Get started

Protocols

14 adapters, one audit record

Every protocol writes the same per-transfer event — actor, route, file name, checksum, and result. Operators manage connections from one dashboard instead of separate MFT agents per vendor.

  • SFTP

    SSH password or private key authentication. Host, port, remote path, and host-key verification stored per connection in your Environment D1 database.

  • FTP and FTPS

    Username and password for both. FTPS adds explicit TLS on the control and data channels. Passive mode and custom port supported.

  • Amazon S3

    Access key ID and secret key, region-scoped. Bucket, prefix, and optional SSE settings configured per route.

  • Azure Blob Storage and Azure Files

    Account key, SAS token, or full connection string. Blob containers and file shares use separate adapter profiles with path scoping.

  • Google Cloud Storage

    Service-account JSON key with bucket and object prefix. IAM roles on the service account control read and write scope.

  • Cloudflare R2

    S3-compatible access key and secret against your R2 endpoint. Often used as the at-rest store inside the same Environment.

  • SMB

    Username, password, Windows domain, and share name. UNC paths map to folder watchers and scheduled pull routes.

  • WebDAV

    Basic authentication over HTTPS. Base URL and folder path; suitable for document portals that expose a DAV endpoint.

  • OneDrive and SharePoint

    OAuth delegated consent through Microsoft Graph. Site URL or drive ID selects the library; token refresh handled inside your Worker.

  • Google Drive

    OAuth delegated consent with folder or shared-drive ID. Scoped to the files your service account or user delegation allows.

  • NFS

    Host export path and mount path on the Worker side. Used for legacy Unix shares where SFTP is not exposed.

Per-transfer audit fields

  • Actor User ID (OIDC subject or service account)
  • Route Source and destination connection names
  • File File name and byte size
  • Timestamp UTC ISO-8601
  • Client IP Originating address on upload or API call
  • Result delivered · failed · retried
  • Checksum SHA-256 of payload at handoff

Adding a connection

  1. Pick an adapter

    Select SFTP, S3, SharePoint, or any of the 14 adapters from the connection wizard. Each adapter exposes only the credential fields it needs.

  2. Enter credentials and test

    Store secrets in your Environment KV binding. Run a connection test from the console before the route goes live.

  3. Run the first transfer

    Trigger manually, on a schedule, or via a folder watcher. The same audit schema applies regardless of protocol.

  4. First event logged

    The transfer appears in the event log with actor, route, checksum, and result. Export the packet when compliance needs evidence.

Connect your first endpoint

All 14 adapters are included in the 90-day trial. No credit card required.

Start your 90-day trial Book a demo