📂 Beyond HTTP: An Introduction to FTP and SFTP

Posted by

  


If you're a web developer, you've likely spent much of your working life interacting with servers using HTTP: GET and POST requests, REST APIs, browsers, and fetches. But in the real world of deployment, backup transfer, and remote server management, you'll soon encounter two more protocols: FTP and SFTP.

But first: what does HTTP actually do?

HTTP is an application layer protocol used to transfer hypertext data between a client (usually a browser) and a server (typically a web application). It's based on TCP, and every communication is stateless: you send a request, you get a response.

🔗 Do you like Techelopment? Check out the site for all the details!

📂 What is FTP (File Transfer Protocol)?

FTP is also an application-layer protocol, but its purpose is different: transferring files between clients and servers.

Conceptually:

  • Think of FTP as an "old-school" system for browsing directories and uploading or downloading files from a remote server.
  • The client connects to an FTP server and can navigate folders, read files, or upload new ones.

Technically:

  • It uses two connections: one for commands (port 21) and one for data transfer (separate, variable port).
  • It's not secure: usernames, passwords, and files travel in clear (like old HTTP without HTTPS).
  • It's not designed for APIs, but for manual interaction or automated scripts.

🔐 What is SFTP (SSH File Transfer Protocol)

SFTP, despite its similar name, is not "FTP with an S for secure". It's a completely different protocol, based on SSH (port 22), the same one you use to connect to a server withn ssh user@host.

In practice:

  • It allows you to browse directories, transfer files, change permissions, all encrypted.
  • It can be thought of as a remote file manager with SSH security.
  • Unlike FTP, everything happens over a single secure connection.

Analogy with HTTP and HTTPS

If it helps, you can think of:

  • FTP = HTTP (old, without encryption)
  • SFTP = like HTTPS, but for files, with strong authentication, encryption, and data integrity
Caution: FTPS (FTP over SSL) exists, but it's still something else — less used today than SFTP.

 

When and why to use them

Use FTP or SFTP when you need to Upload or download files directly to a server — for example:

  • Upload a static version of your website
  • Backup or restore configuration files
  • Automate file exchange between systems (e.g., ERP, external databases)

Do not use them to serve content to browsers or interact with APIs.


Concrete examples

With HTTP:

GET https://api.example.com/users

Responds with JSON.

[
  {
    name: "John",
    surname: "Smith"
  },
  {
    name: "Joe",
    surname: "Hill" 
  }
]

With SFTP (via terminal or script):

sftp user@example.com
# inside the session you navigate as if you were in a local FileSystem
cd /var/www
put index.html
get logs.zip

Or via Python script:

import paramiko

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('host.com', username='user', password='pass')

sftp = ssh.open_sftp()
sftp.put('local_file.txt', '/remote/path/file.txt')
sftp.get('/remote/path/logs.zip', 'logs.zip')
sftp.close()

🔍 Practical Differences Between HTTP, FTP, and SFTP

Example 1: Downloading a File

With HTTP

Suppose you want to download an image from a website.

GET https://example.com/images/logo.png

Server Response:

200 OK
Content-Type: image/png
[...content of the file...]

Uses:

  • Browser (<img src="...">)
  • fetch() or axios in JavaScript
  • curl: 
    curl -O https://example.com/images/logo.png

With FTP

ftp ftp.example.com
Name: user
Password: *****
ftp> cd /images
ftp> get logo.png
ftp> bye

With SFTP (secure)

sftp user@example.com
# Access with password or SSH key
sftp> cd /images
sftp> get logo.png
sftp> exit

Or:

sftp user@example.com:/images/logo.png .

Example 2: Uploading a file to a remote server

With HTTP (not intended for “static” file uploads)

You must write a backend API that accepts a file via multipart POST:

POST /upload
Content-Type: multipart/form-data
Body: [file]

You need:

  • A backend that accepts and saves the file
  • Client-side code (JS/HTML form)

With FTP

ftp ftp.example.com
ftp> cd /public_html
ftp> put index.html
ftp> bye

With SFTP

sftp user@example.com
sftp> cd /var/www/html
sftp> put index.html
sftp> exit

Or directly from the terminal:

scp index.html user@example.com:/var/www/html/
SCP is a fast alternative to SFTP still based on SSH.

Example 3: Python script for uploading with SFTP

import paramiko

host = "example.com"
port = 22
username = "user"
password = "yourpassword"

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, port, username, password)

sftp = ssh.open_sftp()
sftp.put("local_file.txt", "/remote/path/remote_file.txt")
sftp.close()
ssh.close()

✅ The entire connection is encrypted and secure.


Example 4: Interaction with the GUI

  • FTP: You can use tools like FileZilla, Cyberduck, or WinSCP.
  • SFTP: The same tools support SFTP with key or password authentication.
  • Drag & File drop, tree view, permission management.

🛠️ Typical use cases

Scenarios HTTP FTP SFTP
Download an image from a site
Upload static content to a web server
(complicated)

(preferred)
Automate remote backups

(risky)
(recommended)
Integration between legacy systems
Transfer files securely



(with SSH)


Conclusion

If you're coming from the HTTP world, thinking in terms of FTP/SFTP may seem like a step back in time. But in reality, it's just another way to interact with remote files, often necessary for deployment, maintenance, or integration between legacy systems.

The fundamental difference is that while HTTP focuses on requests and responses, FTP/SFTP focuses on file browsing and transfer.



Follow me #techelopment

Official site: www.techelopment.it
facebook: Techelopment
instagram: @techelopment
X: techelopment
Bluesky: @techelopment
telegram: @techelopment_channel
whatsapp: Techelopment
youtube: @techelopment