How To: Create an SFTP Connection via ARM call
Published Jul 06 2020 04:00 PM 3,916 Views


Currently, the SFTP connector in Logic Apps has been deprecated in the Designer, so its trigger and actions cannot be selected from the connectors list. 


It is still supported in run time, however, so existing Logic Apps using the SFTP connector have not been affected.


If you want to create a connection via SFTP, you will need to manually create a connection to the old connector, using an ARM call, then edit your Logic App definition using Code View for the actions you want.


Below are the steps to do so.




1. Open any Logic App in your browser to collect the Bearer token.

  1. Click on F12 > Network tab
  2. On the left navigation pane, under "Name", search for an entry that begins with "runs?..."
  3. In the "Headers" tab, scroll down to "Request Headers, and copy-paste the value of the Authorization key.
    • It will look like "Bearer <string of characters>"




2. Use Postman to create an ARM call to creating a connection to the SFTP connector.


  1. Enter the following details in the Postman Request
  2. Method PUT 
    Headers Content-Type : application/json
    Authorization : Bearer <string of characters>
      "properties": {
        "api": {
          "id": "/subscriptions/<subsctiptionid>/providers/Microsoft.Web/locations/<location>/managedApis/sftp"
        "parameterValues": {
          "hostName": "<hostname>",
          "userName": "<username>",
          "password": "<password>",
          "sshPrivateKey": "",
          "sshPrivateKeyPassphrase": "",
          "giveUpSecurityAndAcceptAnySshHostKey": true,
          "sshHostKeyFingerprint": ""
        "displayName": "<displayName>"
      "location": "<location>"




  3. Details:
    • <subscriptionid>: The Subscription ID in which your Logic App is in.
    • <resourceGroup>: The Resource Group in which your Logic App is in.
      • Your SFTP API Connection will be placed into the Subscription ID / Resource Group specified here.
    • <connectionid>: This name can be any name of your choice, as long as there is no other API Connection with the name already existing in your Resource Group. 
    • <location>: This same region where your Logic App is located (ex: westus)
    • <displayName>: This name can be any name of your choice. It's the name that will be visible in the Logic App / Designer View to indicate which connection it's using. (ex: TestConnectionSFTP)
    • sftp: This is a fixed value.
    • <hostname>: The SFTP server/IP address
    • <username>, <password>: The login credentials associated with the SFTP server.
  4. SEND the request and see the "201 Created" Response.




In case you get the following ExpiredAuthenticationToken error, just repeat Step 1 and get a new Bearer token.




3. Verify the API Connection exists in your Resource Group

Navigate to your Subscription ID / Resource Group, and check that an API Connection named, <connectionid>, which you put in the URL, exists. In this example, it is called "sftp-5".


You can edit the API Connection settings as you would any other connector.





4. Connect to SFTP in the Logic App

  1. Create a connection with the SFTP-SSH connector for the desired action (ex: Create File). 
    • You can enter dummy values, as the SFTP-SSH connection will not be used in runtime anyway. 
  2. Switch to Code View of your Logic App, and ensure the following details (in color) are changed to match your Logic App's definition.
  3. In the "parameters" section, there should be a reference for the SFTP-SSH connection just made. In the example below, it's called, "sftpwithssh":
    • You can change this name, "sftpwithssh", to anything you'd like, but all references to it from the Logic App's definition should be updated as well.
  4. "parameters": {
      $connections": {
       value": {
          sftpwithssh": {
             connectionId": "/subscriptions/<subscriptionid>/resourceGroups/<resourcegroup>/providers/Microsoft.Web/connections/<connectionid>",
               connectionName": "<connectionid>",
               id": "/subscriptions/<subscriptionid>/providers/Microsoft.Web/locations/<location>/managedApis/sftp"
  5. Save the Logic App and switch back to Designer View. If you expand your SFTP-SSH (previously) action, it should be rendered to use the same <displayName> you gave in Postman.





The original limitations of the SFTP Connector exist, for example:

  • "Get all file metadata" parameter is available in SFTP-SSH, not SFTP.
  • "Allow chunking" setting is available in the SFTP-SSH, not SFTP.
Version history
Last update:
‎Jul 06 2020 04:00 PM
Updated by: