Providing standards, tools and services
for the automotive supply chain


Odette File Transfer Protocol v2

Specifically designed for secure data exchange between partners in the automotive industry


OFTP2 is tailored to the specific communications requirements of automotive industry stakeholders who operate globally and require a file transfer solution which allows them to exchange data securely with partners and subsidiaries across the world.

OFTP2 is the most widely used protocol for the exchange of mission critical automotive data over the public internet. It provides flawless and secure transmission between organisations, ensuring that confidential and sensitive information is transmitted quickly and in complete safety.

OFTP2 offers many features enabling the reliable transmission of all types of data, such as large CAD files or smaller EDI transmissions of commercial data.

OFTP2 features at a glance

OFTP2 offers many features that other transmission protocols do not provide. These include:

  • File resuming: After an abort, the transmission of a file can restart at the last transfer position.
  • Security: OFTP2 offers many security options other protocols don't provide. In addition to session encryption (SSL/TLS), the protocol offers a secure bidirectional authentication option, file encryption & signing, an integrated compression method and signed end-to-end responses.
  • File size: Transmitted files can have a maximum file size of 88 PetaBytes (PB).
  • End-to-end response: The receiver of a file sends a notification to the sender (possibly asynchronously) to indicate that the file has been received completely.
  • File addressing: Target and originator IDs indicate from whom and to who the file is being transmitted.
  • Batch mode: OFTP2 is designed to work in a fully unmoderated and automated environment.
  • Bidirectional communication support: Both endpoints can send and receive files and other information in the same session. This way, you can minimize transfer costs or check if files or information are ready for collection.
  • Backward compatibility: OFTP2 has been designed to be backward compatible with OFTP1, so you are able to communicate with partners who are still on OFTP1

The OFTP2 specification was developed, and is continually maintained, by the Odette OFTP2 Experts Group, which brings together the best communication and security experts in the industry.

OFTP2 software solutions are tested on a regular basis for their adherence to the Odette specification and their ability to interoperate with all other Odette tested OFTP2 solutions.

OFTP2 solutions are available from Odette trusted partners throughout the world.

Trusted Performance

OFTP2 has been selected by thousands of companies for global secure data exchange and is implemented by the majority of automotive OEMs including Audi, BMW, Daimler, Ford, Hyundai, MAN, Scania, Skoda, Stellantis, Volkswagen and Volvo along with most large Tier 1 suppliers.


  • news

    Odette Awards recognise Outstanding Contributions to the Automotive Supply Chain

    20 Dec 2023

    As we approach the end of another amazing year, with a jam-packed 2024 programme ahead of us, it is fitting to reflect on 2023 and wrap-up in style. What better way to do this than recognising all those who have made our excellent results possible. Flashback to the Odette2023 conference in November when the Odette Community presented their Awards for Outstanding Contribution.

  • news

    Odette publishes Security Features to consider when using REST APIs (OA3)

    07 Dec 2023

    APIs, especially REST APIs, are being increasingly used to provide and access information in automotive supply and distribution processes. They are comparatively easy to install and deploy, allow an agile process management, and can be used with many different devices from mobile phones up to server systems.

    However, APIs also bring new threats to system integrity and data security and may cause serious disruptions to supply chain processes if developed and deployed without the appropriate security features.

  • news

    New OFTP2 feature optimises partner data management

    06 Feb 2023

    The OFTP2 Expert Group constantly reviews the OFTP2 protocol to ensure that it remain at the leading edge of file transfer technology. The latest enhancement -“Partner Data Exchange using XML“ - published in version 3 of the OFTP2 Implementation Guideline will bring about significant gains in time and efficiency.

Get started

OFTP2 is easy to deploy and companies can quickly establish secure data exchange over the internet with both customers and suppliers by installing software from service providers who have undergone rigorous Odette OFTP2 software testing.

To begin using OFTP2, your organisation will require:

  • An OFTP2 software from an Odette trusted provider
  • An OFTP station identifier (aka Odette ID)
  • A digital certificate from a Certification Authority (CA) listed on the Odette Trust Service Status List (TSL)

Odette maintains the OFTP2 specification but we do not develop or sell OFTP2 software, we leave this to our technology providers. We do, however, regularly test their OFTP2 products to ensure that they respect the Odette specification and can interoperate seamlessly with each other.

Find Software

To ensure that OFTP2 software products fully meet the OFTP2 specification (RFC5024) and can communicate successfully with each other, they must pass Odette interoperability tests on a regular basis. All originally listed products were tested again in 2020 and our OFTP2 software register lists only those products which have successfully passed the latest tests.

This helps automotive companies to select a solution which ensures:

  • Secure handling of confidential transmissions
  • Management of files of various format and size
  • Use of digital signature, compression and encryption

The register is provided without liability and only the OFTP2 features of the products listed have been tested by Odette.

Latest OFTP2 feature: Partner Data Exchange using XML (PDX via XML)
To assist user companies to optimise their use of the security configurations offered by OFTP2, a new feature – Partner Data Exchange via XML - is available to simplify the management of OFTP2 partner data, including the setting up and maintenance of connections, as well as the exchange of certificates.
The feature involves an XML schema containing the information required to set up (or update) an OFTP2 connection. The file is delivered directly from the OFTP2 software of the sending party to the OFTP2 software of the receiving party to set up or modify the connection without additional manual input.

The implementation of the feature differs between OFTP2 solutions and the register is split into 3 groups according to the level of implementation.

Group 1: full capability - send and receive.
Group 2: restricted capability - receive only
Group 3: do not yet support

Software Testing Service for Solution Providers

Odette tests OFTP2 software products against established Test Cases to ensure that the software complies with the OFTP2 specification (RFC5024) and inter-operates successfully with reference implementations of OFTP2.

Providers: why you should get your product tested

Benefits of having your software tested include:

Additional visibility
Providers are listed on the Odette website as suppliers of tested OFTP2 software.

New commercial leads
Potential customers can directly request further information from providers of listed software.

  • Continued support
    All providers of tested software are invited to participate in the Odette OFTP2 Expert Group and learn first-hand about new developments.

  • Added credibility
    Customers know that products which have passed the Odette Software Interoperability Test will have a high standard of OFTP2 performance.

  • Improved performance and stability
    Odette’s expert testers can help software developers identify glitches and troubleshoot issues in OFTP2 tested software.

  • Apply


Reference EN01

Version 3.0

Published Mar 2006

Security Features to consider when developing APIs

Provides guidelines on how to address security features when developing and implementing APIs. It is not intended as a complete and detailed catalogue of measures but should give interested par􀆟es hints and best prac􀆟ce recommenda􀆟ons on this topic.

Reference OA03

Version 1.0

Published Dec 2023

OFTP2 Implementation Guideline

The ODETTE File Transfer Protocol 2 (OFTP2) has become one of the most widely used and trusted protocols for secure information exchange over the internet.

This publication contains comprehensive technical guidelines on implementing and operating OFTP2, including use of digital certificates, archiving and integrating into existing IT infrastructures.

Developer guidelines are included for software vendors who wish to add OFTP2 functionality to their products.

Also includes Recommendation for OFTP2 Partner Data Exchange using XML

Reference OP08

Version 3.1

Published Dec 2023

OFTP2 Interoperability Testing Service

Test Cases

Odette tests OFTP2 software products against established Test Cases to ensure that the software complies with the OFTP2 specification (RFC5024) and inter-operates successfully with reference implementations of OFTP2.

This document describes the tests that an OFTP2 software must successfully pass in order to obtain the certificate of "OFTP2 Tested Software" from Odette.

Includes OFTP2 Partner Data XML Exchange - Functionality Tests

Reference OP09

Version 3.1

Published Dec 2023

Reference -

Version -

Published Jul 2019

Security Certificate Exchange (SCX)

This publication details Odette recommendations on establishing trust between business partners by enabling the automated exchange and renewal of digital Security Certificates and the use of a Trust Service Status List (TSL). These recommendations cover processes, interfaces and protocols for certificate exchange, trust and verification and for achieving the security levels required by business partners for data exchange processes in their commercial and product development relationships.

Reference SE01

Version 1.0

Published Jan 2009

Security and Risk Reduction (S2R)

This publication defines common security policies, measures and techniques to be implemented between partners with regards to security certificate use. The recommendations cover roles and responsibilities, common risk schema and classification of data, basic security requirements, password policies and data privacy considerations for business partners across the supply chain.

Reference SE02

Version 1.0

Published Apr 2006

OFTP2 Experts Group

The OFTP2 Experts Group brings together the top communication and security software experts in the industry.