AS2

The Internet Engineering Task Force (IETF) develops the AS2 (Applicability Statement 2) communication protocol to exchange business-to-business (B2B) transactions over the Internet securely. The AS2 application uses the HTTP transport protocol along with Multipurpose Internet Mail Extensions (MIME). The AS2 application governs the means of connection and exchange of data securely and reliably. Besides the advanced security features, the AS2 application offers the following more benefits:

  • Privacy
  • Authentication
  • Nonrepudiation of origin and receipt of the message
  • Data integrity

The AS2 application provides a medium to exchange business data with partners by configuring an account in IBM® webMethods Integration. The application supports the AS2 protocol versions 1.1 and 1.2.

Field Description
Recipient Endpoint The endpoint URL of the recipient.
Authorization Type The type of HTTP authorization scheme to use for the connection. You can choose one of the following options:
  • none. No additional authorization scheme is executed at run time. For example, when you specify a user name and password, but do not specify a value for the authorization type, the user credentials are not inserted into an authorization header.
  • basic. When the application requires or supports HTTP basic authentication for user name and password.
From The AS2 ID of the sender.
To The AS2 ID of the recipient.
Preemptive Auth Preemptive authentication of the recipient. The default value is false.
Response Timeout The duration, in milliseconds, that the application waits for a response until it aborts the connection attempt to the back end. In case the network is slow or the back end processing takes longer than usual, increase the Response Timeout value. Specify a value other than 0. If you specify 0, the application waits indefinitely for a response.
Retry Count on Response Failure The number of times the application attempts to connect to the back end to read a response if the initial attempt fails. If an I/O error occurs, it retries only if you select the Retry on Response Failure option.
Retry on Response Failure Whether the application should attempt to resend the request when the response has failed, even though the request was sent successfully. Select this option if you want to reestablish the connection.
Trust store Alias Select the alias name of the IBM webMethods Integration trust store configuration from the list. The trust store contains trusted certificates that are used to determine trust for the remote server peer certificates. Select New Certificate > New Truststore to add a new trust store from this list.
Keystore Alias Select the alias for the IBM webMethods Integration keystore configuration. This is a text identifier for the keystore alias. A keystore file contains the credentials (private key/signed certificate) that a client needs for authentication. Select New Certificate > New Keystore to add a new keystore from this list.
Client Key Alias Alias to the private key in the keystore file specified in the Keystore Alias field. The outbound connections use this key to send client credentials to a remote server. To send the client’s identity to a remote server, you must specify values in both, Keystore Alias and Client Key Alias fields.
Hostname verifier Select a hostname verifier implementation for guards against man-in-the-middle (MITM) attacks from the list. The default is org.apache.http.conn.ssl.DefaultHostnameVerifier. This enables hostname verification. Select org.apache.http.conn.ssl.NoopHostnameVerifier from the list to disable hostname verification.
Username The name of the user account that the AS2 connection uses to connect to the AS2 provider.
Password The password for the user name provided in the Username field.
Compression Select this option to compress an outbound AS2 message.
Sign Message Select this option to sign an outbound AS2 message.
Signing Algorithm The signing algorithm to use for an outbound AS2 message. The following are the available options
  • MD5
  • SHA-1
  • SHA-256
  • SHA-384
  • SHA-512
Signing Keystore and Key Aliases The keystore aliases and the key aliases in the keystore to use for signing an outbound AS2 message.
Receive Signed Message Select this option to receive a signed inbound AS2 message. If you select this option and the incoming AS2 message is not signed, then an Insufficient message security error is encountered and shared with the sender if MDN is requested by the sender.
Signature Verification Certificate The certificate to use for verifying an inbound signed AS2 message.
Encrypt Message Select this option to encrypt an outbound AS2 message.
Encryption Algorithm The encryption algorithm to use for an outbound AS2 message. The following are the available options:
  • RC2 40
  • RC2 64
  • RC2 128
  • DES
  • TripleDES
  • AES 128
  • AES 192
  • AES 256
Encryption Certificate The certificate to use for encrypting an outbound AS2 message.
Receive Encrypted Message Select this option to receive an encrypted inbound AS2 message. If you select this option and the incoming AS2 message is not encrypted, then an Insufficient message security error is encountered and shared with the sender if MDN is requested by the sender.
Decryption Keystore and Key Aliases The keystore aliases the key aliases in the keystore to use for decrypting an inbound AS2 message.
Request MDN Whether you want the recipient to return an MDN to the sender.

You can select one of the following options:

  • None. The recipient of the AS2 message does not return an MDN to the sender.
  • Synchronous. The recipient of the AS2 message returns an MDN to the sender through the same HTTP connection that is used to send the original AS2 message.
  • Asynchronous. The recipient of the AS2 message returns an MDN to the sender through a different HTTP connection instead of the one used to send the original AS2 message.
Request Signed MDN Select this option if you want the recipient to sign an AS2 MDN. Ensure that you also select an option in the Request MDN field if you want the recipient to sign and return an AS2 MDN.
Asynchronous MDN Endpoint Type your endpoint URL that accepts an inbound AS2 MDN if you selected the Asynchronous option for Request MDN.
AS2 Version Select the AS2 protocol version to use from the list.
Enable Connection Pooling Select this option if you want to enable connection pooling for a connection. For more information, see Account configuration fields .
Minimum Pool Size The minimum number of connection objects that remain in the connection pool always, if connection pooling is enabled. For more information, see Account configuration fields.
Maximum Pool Size The maximum number of connection objects that can exist in the connection pool if connection pooling is enabled. For more information, see Account configuration fields.
Pool Increment Size The number of connections by which the pool will be incremented, up to the maximum pool size, if connection pooling is enabled and connections are needed.
Block Timeout (msec) The duration in milliseconds that IBM webMethods Integration waits to obtain a connection with the SaaS provider before the connection times out and returns an error. For more information, see Account configuration fields.
Expire Timeout (msec) The duration in milliseconds that an inactive connection can remain in the pool before it is closed and removed from the pool, if connection pooling is enabled. For more information, see Account configuration fields.
Session Management The session management scheme selection determines how a session or access token is handled for a given SaaS provider. For more information, see Account configuration fields.
Session Timeout (min) The duration in minutes that IBM webMethods Integration waits before refreshing a session. For more information, see Account configuration fields.
Enable SNI Server Name Indication (SNI) is an extension to the TLS protocol by which a client indicates which host name it is attempting to connect to at the start of the handshaking process. Enable this option if the SaaS provider offers SNI-based TLS connectivity, and if you want to connect to an SNI enabled SAAS provider to send the host name specified in the Server URL field, as part of the TLS SNI Extension server_name parameter.
SNI Server Name If you want to explicitly specify a host name to be included as a part of the SNI extension server_name parameter, in case the host name is other than the host name specified in the Server URL field, specify the host name value in the SNI Server Name field.

AS2 Predefined Operations

The following predefined Applicability Statement 2 (AS2) operations are available:

  • receive
  • send

receive

Receives an AS2 message from a recipient.

You can perform the following configurations in the AS2 application by using the receive service.

  • Configuring the Auto Detect Option
  • Creating an Endpoint URL

Input Parameters

  • content Stream. Object. Receives an AS2 message of content type other than application/xml.
  • node. Object. Optional. Receives an AS2 message of content type application/xml only.

Output Parameters

  • status. String Status of an inbound message.
  • status Message. String Processing the status of an inbound message.
  • request. Document Receives the raw stream, extracted payload, and attachments of an inbound message.
    • stream. Object Raw output stream received by an application.
    • headers. Document AS2 message headers.

      AS2-To. String AS2 ID of the recipient.

      AS2-From. String AS2 ID of the sender.

      Message-ID. String Message ID of the inbound message.

      AS2-Version. String AS2 protocol version used for the inbound message.

      Content-Type. String MIME content type of the inbound message.

      EDI INT-Features. String Optional features supported by the application.

      Receipt-Delivery-Option. String Optional. Sender's asynchronous MDN endpoint URL.

      Disposition-Notification-To. String Optional. Acknowledgment request for the inbound message.

      Disposition-Notification-Options. String Optional. Acknowledgment request to be signed for the inbound message.

    • payload. Document Extracted payload that you receive.

      stream. Object Extracted payload stream.

      content Type. String Content type assigned to the payload.

      headers. Document Headers that are assigned to the payload.

    • attachments. Document Array Optional. Attachments that you receive with an inbound message, if any.

      stream. Object Output stream of the attachment.

      content Type. String Content type assigned to the attachment.

      headers. Document Headers that are assigned to the attachment.

  • response. Document Sent MDN or received asynchronous MDN response.
    • status. String Status of the sent or received MDN.
    • status Message. String Status message of the sent or received MDN.
    • receipt. Document Optional. Sent or received MDN.

      stream. Object Object stream of the sent or received MDN.

      headers. Document Headers of the sent or received MDN.

      AS2-To String AS2 ID of the recipient.
      AS2-From String AS2 ID of the sender.
      Message-ID String Message ID of the inbound or outbound MDN.
      AS2-Version String AS2 protocol version that is used for the inbound or outbound MDN.
      Content-Type String MIME content type of the inbound or outbound message.

send

Sends an AS2 message to a recipient's defined endpoint.

Input Parameters

  • data. Document Payload that you want to send.
    • stream. Object java.io.InputStream object that you want map from EDI or XML data.
    • content Type. String Content type to assign to an outbound message. The following options are available by default:

      application/edi-x12, application/diffract, application/XML.

      You can also type a custom value.

    • other Headers. Document Optional. key and value strings of the header for an outbound message.
  • attachments. Document Array Optional. Attachments for a message, if any.
    • stream. Object java.io.InputStream object that you want to add to the attachment.
    • content Type. String Content type of the attachment. For example, application/zip if the attachment is a .zip file.
    • other Headers. Document Optional. key and value strings of the header you want to add to the attachment.
  • custom Headers. Document Optional. Custom headers that you want to include in an AS2 message.
    • key. String Key for the custom header.
    • value. String Value for the customer header.

Output Parameters

  • status. String Status of an outbound message.
  • status Message. String Processing status of an outbound message.
  • request. Document AS2 message sent to a recipient.

    stream. Object AS2 message stream.

    headers. Document Optional. AS2 message headers.
    • AS2-To. String AS2 ID of the recipient.
    • AS2-From. String AS2 ID of the sender.
    • Message-ID. String Message ID of the outbound message.
    • AS2-Version. String AS2 protocol version used for the outbound message.
    • Content-Type. String MIME content type of the outbound message.
    • EDI INT-Features. String Optional features supported by the application.
    • Receipt-Delivery-Option. String Optional. Recipient's asynchronous MDN endpoint URL.
    • Disposition-Notification-To. String Optional. Acknowledgment request for the outbound message.
    • Disposition-Notification-Options. String Optional. Acknowledgment request to be signed for the outbound message.
  • response. Document Received MDN response.
    • status. String Status of the received MDN.
    • status Message. String Status message of the received MDN.
    • receipt. Document Optional. Received MDN.

      stream. Object Object stream of the received MDN.

      headers. Document Optional. Headers of the received MDN.
      AS2-To String AS2 ID of the recipient.
      AS2-From String AS2 ID of the sender.
      Message-ID String Message ID of the inbound MDN.
      AS2-Version String AS2 protocol version used for the inbound MDN.
      Content-Type String MIME content type of the inbound message.

Configuring the Auto Detect Option

You can select the Auto Detect option for the AS2 application to automatically identify an account based on the AS2-From and AS2-To headers of an inbound message.

This option enables the AS2 application to compare an account that is configured with From and To fields with the AS2-From and AS2-To headers of an inbound message and vice versa. In addition, specifying this option allows the use of an individual endpoint URL with multiple partners.

Note: Auto Detect option is supported only for the receive operation.
Important: Configuring multiple accounts with identical values for the From and To fields might generate unpredictable results. This happens when the application uses the account that matches the first AS2-From and AS2-To headers of an inbound message. Therefore, if you have multiple accounts that are configured with identical values for the From and To fields, then do not select the Auto Detect option.

Creating an Endpoint URL

A sender requires a recipient's endpoint URL to transfer AS2 messages. Create an endpoint URL and share it with your partner to send AS2 messages to the endpoint URL.

To create an endpoint URL

  1. Create a Flow service. Ensure that you specify a signature with contentStream and node as input parameters of type Object. Alternatively, you can define a Document Type as a signature with contentStream and node as input parameters of type Object.
  2. Configure the AS2 application with the receive operation to work with a new or existing account, or select the Auto Detect option for the application.
  3. Map the contentStream and node parameters of the Pipeline Input signature that is defined in step 1 with the AS2 application's receiveInput parameter.
  4. Select the Enable Flow service to be invoked over HTTP option on the Flow service Overview page. An endpoint URL for this Flow service is generated.
  5. Share this endpoint URL with your partner to enable the partner to send AS2 messages.