The MFTGateway allows SFTP based integration with your existing systems, in a very similar manner to the native AWS S3 integration. The location paths are the same as for S3, since the MFT Gateway actually utilizes Amazon Transfer service over the same AWS S3 bucket created for each account, to expose the SFTP connectivity.
This section guides you on using SFTP access, for integration of AS2 communications with external systems.
SFTP stands for SSH File Transfer Protocol, or Secure File Transfer Protocol. It is a separate protocol packaged with SSH, that works similarly over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote system. SFTP is a good choice for integration when large numbers of files, possibly including large files, needs to be securely exchanged.
Navigate to ‘SFTP’ after clicking the ‘Integrations’ menu icon on the left navigation pane. If you have not already setup SFTP integration the above page will appear, allowing you to enable the integration. You can provide a username, and choose to either generate a new key, or opt-to login using an existing SSH key that you already have. Only key based SFTP access has been allowed. Note that the username must be in latin letters (a-z, A-Z), digits (0-9), hyphen (-) and underscore (_), and cannot start with a hyphen.
To generate a new key, choose the Private key type desired, based on how you plan to access the SFTP server, and your client operating system. You can optionally add a password to protect the generated private key. This will be your passphrase to open the private key file for later use.
The Putty format keys (PPK) works best for Windows systems. When using WinSCP as an example, download the
If you created a new key, download it to the client system. First you need to change file permissions to only allow read access to the user. Then you can connect by providing the username, and the key file.
sudo chmod 400 <private-key> sftp -i <private-key> <username>@sftp.mftgateway.com
If you choose to ‘enable with existing key pair’, you will need to copy the public key of your existing keypair. Usually this will be located as
.ssh/id_rsa.pub file, on a Linux based operating system.
$ cat ~/.ssh/id_rsa.pub ssh-rsa AAA...QLWY5Ow== user@host
Once you login via SFTP, you will be placed into your home directory, which is
mftg-<your-mftgateway-account-id>. The following hierarchy exists for each account.
<Station-AS2-ID> refers to the AS2 ID of the local Station defined in the MFT Gateway, while
<Partner-AS2-ID> refers to the AS2 ID of the remote partner. The
AS2/raw-message contains the encrypted AS2 messages as-sent, or as-received, while the
AS2/files contains the actual payload files without, or after decryption. It should be noted that
AS2/tmp are special locations and end-users should not access them, and are listed here only for completeness.
AS2/files[Raw files of messages]
AS2/headers[Raw HTTP headers of messages]
https.jks[SSL/TLS certificates and keypairs]
identity.jks[AS2 Station encryption/signature certificates]
trust.jks[AS2 Partner certificates]
AS2/raw-message[Raw AS2 messages]
AS2/tmp[Temporary file location]
You may disable SFTP access, create a new keypair, or provide a new key, by visiting the SFTP integration page and disabling the current SFTP integration.
MFT Gateway utilizes Amazon S3 lifecycle rules to manage transactional objects stored. Objects stored under the following directories will move to non-current status after 35 days, and will be permanently deleted after another 35 days. i.e. Objects will be deleted 70 days since creation.
Objects stored in AS2/tmp directory will be moved into non-current status after 1 day, and will be permanently deleted after 2 days from the creation.
To submit a file to be sent over AS2, copy (i.e. SFTP
put) it to the location
AS2/send/<station-AS2-id>/<partner-AS2-id>/. If you want to send a single file, you can copy it directly to this location. If you have more than one file to be submitted as a single AS2 message, zip the files into a single archive, and then upload the archive.
put <local-file> AS2/send/<station-AS2-id>/<partner-AS2-id>/<attachment-name>
After a file has been submitted for send, the system will be automatically triggered, and will perform the AS2 communications process to send the file to the designated partner. The processed file will be placed into the
Files uploaded with same name within a 6 hour window will be considered as duplicates and will not be processed. If you need to submit files with the same name, add a postfix to the filename, such as an extension
SFTP triggers only apply for the content directly uploaded to the above mentioned directory. Any content copied or moved within the SFTP folder structure itself, will be ignored
Received files will be persisted to the
AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox. You can fetch/download these payload files through SFTP get.
ls AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/ get AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/<timestamp-random-number>/<attachment-name> <local-path>
Note that each message will have a unique path, with the timestamp followed by a random number, within which the actual attachments will be found.
If required, the MDN’s sent and received, files successfully sent, raw (encrypted) messages or message headers can be downloaded from the SFTP locations as listed in the folder structure layout.