1. Connectivity Guide

1. Connectivity Guide
1.0 Audience
1.1 Purpose
1.2 Deciding on a Connectivity Model
1.3 Configuring
1.4 Testing
- 1.4.1 Azupay Hosted SFTP Server
- 1.4.2 Customer Hosted SFTP Server
1.5 Troubleshooting
1.6 Support

1.0 Audience

This guide is written for IT technical staff at enterprise merchants and partners integrating with Azupay. It assumes you:

Are comfortable with Linux/Unix shells and standard POSIX tools.
Understand SSH, the SFTP protocol, and operating or integrating with SFTP Servers (managed file transfer/MFT).
Can generate and manage SSH keys (ed25519 or RSA‑4096), set correct ~/.ssh permissions, and verify server host keys.
Can implement firewall/NAT changes and source IP allow‑listing, and follow enterprise change control.
Administer or have access to the servers and storage paths used to upload or retrieve files.

1.1 Purpose

This guide explains how to establish secure connectivity for Batch, Azupay’s file‑based interface to our APIs, using the SFTP protocol to transfer files between your and Azupay’s systems. It provides the technical context you need to make an informed choice between the two connectivity models (Azupay Hosted SFTP Server or Customer Hosted SFTP Server), then walks you through enabling the Batch App in the Dashboard, configuring authentication with SSH keys, confirming server host keys, and identifying the correct paths for uploads and retrievals (as provided by the Azupay Support Team during onboarding). It also sets out the network requirements and allow‑listing expected for each environment so connectivity is reliable and supportable. After configuration, you will validate end‑to‑end in UAT by submitting a test file via your chosen model, monitoring processing and transaction statuses in the Dashboard, and confirming that both the Summary Response File and Detailed Response File are produced and available via SFTP.

1.2 Deciding on a Connectivity Model

This section compares the two connectivity models for Batch. It summarises operational responsibilities, security exposure, and network requirements for each option.
Read this before choosing a model so the approach aligns with your organisation’s controls, allow‑listing, and support processes.

Model	Pros	Example	Cons
Azupay Hosted SFTP Server	No need to expose your SFTP Server to the internet; Simpler networking and fewer firewall changes; Azupay hosts and operates the SFTP Server	`sftp -i ~/.ssh/azupay_uat -P PORT USERNAME@HOST_NAME` `put payments.pain.001.xml UPLOAD_FOLDER`	Requires coordination with the Azupay Support Team to provision your account
Customer Hosted SFTP Server	Keep data on your infrastructure until pickup; Use one enterprise SFTP Server for multiple partners; Fully self‑service in the Dashboard	`sftp -i ~/.ssh/your_company_sftp -P PORT USERNAME@HOST_NAME` `put payments.pain.001.xml FOLDER`	Must expose your SFTP Server to the internet; You own availability, capacity and monitoring; May require internal security reviews and firewall changes; Must allow‑list Azupay outbound IPs and manage SSH keys

Pick Azupay Hosted SFTP Server if you prefer Azupay to host the SFTP Server and minimal network exposure on your side.
Pick Customer Hosted SFTP Server if you need to keep files on your own SFTP Server and can accept internet exposure with the associated operational controls.

1.3 Configuring

1.3.1 Azupay Hosted SFTP Server

You push files to Azupay for Batch processing. This option requires coordination with the Azupay Support Team to provision your account on our side.

1.3.1.1 Environments and endpoints

Environment	SFTP hosts	Port
Production	sftp.azupay.com.au, sftp.payidrec.com.au	22
UAT	sftp-uat-new.azupay.com.au, sftp-uat.payidrec.com.au	22

Azupay will provide the specific Host Name (HOST_NAME) and Port (PORT) to use for your environment.

1.3.1.2 Account setup

Provide your SSH public key, either ed25519 or RSA‑4096, during onboarding to receive a username.
Coordinate with Azupay Support to provision your account and receive the following details: Host Name (HOST_NAME), Port (PORT), Upload Folder (UPLOAD_FOLDER), and Username (USERNAME); and any allow‑listing required on our side.

1.3.1.3 Authentication

Only SSH key authentication is supported (ed25519 or RSA‑4096).

UAT example:

sftp -i ~/.ssh/azupay_uat -P PORT USERNAME@HOST_NAME

1.3.1.4 Upload locations

Upload Folder (UPLOAD_FOLDER) provided by the Azupay Support Team during onboarding.

1.3.1.5 Host key verification

Verify server host key fingerprints with the Azupay Support Team on first connect.

1.3.1.6 Why choose Azupay Hosted SFTP Server

Azupay hosts and operates the SFTP Server; no need to expose your own SFTP Server to the internet.
Simpler networking and fewer firewall changes on your side.
Good if you don’t already operate an internet‑facing SFTP Server.

1.3.1.7 Downsides to consider

Requires coordination with the Azupay Support Team to provision your account.

1.3.2 Customer Hosted SFTP Server

Batch pulls from your SFTP Server. This option is self‑service in the Dashboard.

1.3.2.1 Dashboard fields

In the Azupay Dashboard under Apps > Batch > Manage, enter the Host Name (HOST_NAME) of your SFTP Server, Port (PORT), Username (USERNAME), and the input Folder (FOLDER) we should read from.

1.3.2.2 SSH key

Copy the SSH public key shown in the Dashboard and install it for the specified user on your SFTP server.

1.3.2.2.1 Example for Linux/OpenSSH

Create the .ssh directory and set restrictive permissions.

Append the Dashboard public key and set restrictive permissions on the file.

mkdir -p ~USER/.ssh && chmod 700 ~USER/.ssh
echo 'YOUR_DASHBOARD_PUBLIC_KEY' >> ~USER/.ssh/authorized_keys && chmod 600 ~USER/.ssh/authorized_keys

1.3.2.3 Requirements

Your server must be reachable from the internet on TCP 22, or on the alternate port you configure.
Password authentication is not supported; configure SSH key–only login.
Allow‑list the following Azupay outbound source IP addresses so we can reach your SFTP Server (default TCP port 22 unless you configure a different port):

Environment	Outbound source IPs	Default TCP port
Production	13.238.135.160, 52.63.228.20, 3.105.34.43	22
UAT	54.79.217.174, 3.104.243.103, 3.105.50.245	22

Ensure the configured user can read the input Folder (FOLDER) and files.

1.3.2.4 Downsides to consider

Requires exposing your company’s SFTP Server to the public internet.
You own availability, capacity, and monitoring of the SFTP Server.
May require additional internal security reviews and firewall changes.
Must allow‑list Azupay outbound IPs and manage SSH keys.

1.3.2.5 Security controls to mitigate exposure

Restrict inbound access to the Azupay outbound IP addresses listed above.
SSH key–only authentication; password login must be disabled.
Use strong host keys such as ed25519 or RSA‑4096 and modern ciphers; keep OpenSSH up to date.
Place the SFTP Server in a DMZ or behind a bastion or jump host in line with your security policy.
Enable rate limiting and intrusion detection, for example using fail2ban, to block brute‑force attempts.
Monitor access logs and alerts, and patch the server regularly.

1.3.2.6 File placement

Drop files into the configured Folder (FOLDER); we will periodically pull and process them.

1.3.2.7 Why choose Customer Hosted SFTP Server

You already have a governed, internet‑reachable SFTP Server and prefer to keep data on your infrastructure until pickup.
You want a single enterprise SFTP Server used across multiple partners.
Fully self‑service in the Dashboard.

1.3.3 Enable via Dashboard

After you select a connectivity model, enable and configure the Batch App in the Azupay Dashboard.

Navigate to Apps > Batch > Manage.
Toggle the Batch App to Enabled.
If you chose Azupay Hosted SFTP Server: Azupay will provision your account and provide Host Name (HOST_NAME), Port (PORT), Upload Folder (UPLOAD_FOLDER), and Username (USERNAME). Provide your SSH public key to the Azupay Support Team and confirm host key fingerprints before first connect.
If you chose Customer Hosted SFTP Server: Enter the Host Name (HOST_NAME) of your SFTP Server, Port (PORT), Username (USERNAME), and input Folder (FOLDER). Copy the public key shown in the Dashboard and install it on your server for the specified user. Allow‑list the Azupay outbound IP addresses if you restrict inbound access. Password authentication is not supported.

1.4 Testing

1.4.1 Azupay Hosted SFTP Server

Perform your first end‑to‑end test in UAT for the Azupay Hosted SFTP Server model. This is an outbound payment connectivity test.

Prepare the outbound payment connectivity test file

Save the following ABA‑formatted file as payment-connectivity-test-1-request.aba.

Use the content below exactly (including spaces):

0                 01CBA       Local Pegs Pty Ltd        301500Pegs Withdra030924                                        
1012-003838337977 500000137134Sunrise Hotels Pty Ltd          030920241         062-692 49705956Pegs            00000000
1062-692 70325640 500000046094Saclike Trading Co              030920242         062-692 49705956Pegs            00000000
1062-000 12345678 500000000100Failed by Cuscal Pty Ltd        030920254         062-684 49705004Pegs            00000000
7999-999            000018332800001833280000000000                        000003

Submit the test file in UAT (Azupay Hosted SFTP Server)
1. Connect to UAT and upload the file to your assigned Upload Folder (UPLOAD_FOLDER).
2. Example:
```
sftp -i ~/.ssh/azupay_uat -P PORT USERNAME@HOST_NAME
put payment-connectivity-test-1-request.aba UPLOAD_FOLDER
```
Verify processing in the Dashboard
1. In the Azupay Dashboard, go to Transactions > Payments.
2. You should see three transactions for this file: two that settle successfully and one that fails to settle.

Verify Response Files and file movements

Two Summary Response Files will appear in a subdirectory named response beneath the same directory where you placed the input file: payment-connectivity-test-1-request_RECEIVED.txt and payment-connectivity-test-1-request_PROCESSED.txt.

Note: If file-level validation had failed (invalid format, corruption, etc.), you would instead see a payment-connectivity-test-1-request_REJECTED.txt file containing error details, and no PROCESSED file would be generated.

Example contents — RECEIVED Summary Response File (payment-connectivity-test-1-request_RECEIVED.txt):

Azupay Status Message

Client Name: client-account-full-legal-account-name
Status Filename         : payment-connectivity-test-1-request_RECEIVED.txt
Status Creation Date    : 18/09/25
Status Creation Time    : 11:36

Transaction Reference   : payment-connectivity-test-1-request.aba

Status: RECEIVED

The file has been received successfully.

Filename     : payment-connectivity-test-1-request.aba
Description  :
Value Date   :
$Debits      : 0.00
$Credits     : 0.00
$Cheques     : 0.00
#Payments    : 0
#Advices     : 0
#Records     : 0

Thank you for using Azupay.

Example contents — PROCESSED Summary Response File (payment-connectivity-test-1-request_PROCESSED.txt):

Azupay Status Message
Client Name: client-account-full-legal-account-name
Status Filename         :  payment-connectivity-test-1-request_PROCESSED.txt
Status Creation Date    :  18/09/25
Status Creation Time    :  11:37
Transaction Reference   :  payment-connectivity-test-1-request
Status: PROCESSED
The transaction has been processed.
Filename               : payment-connectivity-test-1-request
Description            : client-account-full-legal-account-name
Value Date             : 18/09/25
$Debits                : 1833.28
$Credits               : 1833.28
$Cheques               : 0.00
$Returned Payments     : 1.00
#Returned Payments     : 1
#Payments              : 2
#Advices               : 0
#Records               : 3
Thank you for using Azupay.

The original input file will be moved to a subdirectory named archive alongside response and renamed to payment-connectivity-test-1-request.processed.aba.
Also verify that a Detailed Response File is present in the response directory (naming is environment‑dependent).

1.4.2 Customer Hosted SFTP Server

Perform your first end‑to‑end test in UAT for the Customer Hosted SFTP Server model. This is an outbound payment connectivity test.