Cloud File Transfer

Data import with cloud file transfer is a mechanism for making data available for buyers within MediaMath.

The data can be made available globally, so every MediaMath customer can access it, or permissioned to a particular customer. The method for importing the data is the same in both scenarios.

Note: the user sync process, audience file format, and quotas are the same for data import via server-to-server and cloud file transfer.

Amazon S3

Amazon Simple Storage Service (Amazon S3) provides a method of file delivery to MediaMath, which follows:

  1. Data provider requests temporary S3 credentials from MediaMath
  2. Using the temporary credentials, data provider creates an S3 client
  3. Using the S3 client, data provider delivers files

Temporary S3 Credentials

Temporary S3 credentials can be obtained using your MediaMath SFTP credentials. To request an SFTP account, engage with the partnerships team and also share an IP address we can grant permission to use the CFT service.

To request temporary S3 credentials, submit a POST with your SFTP credentials in the body of the request.

curl -X POST --header 'Content-Type: application/json' --heade
r 'Accept: application/json' -d '{ \
   "username": "{your-username}", \
   "password": "{your-password}" \
 }' ''

On success, the response body will contain an accessKeyID, secretAccessKey & sessionToken. These credentials can be used with the AWS SDK or AWS CLI.

Temporary security credentials are short-lived and expire after one hour, so you’ll need to update your temporary credentials periodically.

AWS SDK (Java)

To create an S3 client using temporary credentials:

BasicSessionCredentials sessionCredentials = new BasicSessionC
AmazonS3 s3 = AmazonS3ClientBuilder.standard()
  .withCredentials(new AWSStaticCredentialsProvider(sessionCre


To create an S3 client using temporary credentials, add a new profile to your ~/.aws/credentials file:

aws_access_key_id = {your_aws_access_key_id}
aws_secret_access_key = {your_aws_secret_access_key}
aws_session_token = {your_aws_session_token}

//list objects
aws s3 --profile=s2s ls s3://prod-default-cft/{your-integratio

//put object
aws s3 --profile=s2s cp {your-file} s3://prod-default-cft/{you

//get object
aws s3 --profile=s2s cp s3://prod-default-cft/{your-integratio
n-name}/{your-object-name} {your-file}


We permission use for the following operations:


On the path: S3://prod-default-cft/{your-integration-name}/

Note: S3 enforces a 5GB strict file size limit and the policy does not permit the user permission to use multipart uploads.


Temporary security credentials are short-term and will expire after one hour. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them. When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permissions to do so.