secret values that you will then use in your OAuth calls.
- Grant the application access to Campaign.
- While still in the Application Account Access section, click Add Account Access.
- Choose your new application from the drop-down and specify the user that you want it to use when you make API calls. Once you click Add, a refresh token is generated and emailed to your notification email address. You use this refresh token, in concert with the client id/secret that was previously generated, in your OAuth calls.
Location of your uploaded SFTP file
If you don't see the file in your stored files tab or your stored files are empty, consider the following.
- With SFTP and Campaign linked, you see only the files that were uploaded under the same account as the user who imported them.
- Make sure that the user name that logs files into SFTP and uploads them is the same user name that sets up the recurring import.
- Files remain on the SFTP server for 14 days before an automated process removes them.
- Make sure you have the correct SFTP host and port.
Switch from FTP to SFTP
If you are establishing a connection using an FTP client, switching the address to an SFTP client is simple. Most modern FTP clients, such as Filezilla or WinSCP, support both secure and non-secure FTP transfers. To connect using SFTP, replace the address with the secure SFTP address, as indicated above, for your specific pod. For example, if you're on pod 5, update the address to sftp://transfer-campaign-us-5.goacoustic.com and use port 22. Your login and password remain the same.
If you are connecting using a command line script, the scripts need to be updated to invoke the SFTP command followed by the secure SFTP address for your specific pod.
Alternatively, if you are connecting using a custom application, the application will need to be updated to use secure SFTP connection. You may need to consult your IT department to make the necessary updates to the application code.
Uploading your data file to Campaign using API
When you upload your data file to Campaign using API, you need to place your data file and mapping file in the upload directory on the SFTP sever.
You can build your mapping file manually, but to avoid mistakes/typos, you can create it automatically using the Campaign user interface.
To do that you can upload a data file containing the data fields and just one test contact. This process creates a mapping file in the Stored files/list_import_jobs folder.
SFTP with Transact
If you are using Transact with XML submission, the SFTP account allows you to submit larger batches of contacts who you want to send transactional messages to.
- The host name for SFTPs account is sftp://transfer-campaign-us-X.goacoustic.com, where the 'x' is your Pod number (Here's a complete list of all URLs and SFTPs)
- If your organization has a Transact account, you must first upload your batch files to the Transact/Temp folder. Once that completes you then move (perform a RENAME) the files to the Transact/Upload folder, which triggers the Transact job. If you deposits into the Transact/Upload folder first the job immediately starts and if the file is too large the job locks up because the file was not completely uploaded. This causes a job failure.
- It is not possible to set up a recurring import to pick up a file within a subdirectory of /upload. The files must be placed directly in the upload folder to be picked up.
- Note that SFTP is for files that need to be processed by a data job, imported or exported. Campaign SFTP is not for file storage. Every day a cron job runs that clears files that are 14 days old. There is no backup for the files that are in the SFTP so if they are deleted, they are no longer retrievable.
Can I schedule multiple recurring imports for the same hour?
Campaign locks a database during an import so other imports can't run until the first one completes. If you have 3 databases that each have a recurring import, they can all run an import job simultaneously without issue. However, if you have one database that has 4 recurring jobs setup on it to import at the same hour each day, then only one import can run at a time on the database.
It is typical for the recurring jobs to run in the same order every day, however, the order can change on any given day if the process responsible for picking up import jobs to run sees that two recurring imports created a child job at the same exact second, and we can't predict when this will occur. Each recurring job creates a new child Job ID each day (what you see when looking at Resources > Data Jobs), and the system runs the jobs in order of job ID, where the smaller ID starts first. The jobs usually run in order of the first to last recurring job that was setup against a given database however, this is not always the case.
What to do if your SFTP login stops working
If you have organization administrator access, you may want to set up your Campaign user name so that the password does not expire, as follows.
- Go to User Accounts.
- Click your user name and check the box next to: Do not enforce password expiration policies for this user.
- Click Save.
Note: If you change your Campaign user name or password, this change automatically updates your SFTP login credentials.
Import a file using SFTP
If there are multiple files in the SFTP upload folder, which are to be used for the same database using Recurring Import Update, all files are pulled and imported. Each file creates a separate data job for import, but this activity does not occur in any specific order.
- Place your file on the SFTP Server
- Log in to your SFTP client with your SFTP credentials.
- Click Connect.
- Find the File to Import and place it in the Upload folder.
- Open the upload folder to ensure that your file transferred successfully.
- Import your file from the SFTP.
- Log in to Campaign.
- Go to Stored Files.
- Click Import from SFTP.
- Choose the folder to import the file to. Save the file in shared or one of its sub-folders; otherwise a different user will not be able to access the file.
- Access the file from Campaign.
- Navigate to Data > Import > New.
- Name the Database and choose which type of database or list to create.
- Select Flexible or Restricted database.
- Choose Select File from Stored Files.
- Browse to select the file.
- Select the file and choose the File Type.
- Click Next.
- Follow the import wizard to complete the import process.
Export a file using SFTP
Follow this procedure to export a file by using SFTP.
- Go to Stored Files.
- Select the Private tab.
- Click the Import Files folder and select the file you want to export to your SFTP account.
- Click Export to FTP.
- Click OK.
Once the screen closes, the process is complete.
- Login to your SFTP account and enter this information:
- Host Name:
- Port: 22
The file(s) is located in the download folder.
Does restricting IP access affect SFTP?
Your Campaign organization has Access Restrictions to limit logins from certain IP addresses, does this affect logging in to the SFTP server as well?
Perhaps. Campaign now allows you to restrict SFTP access by IP address. If an organization administrator has placed restrictions on your SFTP it will impact access.
Allow a third party to send or receive data without access to Campaign
You can allow a 3rd party to send or receive data to and from Campaign via SFTP, but not allow them access to Campaign.
To achieve this, use the SSH Keypair authentication. Create a public and private key that allows to machines to talk to one another directly without the need to pass credentials.
Why did the SFTP login error authentication fail?
Be sure you are using all lowercase letters for your user name (user name and password are the same as your Campaign credentials. Also, verify that you are connecting to the correct host and using the right port.
Host: For Campaign pod information, SFTP host information, and other Acoustic URLs, see Standardized Acoustic URLs.
Port: 22 - for all