The electronic data interchange (EDI) of the Department for Work and Pensions (DWP) in the United Kingdom can be done via the Generic File Transfer Service (GFTS) gateway.
This article is aimed at companies which need to exchange files and data with the DWP.
For example, as an housing association you will exchange documents with the DWP Housing to manage the Universal Credit payments and deductions.
These entities are referred by DWP as creditor server or endpoint FTPS server.
The GFTS options is not available to Local Authorities or Local Councils. E-Transfer system should be used instead.
In practice, this means that as a partner to DWP you will have to set up and host an Explicit FTPS server. DWP is operating an FTPS client and actively pushes data to you.
Electronic data interchange (EDI) is the concept of electronically communicating information that was traditionally communicated on paper, such as purchase orders and invoices.
The connection between your company and DWP is secured using certificate-based mutual TLS authentication (mTLS) (also referred to as two-way authentication). DWP will provide the SSL certificate used by their client, while your company will have to provide the SSL certificate used by your FTPS server.
With SFTPPlus you can use a certificate generated by any certificate authority (public or your private CA).
Integration with the Let's Encrypt Certificate Authority is provided via the HTTP-01 challenge. SFTPPlus can seamlessly obtain and use a certificate from the Let's Encrypt CA. The certificate is automatically renewed.
On top of the security provided by the TLS/SSL layer, username/password credentials are used to identify the requests from DWP.
SFTPPlus can support a multi-channel architecture, allowing you to use the same SFTPPlus server for exchanging files with multiple partners, not only with DWP.
Read more about securing FTPS server with SFTPPlus in our dedicated documentation page.
Client / Server Data Exchange
FTPS is an open standard file transfer protocol built on a client-server model architecture.
The client is the active component which controls when and what type of file transfer operation to perform. The client generates an authenticated connection to the server and asks the server to push or pull files. DWP will act as a client.
The server is the reactive component which controls who can perform file transfer operations and what kind of file operations are allowed. The server stays idle and only becomes active once it receives a connection from the client. Your system will act as a server.
Once the data is pushed by DWP, it will reside as files on your system. From there it will be further processed and consumed by your business system.
ProAtria DWP Expertise
ProAtria, the developer of SFTPPlus, is a long-term partner for the projects deployed at DWP. We have helped with the migration from insecure FTP to Explicit and Implicit FTPS systems and with the migration from legacy Solaris-based systems to a modern Linux-based cloud infrastructure.
We can help you understand the Code of Connection (CoCo) document and make sure the people from your organization will understand the requirements and security measurements.
We are involved in the delivery and maintenance of the Digital Children’s Platform (DOS 012) and the data exchange between DWP and the Scottish Government.
We offer broad expertise into the data exchange with DWP and DVLA. Our customers benefit of help and consultancy for their DWP and DVLA related projects without any additional cost.