Xferity Integrations — OIDC, Vault, AWS SM, Slack, Webhook, and Transfer Endpoints
Integrations
Section titled “Integrations”Xferity integrates with the systems that surround managed file transfer operations: identity providers, notification channels, secret backends, and partner transfer endpoints.
Identity
Section titled “Identity”In Postgres-backed deployments, the Web UI and API use session-backed authentication. Xferity supports two identity models:
- Local auth — username and password with bcrypt hashing, session cookies, CSRF protection
- OIDC — OpenID Connect login for browser sessions with any OIDC-compatible identity provider
OIDC is relevant when you have an existing SSO infrastructure and want operator browser sessions to use it rather than managing separate Xferity credentials.
Notifications
Section titled “Notifications”Xferity supports 6 notification channels for operational events (flow success, failure, retry, posture regression alerts):
| Channel | Integration mechanism |
|---|---|
| SMTP with configurable host, port, TLS, and from address | |
| Slack | Incoming webhook URL |
| Webhook | HTTP POST to any URL with configurable headers |
| Ntfy | Ntfy topic URL, supports self-hosted ntfy servers |
| Gotify | Gotify server URL with application token |
| Pushover | Pushover user key and application token |
Notification routing can be configured globally and overridden per flow or per partner.
Secret backends
Section titled “Secret backends”Xferity resolves credentials from 7 providers at runtime. Operators use secret references in config instead of embedding plaintext values:
| Provider | Reference syntax |
|---|---|
| Environment variable | env:MY_SECRET |
| File | file:/run/secrets/password |
| Local vault (AES-256) | local-vault:key-name |
| HashiCorp Vault KV v2 | vault:secret/data/path#field |
| AWS Secrets Manager | aws-sm:secret-id#field |
| Azure Key Vault | azure-kv:secret-name |
| Literal (testing only) | literal:value |
The local vault stores secrets encrypted at rest in the Postgres backend. Operators create and manage local-vault secrets through the UI without the plaintext value ever being echoed back.
Partner transfer endpoints
Section titled “Partner transfer endpoints”At the transfer layer, Xferity integrates with:
- SFTP servers — SSH key or password auth, known-hosts verification
- FTPS servers — Explicit TLS, passive mode, SHA-256 certificate fingerprint pinning
- S3-compatible storage — AWS S3, MinIO, Cloudflare R2 via endpoint override
- AS2 trading partners — Certificate-based B2B messaging with MDN receipts