OAuth for APIs, SSH for SFTP without payload encryption


  • Data is sent as a plain text CSV to the Marketing Cloud FTP service. An SSH key is used to log in to the SFTP server.

  • Once the file is uploaded to SFTP, OAuth 2.0 credentials are used to connect to the Marketing Cloud API and create an Automation task. This task first transfers the file into the Safehouse for decryption, then creates an import task to load it into a data extension.

  • If any import errors are reported, the error messages are collected from a report file via SFTP

We are aware that Marketing Cloud now supports S3 and Azure Blob storage instead of SFTP. However, only permanent user credentials (e.g. Access Key and Access Secret) are supported, and best practise is to use temporary (STS-generated) credentials or an IAM role grant. We will continue to monitor support for these contemporary methods.

Please contact us if you have a specific mechanism you'd like to see supported.

Detailed instructions

Client ID, Client Secret and Authentication Base URI

  1. Enter the Marketing Cloud Setup area:

2. Navigate to the "Installed Packages" section under "Apps", click "New", enter "Omnata" as the app name, and click "Save":

3. Click the "Add Component" button, and choose "API Integration":

4. Choose "Server-to-Server":

5. Enable the following scopes:


    • Automations: Read, Write, Execute (for outbound syncing of data extensions)


    • Audiences: Read, Write (for inbound and outbound syncing of audiences respectively)

    • List and Subscribers: Read, Write (for inbound and outbound syncing of lists/subscribers respectively)

  • JOURNEYS: Read (for inbound syncing of journey events)

  • DATA

    • Data Extensions: Read, Write (for inbound and outbound syncing of data extensions respectively)

    • File Locations: Read, Write (for outbound syncing of data extensions)

6. Note the Client ID, Client Secret, and Authentication Base URI for the Omnata App Connection:

FTP URL, Username and SSH Key

  1. Navigate to the "FTP Accounts" section under "Data Management"

  2. Note the FTP URL shown here

  3. Click "Add FTP User"

4. Note the FTP Username shown here.

5. Configure an email address for the user, and give it any strong password (we won't actually use the password). Set the User Permissions to "Full" and click Next

6. Click Save:

7. Back in Salesforce Marketing Cloud Setup, click on "Key Management" under "Data Management", then click "Create":

8. Select "SSH" as the Key Type, "Omnata" as the Name, and "omnata-public-key" as the External Key.

9. Copy the public key file provided during Omnata App Connection setup and save it locally as a text file (.txt).

  1. Upload the saved key to Marketing Cloud by clicking "Browse". Tick "Public Key" and press "Save":

  1. Set the SFTP File Transfer Location Customer Key to the File Location External Key.

  1. Navigate back to the "FTP Accounts" section under "Data Management". For the FTP user you created previously, select "SSH Keys" in the context menu:

  1. Add the Omnata Push SSH key you uploaded previously, and ensure SSH Key is selected as an authentication option:

That's all the configuration you need to do in Marketing Cloud. You should be able to complete the connection process in the Omnata UI now.

Last updated