File Upload Using SFTP

Automate the data transfer process using SFTP.

Uploading data files using Secure File Transfer Protocol (SFTP) allows you to automate the file upload process by scheduling a data load frequency. This is a great option to use after you've onboarded your initial dataset into Visier.

Upload files using SFTP workflow

  1. Download and install a SFTP application.
  2. Generate public and private SSH keys, enable the SFTP account in the solution, and connect your SFTP application to our servers. For more information, see Set up SFTP.
  3. Prepare your data files for upload by ensuring they are in the expected format and follow the recommended file structure and naming conventions.

    Note: File specifications:

    • Supported archive formats: zip, 7zip, bzip, and tar.
    • We do not support password protected archive files.
    • Filenames can contain letters (A-Z, a-z), numbers (0-9), hyphens (-), periods (.), and underscores (_).

    For more information on how to structure your data files for upload, see Data File Guidelines and Visier Data Dictionaries.

  4. Optional: If you want an additional layer of protection, you can encrypt your data files. For more information, see Encrypt files.
  5. Upload data files using your SFTP application. For more information, see Upload data file.
  6. Run a job to process the new data. Jobs define the tasks needed to load your data into Visier, for more information, see Run a job.

Set up SFTP

You must use a Secure Shell (SSH) connection to connect to Visier's servers. SSH uses public-key cryptography for authentication. You create a pair of keys: a private key that is saved on the computer that you use to upload data and a public key that our server uses. Both keys have to be in place for your computer to connect to our servers.

You will need to generate public and private SSH keys before you enable the SFTP account in the solution.

Step One: Generate public and private SSH keys

Windows

  1. Download PuTTYgen Key Generator (puttygen.exe) to generate a public and private key using a minimum of 2048 bits.
  2. Open PuTTYgen Key Generator.
  3. On the Key menu, click SSH-2 RSA key.
  4. Under Parameters choose the following settings:
    • Type of keys to generate: RSA
    • Number of bits in a generated key: 2048
  5. Click Generate.
  6. Move your mouse over the blank area to generate some randomness.
  7. Type a description in the Key comment box. For example, Visier People.
  8. After the keys have been generated, save the private key without a passphrase to your computer:
    1. Click Save private key > Yes.
    2. Name the file id_rsa.ppk.
    3. Click Save.

    Note:  

    • Do not enter a passphrase as this would require your script to enter the passphrase each time you logon to the SFTP server.
    • The private key file must be kept private since it is not protected with a passphrase. We recommend that you apply appropriate NTFS permissions so that this file is only readable by authorized persons.
  9. Save the public key as id_rsa.pub.
  10. Copy the public key:
    1. In the Public key for pasting into OpenSSH authorized_keys file box, right-click and then click Select All.
    2. Right-click the selected text and then click Copy.

Linux

  1. Type the command line, ssh-keygen -b 2048 -t rsa.
  2. Press Enter to keep the default values for all the prompts this generates.

    Result: A directory called .ssh is created with the following files: id_rsa (private key) and id_rsa.pub (public key).

Step Two: Enable the SFTP account in the solution

  1. On the global navigation bar, click Settings > Configure SFTP.
  2. Click the SFTP Access toggle button.
  3. Add public key:
    1. Click Add Key.
    2. In the Add Key dialog, paste the public key that you generated.
    3. Click Save.
  4. When finished click Save.
  5. In Reset password, assign a password to the SFTP account. You can reset the SFTP user's password at any time. To enable this feature, contact Visier Technical Support.

Note: We provide a single SFTP account per tenant. Simply provide users who need to upload data with a different SSH key. Users can upload data using the same SFTP account because we immediately move the uploaded files to a secure location. Users will not have access to any previously uploaded files.

Supported Secure Shell (SSH) algorithms

To keep your data secure, we follow industry best practices and support the following Secure Shell (SSH) algorithms:

Type Algorithm
SSH Ciphers
  • chacha20-poly1305@openssh.com
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
Key Exchanges
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
MACs
  • umac-128-etm@openssh.com
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
  • umac-128@openssh.com
  • hmac-sha2-256
  • hmac-sha2-512

Step Three: Connect SFTP application to Visier's servers

After your SFTP account has been activated, use the following tables as guidance to connect your SFTP application to Visier's server:

Settings Use this
Username The SFTP username name that appears in the Configure SFTP room.
Key File Select the private key file (id_rsa.ppk) that you generated and saved onto your computer.
Host

{vanity-name}.sftp.visier.com.

Replace {vanity_name} with the tenant name that appears in your Visier URL. If you do not know your tenant name, you can find the SFTP server in the Configure SFTP room.

Port 22

Allowlist information

If your organization uses a protective firewall to control connections, you may have to add the following configurations to your organization's allowlist so end users can access the solution, upload data, and receive emails from Visier. An allowlist is a cybersecurity strategy which provides access to selected domains, IP addresses, email addresses, and applications that your network server policy typically blocks. For a full list of items to add to your allowlist, see Allow Visier Connections.

Add the following information to your allowlist so users can upload data to Visier using Secure File Transfer Protocol (SFTP).

Note: We recommend that your firewall supports allowlisting by Fully Qualified Domain Name (FQDN) dynamic name resolutions because when IP addresses change in the future, it could cause communication issues if you're using static IP address entries. Customers who use FQDN dynamic name resolution do not have to do anything when Visier changes IP addresses—your data uploads continue to work as expected.

FQDN dynamic address

  • <vanityname>.sftp.visier.com

IP addresses

United States

  • 34.194.171.193
  • 3.234.180.140
  • 52.22.110.218
  • 18.204.165.196

Canada

  • 3.97.248.90
  • 3.96.86.99
  • 35.183.254.134
  • 3.97.58.7

Europe

  • 3.121.253.247
  • 3.71.227.199
  • 3.70.146.62
  • 3.69.0.189

Asia Pacific

  • 3.0.188.54
  • 18.139.213.183
  • 13.228.87.114
  • 52.77.167.170

Port

  • 22

Encrypt files

If you want an additional layer of protection against data disclosure, you can use Pretty Good Privacy (PGP) to encrypt your files.

Note: If you're currently using the shared Visier PGP key to encrypt your files, we recommend that you create and start using the public encryption keys for your tenant. The shared Visier PGP key will be deprecated in a future release. The move to per-tenant PGP keys enhances data security by ensuring that users from one tenant, if they were able to gain access to the PGP encrypted data file of another tenant, cannot decrypt the file in Studio. For instructions, see Download the public key.

Download the public key

To encrypt your files, you will need access to the public encryption key for your tenant.

  1. In Studio, click Settings on the global navigation bar.
  2. In Settings, click Manage PGP Keys.
  3. If there is no key, click Generate PGP Key Pair to create a key pair: public key and private key.
  4. Retrieve the public key to encrypt your files by downloading the ASC file. Hover over the Actions column and click the Download PGP public key ASC file button .
  5. Encrypt files using GPG. For more information, see Encrypt files using GPG.

Note:  

  • PGP keys have an expiry of two years. We do not accept or process files that are encrypted with an expired key. Remember to generate and rotate your keys before they expire.
  • Each tenant can have a maximum of two valid keys at one time.
  • To use Visier APIs to generate a PGP key pair and download the public key, see PGP Key API.

Encrypt files using GPG

Download and install a command-line tool such as GnuPG to encrypt files on your MacOS or Windows computer.

After you install the tool, use the following sample commands to import your public key and encrypt files.

When using the following sample commands, replace:

  • {public_key} with the filename of the generated public key; for example, 1t9ay89lor.public.pgp.asc
  • {file_to_encrypt} with the filename of the file you want to encrypt; for example, employee_profile.csv
  • {encrypted_file} with the filename you want for the encrypted file; for example, encrypted_employee_profile.csv.gpg
  • {key_ID} with the unique identifier for the public key; for example, 1t9ay89lor
    You can find the Key ID in the Manage PGP keys room by hovering over the Actions column and clicking the Copy key ID button . The Key ID can also be found as part of the public key filename.
  1. Open Terminal in MacOS or Command Prompt in Windows.
  2. To import the public key file, run the command gpg --import {public_key}
    For example: gpg --import 1t9ay89lor.public.pgp.asc
  3. To encrypt a specific file, run the command gpg --output {encrypted_file} --encrypt --recipient {key_ID} {file_to_encrypt}
    For example: gpg --output encrypted_employee_profile.csv.gpg --encrypt --recipient 1t9ay89lor employee_profile.csv

    Result: The encrypted output file is created and stored in your working directory.

Upload data file

Windows

  1. Open your SFTP program.
  2. Connect to Visier's server using the following settings:
    • Host: vanityname.sftp.visier.com (For example, bluesphere.sftp.visier.com)
    • Port: 22
  3. After you are connected, upload your data files into the Visier server.

Linux

  1. Create an sftp batch file to be called by sftp that contains all the commands to upload the file.

    Example: Batch file uploads a file named data.file.
    put data.file
    bye

Type the command line sftp - b [batchfile] -i [path/to/private/key] "[username]"@[server] to connect to the remote host and upload the batch file.

Example: sftp - b somebatchfile -i c:/keys/id_rsa "sftp_1234567890j1r"@bluesphere.sftp.visier.com

Note:  

  • To avoid authentication errors, use lowercase for your username.
  • We only support the following ciphers:
    • aes256-ctr
    • aes256-cbc
    • aes192-ctr
    • aes192-cbc
    • aes128-ctr
    • aes128-cbc

Run a job

After uploading new data to the SFTP server, Visier must process the data through a job. For more information about jobs, see Jobs.

You can process new data in the following ways:

  • If you have a scheduled data load, the next data load will process the new data in the SFTP server.
  • If you use Visier APIs, you can call the /v1/op/data/startload endpoint to start a receiving job. For more information, see Data and Job Handling API.

Sample Python code for Embedded Partners

The following Python code describes a class for uploading files and starting data loads as an Embedded Partner. This code is for reference only; if used, you must edit the code for functionality and outcomes are not guaranteed.

Copy
import os
import io
import uuid
import json
import time
import logging
from typing import List

import paramiko
import requests

logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

class VisierPartnerUpload:

    def __init__(self, sftp_uri: str, sftp_user: str, key_path: str, api_uri, api_user: str, api_pass: str, api_key: str) -> None:

        self.sftp_uri = sftp_uri
        self.sftp_user = sftp_user
        self.key_path = key_path
        self.api_uri = api_uri
        self.api_user = api_user
        self.api_pass = api_pass
        self.api_key = api_key

    def __enter__(self) -> None:
        self.get_vst()
        self.login(
            server = self.sftp_uri,
            user = self.sftp_user,
            port = 22,
            timeout = 30,
            key = self.get_key()
        )
        return self

    def __exit__(self, *args, **kwargs) -> None:
        logger.info("Closing VisierPartnerInterface")
        self.sftp_client.close()


    def login(self, server: str, key: paramiko.PKey, user: str, port: int, timeout: float) -> None:

        client = paramiko.SSHClient()
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

        logger.info(f"Logging into {server}")

        client.connect(
            server,
            port = port,
            pkey = key,
            username = user,
            timeout = timeout,
            auth_timeout = timeout
        )
        self.sftp_client = client.open_sftp()


    def put(self, filename) -> None:

        logger.info(f"Writing {filename}")

        with open(filename, 'rb') as data:
            self.sftp_client.putfo(data, filename, 0, None, True)


    def get_key(self) -> paramiko.PKey:

        logger.info(f"Loading key from: {self.key_path}")

        with open(self.key_path) as f:
            return paramiko.RSAKey.from_private_key(f)


    def get_vst(self) -> None:

        post_url = f'https://{self.api_uri}/v1/admin/visierSecureToken'
        post_headers = {
            'Content-Type': 'application/x-www-form-urlencoded'
        }
        post_data = {
            'username': self.api_user,
            'password': self.api_pass,
        }

        logger.info(f"Getting token from {post_url}")
        logger.info(f"User: {self.api_user}")


        response = requests.post(
            post_url,
            headers = post_headers,
            data = post_data

        )
        response.raise_for_status()

        self.vst = response.text


    def start_job(self, filenames: List[str]) -> str:

        post_url = f'https://{self.api_uri}/v1/op/data/startload'
        post_headers = {
            'apikey': self.api_key,
            'cookie': f"VisierASIDToken={self.vst}",
            'Content-Type': 'application/x-www-form-urlencoded'
        }
        post_data = {
            'model': json.dumps({
                'files': filenames
            })
        }

        logger.info(f"startLoad for {filenames}")

        response = requests.post(
            post_url,
            headers = post_headers,
            data = post_data
        )
        response.raise_for_status()

        return response.json().get('JobId')


    def load_files(self, filenames: List[str]) -> str:

        logger.info(f"Uploading files: {filenames}")

        for filename in filenames:
            self.put(filename)

        job_id = self.start_job(filenames)

        logger.info(f"Job started with ID: {job_id}")



# Placeholder Values
SFTP_USER = 'sftp_1234567890abc'
SFTP_URI = 'mock.sftp.visier.com'
API_URI = 'mock.api.visier.io'
API_USER = 'user@mock.com'
API_PASS = 'placeholder_password'
API_KEY = 'MOCK-9RnXqlIM04tq2ST1I5cHcfR1QOxT8InKKSTDJY2'

files_to_load = [ 'example.zip.gpg', 'example2.zip.gpg' ]


with VisierPartnerUpload(
        sftp_uri = SFTP_URI,
        sftp_user = SFTP_USER,
        key_path = './id_rsa',
        api_uri = API_URI,
        api_user = API_USER,
        api_pass = API_PASS,
        api_key = API_KEY,
    ) as vpu:
    vpu.load_files(files_to_load)