Automating user management

SFTP Gateway 2.0 includes tools for automating user management.

  • CLI: run commands from the server’s command line
  • REST API: run commands remotely over HTTPS

Both tools let you manage both user and server settings related to SFTP Gateway.

Command Line Interface

The CLI requires that you SSH into your EC2 instance. You also need sudo access, which the ec2-user has by default.

All user management commands are performed using sudo

This command is similar to the AWS CLI, in that you can access the documentation via sudo help.

You should see the following output:

       o create-user
       o delete-user

To see the documentation on creating a user, type sudo create-user help. You should see the following:

          --username <value>
          [--bucket-name <value>]

       --username (string)
          The user name

       --bucket-name (string)
          The  S3 bucket where the user's files will be stored. If left blank, defaults to the server's default bucket.

You can create a user with this command:

sudo create-user --username robtest --bucket-name my-bucket-name

For a walk through on common user creation CLI options, see 2.0 Command Line Interface Overview


The REST API lets you run user management commands remotely over HTTPS. These commands can be performed from a sysadmin’s desktop, or an event-driven process that can call a script.


Each REST API call requires a token that proves you have authorization to perform the action. You can acquire this token by authenticating against a login endpoint.

One you have this token, you can make various API calls. These are documented in our Swagger documentation.

Obtaining a Bearer token

A Bearer token is a dynamic token that proves your identity and access. You obtain this by sending a POST to the backend/login endpoint. This POST body contains your admin password that you created when you spun up the CloudFormation template.

For full instructions on obtaining a Bearer token, see: 2.0 Getting an Auth Token

Accessing the Swagger documentation

Once you have the Bearer token, you can use it to make REST API calls. These are documented in Swagger, which you can access via http://<ip address>/swagger

Note: make sure you’re accessing it over HTTP rather than HTTPS

Making REST API calls

Using the Swagger documentation, you can perform actions such as getting a list of all users:

curl -X GET \
    https://<your sftpg ip>/backend/api/users \
    -H 'Authorization: Bearer <token>' -k`

To see some working examples, refer back to the Bearer token documentation: 2.0 Getting an Auth Token

An important note: Notice that you are making the call against /backend/api/users, rather than /api/users. This is because you need to prepend backend when using HTTPS (this is how Nginx knows you’re hitting the API instead of the UI).