This section provides information about the security requirements for file exchange between you and Alipay.

SFTP account management 

If SFTP server of Alipay is used, contact Technical support to obtain the credentials to login to the SFTP server. 

If SFTP server of a partner is used, partners must complete the SFTP server system configuration on Alipay first. 

File transfer process 

File exchange happens between Alipay and partners. 

For file sender, the file uploading process is as follows: 

Figure 1. File uploading process

For file receiver, the file downloading process is as follows: 

Figure 2. File downloading process 

Pre-upload process

Before the transmission, encrypt files by using PGP algorithm to enhance the transmission security. A .asc suffix is added to the encrypted file to differentiate from the unencrypted file. 

Upload files 

To prevent temporary files from being wrongly downloaded, rename the file by appending a .tmp suffix to the file name before uploading. After the transmission is completed, rename the file back to the original name by removing the .tmp suffix. 

Download files 

Do not download the temporary file, which is ended with a .tmp suffix. 

After the file is downloaded, decrypt the file by using PGP algorithm. 

File retention 

Files on SFTP server can be kept for seven days. Files older than seven days are automatically removed from the server.