Getting Started with SFTP (Offline Data Hosting)

SurePay operates in two environments: a Pre-Production (Acceptance) environment (ACC) and a Production (PRD) environment.

• Initially, the connection is established with the Pre-Production environment. This serves as an intermediate step to ensure that the data provided by the PSP and the quality of the responses are processed as expected.
• The onboarding process is the same for both environments. After completing the connection for the Pre-Production environment, the same steps must be followed to enable the connection to the Production environment.

1. Establish the connection: you will need to be set up on MSafe, which facilitates the secure transfer of keys and credentials. Please provide your contact information (Name, Email, and Phone number) to service@SurePay.nl.

   • Once you’ve been set up on MSafe, you will receive an email confirmation from MSafe, notifying you that you’ve been added to the shared folder.
   • To complete the connection setup, we will need a public key from you: specifically, an SSH public key.

2. Create the SSH key: SSH keys consist of a pair of cryptographic keys used for secure communication and authentication between the PSP and SurePay's systems.

   • To generate the SSH key, enter the following command into the command line:

     Command for SSH Key generation

     $ ssh-keygen -P "" -t rsa -b 4096 -f bankname
     

     CopyCopied!
   • Replace bankname with your PSP's name.
   • When you generate an SSH key via the command line, the key pair is typically stored in your user's home directory within a hidden folder called .ssh. Inside this folder, you will find two files:
     • bankname: This is your private SSH key. It should be kept secure and never shared.
     • bankname.pub: This is your public SSH key, which you can share with us to enable secure access.
3. Share the Key: Upload the public key (bankname.pub) to the designated folder in MSafe.

2. Connect to the SFTP Endpoint

1. We will provide the necessary information to establish the connection via MSafe:
   • SFTP account credentials, including username and password.
   • A 4096-bit public GPG key for data encryption.
   • Hostname and port details for the SFTP server.
2. To connect to our Pre-Production SFTP server using the command line, follow these steps:
   • Open your terminal or command prompt on your local machine.
   • Use the sftp command with the -P option for the port, followed by your username and SurePay’s hostname:

     Command line

     sftp -P PORT_NUMBER username@sftp.surepay.com
     

     CopyCopied!
   • Replace PORT_NUMBER with the actual port number and username with the credentials provided via MSafe.
3. Since this is your first time connecting to the SurePay SFTP server, you'll need to accept the host key. Type "yes" when prompted.
4. Next, you’ll be asked to enter your SFTP password (provided via MSafe). Enter the password associated with your SFTP account.
5. Once connected, you can navigate the SurePay server using SFTP commands. For example, use ls to list files on the remote server, and get or put to transfer files between your local machine and SurePay.

1. Create a GPG Key for Signing and Upload It to the Root Folder.
   • GPG signing uses the private key of a GPG key pair to generate a digital signature for a file or message. This signature ensures the authenticity and integrity of the data.
   • To generate the GPG key, run the following command in your terminal. This command will create and export the key:

     Command line

     
         %echo Generating a default key
         Key-Type: default
         Key-Usage: sign
         Key-Length: 4096
         Name-Real: signingkey.bankname.com
         Name-Email: operations@bankname.com
         Expire-Date: 2y
         Passphrase: xxxxxxxxxxxxxxxxxx
         %commit
         %echo done
     
         $ gpg --batch --gen-key config
     
         $ gpg --export -a "signingkey.bankname.com" > pkey.pem
     

     CopyCopied!
   • Replace xxxxxxxxxxxxxxxxxx with a 32 character password (including special characters !@#%^&*).
   • Replace bankname with the name of your PSP.
2. When you generate a GPG key (e.g., pkey.pem) via the command line, the file containing the exported public key will be stored in the same directory from which you ran the command.
3. Once created, upload the key (pkey.pem) to the root folder using the put command.

   Upload pkey.pem file to the root folder

       sftp> put pkey.pem
   

   CopyCopied!

4. Create and Encrypt a File with Dummy Data

1. In the File Format section, you will find the layout and the required data fields that should be included in your .ndjson file.
2. The Account data file must undergo both encryption and signing processes, following the openPGP standard. To encrypt and sign the file, use the following command:

   Command line

   $ gpg --recipient 'encryption.endpoint.nl' --local-user 'signingkey.bankname.com' --encrypt --sign accounts
   

   CopyCopied!
   • In the command example, you'll find the following values:
     • Replace 'signingkey.bankname.com' with the actual signing key.
     • --recipient 'encryption.endpoint.nl': This option specifies the recipient of the encrypted message or file. In this case, the recipient is 'encryption.endpoint.nl', meaning the output will be encrypted for SurePay.
     • --local-user 'signingkey.bankname.com': This option specifies the local user's key to sign the message or file. Replace 'signingkey.bankname.com' with the appropriate key, which will be used to sign the message.

5. Deliver the First File via SFTP with Data

Depending on the environment you are connecting to, we will require different file to be uploaded:

• For Pre-Production Environment (ACC): A dummy file with non-production data, allowing us to analyse the fields provided, the encryption and signing process, and the connection itself.
• For Production Environment (PRD): A file with production data.

1. To transfer the Accounts file (<pspname>_accounts_<unixepoch>.pgp), use the command in the code snippet to upload it from your local machine. Additionally, send a copy of the file unencrypted via email to service@surepay.nl.
2. Before uploading the file, ensure you are in the root folder. Use the pwd command to confirm your current directory, then use the put command followed by the file name to upload it.

   Command line

           sftp> pwd
           Remote working directory: /root
           sftp> put <pspname>_accounts_<unixepoch>.pgp
   

   CopyCopied!
3. We will verify whether the file's encryption and format are correct, and if all accounts are loaded correctly into the system. If the load is unsuccessful, we will notify you.

Congratulations on successfully establishing the offline data hosting connection with SurePay! We greatly value your trust in us.

If you have completed the connection to our pre-production environment, you will need to repeat the same steps for the production environment.

For those who have successfully established the connection in the production environment, here are the next steps:

• We will actively monitor the received data for quality.
• If the data does not meet the required quality standards, we will provide support to help you achieve the expected level of quality.
• Once the data meets the necessary quality standards, we will promptly notify you and inform you when subsequent checks have been completed.