Complyance Logo

Create an SFTP connection

SFTP connections let you import invoices or receipts by pushing files to a Complyance-hosted shared location, or by having Complyance poll your own shared location over SFTP.

Supported document flows

  • United Arab Emirates (AE): create an invoice connection for UAE invoice workbooks.
  • Malaysia (MY): create a separate connection for each document type: one for invoice workbooks and one for receipt workbooks. The connection's document type determines how every workbook uploaded through that connection is processed; the file name does not determine the type.

Step 1: Name and metadata

After you choose Add connection, the Name and metadata step opens. This step identifies the connection and the documents it will ingest.

FieldWhat to enter
Connection nameA unique name for this connection, e.g. AP Inbox - Production. The name must be unique within the workspace.
CountryThe tax jurisdiction for the submitted documents, e.g. AE or MY.
Document typeThe document type for this connection: Invoice or Receipt. For Malaysia, create separate connections when you need both types.
EnvironmentThe target Complyance environment for submitted documents, e.g. Sandbox or Production.
Mapping template(Locked) The template that maps source columns to the e-invoicing schema. Defaults to default for this flow.

When the fields are filled, click Next to continue to the connection type.


Step 2: Connection type

The Connection type step asks who hosts the shared location. This choice is locked after creation — switching later requires creating a new connection and re-onboarding the upstream system.

OptionWhen to use
Complyance shared location (Recommended)Complyance gives you an SFTP endpoint (a shared location) that your team or partner uploads files to. Complyance handles availability and scanning.
Your own shared locationYou manage your own shared location over SFTP. Complyance connects on a polling schedule and picks up new files from it.

For the Complyance-hosted walkthrough, choose Complyance-hosted shared location, then click Next to set up authentication and receive the endpoint credentials for your upstream system.

To set up a client-managed connection instead, choose Your own shared location. Complyance will connect to your shared location on a polling schedule and pick up new files. The next steps ask for your shared location's endpoint and authentication details.


Step 3: Authentication

The Authentication step decides how your upstream system proves its identity to the Complyance SFTP endpoint.

OptionWhat happens
Username & passwordComplyance generates a username and a one-time password for the endpoint.
SSH public keyYou register your upstream system's SSH public key. Your system keeps the matching private key.

Using username and password

  1. Select Username & password.
  2. The UI generates the Your SFTP endpoint credentials:
    • Host — the SFTP endpoint address.
    • Port — the SFTP endpoint port.
    • Username — the account username.
    • Password — the one-time password.
  3. Copy each value and configure them in the upstream system that will upload files. Each field has a Copy button, and the password can be Regenerated if needed.
  4. Check the box to confirm you have configured these credentials in your upstream system.
  5. Click Next to continue.

Using SSH public key

  1. Select SSH public key.
  2. Paste your upstream system's public key into the SSH public key field. Use OpenSSH format. If you have multiple keys, enter one key per line.
  3. The UI shows the generated endpoint details:
    • Host — the SFTP endpoint address.
    • Port — the SFTP endpoint port.
    • Username — the account username.
  4. Copy the host, port, and username and configure them in your upstream system. The upstream system connects with the matching private key.
  5. Click Next to continue.

Client-managed authentication

If you chose Your own shared location in Step 2, the Authentication step asks how Complyance should authenticate against your shared location.

OptionWhat to enter
Username & passwordThe username and password for the account on your shared location.
Username & private keyThe SSH private key that Complyance should use to authenticate with your shared location.

After entering the credentials, click Next to continue to the connection details.


Connection details for your own shared location

If you chose Your own shared location, the Connection details step asks for the remote location details that Complyance will poll.

FieldWhat to enter
HostThe hostname of your shared location, e.g. sftp.yourcompany.com.
PortThe SFTP port, usually 22.
UsernameThe account username on your shared location.
Remote pathThe path to the root directory that contains four folders: inbound/, submitted/, validated/, and invalid/. For example, /invoices if the folders are /invoices/inbound, /invoices/submitted, /invoices/validated, and /invoices/invalid.
PasswordThe account password for your shared location. This is stored encrypted at rest.

Make sure the four folders already exist in your shared location at the chosen path. Complyance polls inbound/; files that pass Complyance's internal validation move to submitted/. Files that fail internal validation move to invalid/ with an error workbook. Final government outcomes move submitted files to validated/ or invalid/.

After entering the details, click Next to continue to customization.


Step 4: Customization

The Customization step sets up how often Complyance polls your shared location (for client-managed connections) and who receives ingestion notifications.

FieldWhat to enter
Lookup interval(Client-managed only) How often Complyance connects to your shared location to pick up new files, e.g. Every 1 minute.
Email addressesOne or more email addresses that should receive ingestion notifications. Separate multiple addresses with commas or new lines.
Notify me whenChoose which events trigger a digest email. Options include: Files import successfully, Files fail to import, and Duplicate files are skipped.

When the settings are set, click Next to review the connection.


Step 5: Review and create

The Review and create step shows a summary of everything you configured. Review each section:

  • Name and metadata — connection name, country, and environment.
  • Connection type — Complyance-managed or client-managed.
  • Authentication — username and password, or key-based authentication.
  • SFTP endpoint — host, port, and username (Complyance-hosted).
  • Remote location — host, port, username, and remote path (client-managed).
  • Customization — lookup interval (client-managed), notification settings.

If anything needs to change, click Edit on the relevant section to go back and update it.

When the summary looks correct, click Create connection to finish. You can also click Save as draft to save the connection and complete it later.


After creation: Save your credentials

If you selected Username & password, a Save your SFTP password dialog appears after the connection is created. This dialog shows the full endpoint credentials one more time:

  • Host
  • Port
  • Username
  • Password (shown only once)

Important: You will not be able to see this password again after closing the dialog. Store it somewhere safe. If you lose it, you will need to rotate credentials.

  1. Copy the password and any other credentials you need.
  2. Check the box to confirm you have copied and stored the password.
  3. Click Go to connection to view the connection details page.

Connection details page

After you save the credentials, you are taken to the connection details page. This page shows the connection status, endpoint credentials, and customization settings.

Activate the connection

Before you can activate the connection, you must test it:

  1. Click Test connection. The system verifies the endpoint and credentials.
    • For client-managed connections, the test confirms authentication, host reachability, and that the remote path exists.
  2. If the test succeeds, click Activate to enable the connection.
  3. If the test fails, check the credentials and path, then try again. For Complyance-hosted connections, you can click Rotate password to generate a new password, then re-test and re-activate.

The connection starts in Draft status. After a successful test, you can activate it to start ingesting files.


Connect with an SFTP client

You can use any SFTP client to upload files to your shared location. Popular options include FileZilla® (Windows, macOS, Linux), WinSCP (Windows), and Cyberduck® (Windows, macOS).

Whichever client you use, create a new connection with these settings from the connection details page:

  • Protocol: SFTP (SSH File Transfer Protocol)
  • Host: the host from the connection details page, e.g. thomas.proxy.rlwy.net
  • Port: the port from the connection details page, e.g. 18695
  • Logon type / authentication: username and password (or your SSH private key, if you registered a public key during setup)
  • Username: the username from the connection details page
  • Password: the password you saved during creation

After connecting, upload files to the inbound/ folder. Complyance will pick them up for ingestion.

FileZilla is a registered trademark of the FileZilla Project. Cyberduck is a registered trademark of iterate GmbH. WinSCP is a trademark of Martin Přikryl. All trademarks are the property of their respective owners.

Client-managed shared location

For a client-managed connection, connect your SFTP client to your own shared location using the host, port, username, and password you configured in the connection details. Upload files to the inbound/ folder at the configured remote path. Complyance moves internally valid files to submitted/; final government outcomes move them to validated/ or invalid/.


File handling after upload

Complyance-hosted shared location

For a Complyance-hosted connection, upload files to the inbound/ folder. Complyance ingests the file and returns a status in the connection's file history.

Your own shared location (client-managed)

For a client-managed connection, your shared location must have four folders at the configured path:

  • inbound/ — upload invoice or receipt workbooks here.
  • submitted/ — workbooks that passed Complyance internal validation and are awaiting a final government outcome.
  • validated/ — workbooks accepted by the government, with their response artifacts.
  • invalid/ — workbooks that failed internal validation or were rejected by the government, with error or response artifacts.

Flow:

  1. Place a workbook in inbound/.
  2. Complyance polls the shared location at the configured interval and performs internal validation.
  3. A workbook that fails internal validation moves to invalid/ with an error workbook.
  4. A workbook that passes internal validation moves to submitted/.
  5. When the government outcome is available, Complyance moves all workbook artifacts to validated/ for acceptance or invalid/ for rejection.

The status of each file appears in the connection's file history.