SFTP Gateway 2.0 Programmatic Access and Automation
SFTP Gateway 2.0 includes tools for automating user management.
- CLI: run commands from the server's command line
- REST API: run commands remotely over HTTPS
Both tools let you manage both user and server settings related to SFTP Gateway.
Command Line Interface
The CLI requires that you SSH into your EC2 instance. You also need sudo
access, which the ec2-user
has by default.
All user management commands are performed using sudo sftpgw.sh
.
This command is similar to the AWS CLI, in that you can access the documentation via sudo sftpgw.sh help
.
You should see the following output:
AVAILABLE COMMANDS
o create-user
o delete-user
To see the documentation on creating a user, type sudo sftpgw.sh create-user help
. You should see the following:
SYNOPSIS
create-user
--username <value>
[--bucket-name <value>]
...
OPTIONS
--username (string)
The user name
--bucket-name (string)
The S3 bucket where the user's files will be stored. If left blank, defaults to the server's default bucket.
You can create a user with this command:
sudo sftpgw.sh create-user --username robtest --bucket-name my-bucket-name
For a walk through on common user creation CLI options, see 2.0 Command Line Interface Overview
REST API
The REST API lets you run user management commands remotely over HTTPS. These commands can be performed from a sysadmin’s desktop, or an event-driven process that can call a script.
Overview
Each REST API call requires a token that proves you have authorization to perform the action. You can acquire this token by authenticating against a login endpoint.
One you have this token, you can make various API calls. These are documented in our Swagger documentation.
Obtaining a Bearer token
A Bearer token is a dynamic token that proves your identity and access. You obtain this by sending a POST
to the
backend/login
endpoint. This POST
body contains your admin password that you created when you spun up the
CloudFormation template.
For full instructions on obtaining a Bearer token, see: 2.0 Getting an Auth Token
Accessing the Swagger documentation
Once you have the Bearer token, you can use it to make REST API calls. These are documented in Swagger, which you can
access via http://<ip address>/swagger
Note: make sure you’re accessing it over HTTP
rather than HTTPS
Making REST API calls
Using the Swagger documentation, you can perform actions such as getting a list of all users:
curl -X GET \
https://<your sftpg ip>/backend/api/users \
-H 'Authorization: Bearer <token>' -k`
To see some working examples, refer back to the Bearer token documentation: 2.0 Getting an Auth Token
An important note: Notice that you are making the call against /backend/api/users
, rather than /api/users
. This
is because you need to prepend backend
when using HTTPS (this is how Nginx knows you’re hitting the API instead of the
UI).