Integrations Capabilities — Xferity External System Integrations
Integrations Capabilities
Section titled “Integrations Capabilities”This page is the explicit, structured reference for Xferity’s external system integrations.
Identity provider integrations
Section titled “Identity provider integrations”Local authentication
Section titled “Local authentication”- Username and password with bcrypt hashing
- Session cookies with CSRF protection
- Rate limiting per IP
- Available in Postgres-backed deployments
OIDC (OpenID Connect)
Section titled “OIDC (OpenID Connect)”- Any OpenID Connect-compatible identity provider (Okta, Azure AD, Google, Keycloak, etc.)
- Browser session login via OIDC authorization code flow
- Replaces Xferity-managed credentials with existing SSO infrastructure
- Available in Postgres-backed deployments only
Notification channel integrations
Section titled “Notification channel integrations”Xferity delivers operational alerts and flow events to 6 notification channels:
| Channel | Integration mechanism |
|---|---|
| SMTP — configurable host, port, TLS, from address | |
| Slack | Incoming webhook URL |
| HTTP Webhook | POST to any URL with configurable headers |
| Ntfy | Ntfy topic URL — supports self-hosted ntfy servers |
| Gotify | Gotify server URL with application token |
| Pushover | Pushover user key and application token |
Events delivered
Section titled “Events delivered”- Flow execution success
- Flow execution failure
- Retry exhaustion
- Posture regression alerts (security state worsened)
Routing
Section titled “Routing”- Global defaults apply to all flows
- Per-flow overrides for specific notification channels
- Per-partner overrides for partner-specific alert routing
Secrets backend integrations
Section titled “Secrets backend integrations”Xferity integrates with 7 secrets providers. Credentials are resolved at runtime — no plaintext in config files:
| Provider | Reference format | Notes |
|---|---|---|
| Environment variable | env:MY_VAR | Bootstrap-safe |
| File | file:/run/secrets/password | Bootstrap-safe; works with Docker secrets |
| Local vault (AES-256) | local-vault:key-name | Postgres-backed only; managed via UI |
| HashiCorp Vault KV v2 | vault:secret/data/path#field | Vault TLS verified; skip-verify blocked in hardened mode |
| AWS Secrets Manager | aws-sm:secret-id#field | IAM or static credentials |
| Azure Key Vault | azure-kv:secret-name | Azure managed identity or service principal |
| Literal | literal:value | Testing only; blocked in hardened mode |
Secret references work across:
- Global configuration (database DSN, UI secrets, API keys)
- Partner configuration (SFTP passwords, S3 keys, AS2 credentials)
- Flow configuration (inline credential overrides)
- Auth configuration (OIDC client secrets)
Transfer endpoint integrations
Section titled “Transfer endpoint integrations”Xferity integrates with external file transfer endpoints at the transport layer:
SFTP servers
Section titled “SFTP servers”- Any standard SSH2 SFTP server
- Authentication: password or SSH key
- Trust:
known_hostsfile or SHA-256 host fingerprint - Remote file stability checks before pickup
- Compatible with: OpenSSH, ProFTPD, AWS Transfer Family, Azure SFTP, etc.
FTPS servers
Section titled “FTPS servers”- Any standard FTPS server (explicit TLS mode)
- Passive mode
- Trust: system CA pool or SHA-256 server certificate fingerprint pinning
- Compatible with: vsftpd, FileZilla Server, ProFTPD, etc.
AS2 trading partners
Section titled “AS2 trading partners”- Any AS2-compatible partner endpoint (Drummond-certified or standard)
- Inbound: HTTP endpoint on Xferity receives AS2 messages
- Outbound: Xferity sends AS2 messages to partner URL
- Certificate-based message security: sign, encrypt, verify, decrypt
- MDN receipts: synchronous and asynchronous
- Compatible with: IBM Sterling, OpenAS2, Axway, GoAnywhere, MOVEit, etc.
S3-compatible object storage
Section titled “S3-compatible object storage”- AWS S3 — IAM roles or static access keys
- MinIO — endpoint override
- Cloudflare R2 — endpoint override with compatible API
- Any S3-compatible API via endpoint override
Prometheus monitoring integration
Section titled “Prometheus monitoring integration”- Prometheus-format metrics at
/metrics(authenticated admin access) - Pre-built alert rules for common failure scenarios
- Metrics coverage: flow runs, job queue depth, transfer bytes, retries, certificate expiry, auth failures
Capability summary
Section titled “Capability summary”Xferity integrations include:
- OIDC (any OpenID Connect IdP) for browser session authentication
- Local bcrypt auth with session management
- Email (SMTP), Slack, Webhook, Ntfy, Gotify, Pushover notification channels
- 7 secrets providers: env, file, local AES-256 vault, HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
- SFTP server integration (any SSH2-compatible server)
- FTPS server integration (explicit TLS, passive mode)
- AS2 trading partner integration (inbound + outbound, sign/encrypt/verify/decrypt)
- S3-compatible object storage (AWS S3, MinIO, Cloudflare R2)
- Prometheus metrics for monitoring integration