Skip to main content
Documentation

How AS2 Works

Prior to use, AS2 requires the following items:

  • A delivery URL for the sender.
  • A delivery URL for the receiver.
  • An AS2 Identity for the sender.
  • An AS2 Identity for the receiver.
  • An encryption and signing certificate and key for the sender.
  • An encryption and signing certificate and key for the receiver.

You and your trading partner will provide each other with:

  • The AS2 delivery URL.
  • The AS2 Identities that you agree to use for the connection.
  • The public portion of the encryption and signing certificate being used.

The AS2 delivery URL is sometimes referred to as the "endpoint URL" of your AS2 server or software. This URL typically looks something like https://my.companydomain.com/as2 and ideally uses a valid and chained SSL Certificate.

The AS2 Identities that you agree to use for the connection are sometimes referred to as "AS2 name", "AS2 code", "AS2 station", or "AS2 To and From". The identity is a unique string and can be based on an arbitrary identifier, an EDIExternal LinkThis link leads to an external website and will open in a new tab interchange ID, a DUNS numberExternal LinkThis link leads to an external website and will open in a new tab, or any other agreed upon criteria.

Your trading partner provides you with the public portion of their encryption and signing certificate. You provide your trading partner with the public portion of your own encryption and signing certificate. These AS2 certificates can be self-signed.

The AS2 server, or software, at each end of the connection provides an "inbox" and an "outbox" folder for each AS2 partnership.

AS2 performs the following steps.

The sending AS2 server:

  1. Collects the file from the local "outbox" folder that corresponds to the remote trading partner.
  2. Digitally signs the file using your signing certificate and key.
  3. Encrypts the file using the remote trading partner's public encryption certificate.
  4. Sends the file, using HTTP(S), to the trading partner's AS2 URL, and specifies:
    • the trading partner's AS2 identity as the recipient (AS2-TO).
    • its AS2 identity as the sender (AS2-FROM).

The receiving AS2 server:

  1. Receives the file, using HTTP(S).
  2. Checks that the recipient (AS2-TO) is valid and matches the trading partner's AS2 Identity.
  3. Checks that the sender (AS2-FROM) is valid and matches its AS2 Identity.
  4. Decrypts the file using its private certificate and key.
  5. Verifies the digital signature using the trading partner's public certificate.
  6. If all of the above checks, decryption, and signature validation are successful, places the file into the "inbox" folder that corresponds to the trading partner.
  7. Generates a Message Disposition Notification (MDN) containing the outcome, "success" or "failure", of the delivery.
  8. Digitally signs the MDN using its certificate and key.
  9. Returns the signed MDN, using the HTTP(S) response.

The sending AS2 server:

  1. Receives the HTTP(S) response.
  2. Verifies the MDN's digital signature using the trading partner's public certificate.
  3. Marks the delivery as a "success" only if the MDN is both valid and specifies a "success" outcome from the trading partner.

AS2 supports many configurations. The configuration you use is decided between you and your trading partner.