Link Search Menu Expand Document

SFTP Integration for AS2

1 Introduction

The MFTGateway allows SFTP based integration with your existing systems, in a very similar manner to the native AWS S3 integration. The location paths are the same as for S3, since the MFT Gateway actually utilizes Amazon Transfer service over the same AWS S3 bucket created for each account, to expose the SFTP connectivity.

This section guides you on using SFTP access, for integration of AS2 communications with external systems.

1.1 What is SFTP?

SFTP stands for SSH File Transfer Protocol, or Secure File Transfer Protocol. It is a separate protocol packaged with SSH, that works similarly over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote system. SFTP is a good choice for integration when large numbers of files, possibly including large files, needs to be securely exchanged.

1.2 Enabling SFTP Integration

SFTP Integration Navigate to ‘SFTP’ after clicking the ‘Integrations’ menu icon on the left navigation pane. If you have not already setup SFTP integration the above page will appear, allowing you to enable the integration. You can provide a username, and choose to either generate a new key, or opt-to login using an existing SSH key that you already have. Only key based SFTP access has been allowed. Note that the username must be in latin letters (a-z, A-Z), digits (0-9), hyphen (-) and underscore (_), and cannot start with a hyphen.

To generate a new key, choose the Private key type desired, based on how you plan to access the SFTP server, and your client operating system. You can optionally add a password to protect the generated private key. This will be your passphrase to open the private key file for later use.

Windows based systems

The Putty format keys (PPK) works best for Windows systems. When using WinSCP as an example, download the .ppk file and load it into Pageant, by right-clicking on the file. Then configure a session on WinSCP providing the username. The SFTP server is `sftp.mftgateway.com` and over the default port 22.

WinSCP Connection

Linux based systems

If you created a new key, download it to the client system. First you need to change file permissions to only allow read access to the user. Then you can connect by providing the username, and the key file.

sudo chmod 400 <private-key>
sftp -i <private-key> <username>@sftp.mftgateway.com

If you choose to ‘enable with existing key pair’, you will need to copy the public key of your existing keypair. Usually this will be located as .ssh/id_rsa.pub file, on a Linux based operating system.

$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAA...QLWY5Ow== user@host

1.3 SFTP Folder Structure

Once you login via SFTP, you will be placed into your home directory, which is mftg-<your-mftgateway-account-id>. The following hierarchy exists for each account. <Station-AS2-ID> refers to the AS2 ID of the local Station defined in the MFT Gateway, while <Partner-AS2-ID> refers to the AS2 ID of the remote partner. The AS2/raw-message contains the encrypted AS2 messages as-sent, or as-received, while the AS2/files contains the actual payload files without, or after decryption. It should be noted that AS2/keystore and AS2/tmp are special locations and end-users should not access them, and are listed here only for completeness.

  • AS2/files [Raw files of messages]
    • <Station-AS2-ID>/<Partner-AS2-ID>/inbox
    • <Station-AS2-ID>/<Partner-AS2-ID>/outbox
  • AS2/headers [Raw HTTP headers of messages]
    • <Station-AS2-ID>/<Partner-AS2-ID>/inbox
    • <Station-AS2-ID>/<Partner-AS2-ID>/outbox
  • AS2/keystore [Key stores]
    • https.jks [SSL/TLS certificates and keypairs]
    • identity.jks [AS2 Station encryption/signature certificates]
    • trust.jks [AS2 Partner certificates]
  • AS2/raw-mdn [Raw MDNs]
    • incoming
    • outgoing
  • AS2/raw-message [Raw AS2 messages]
    • <Station-AS2-ID>/<Partner-AS2-ID>/inbox
    • <Station-AS2-ID>/<Partner-AS2-ID>/outbox
  • AS2/send [Send location]
  • AS2/tmp [Temporary file location]

1.4 Disabling SFTP

You may disable SFTP access, create a new keypair, or provide a new key, by visiting the SFTP integration page and disabling the current SFTP integration.

2.2 Default Lifecycle rules

MFT Gateway utilizes Amazon S3 lifecycle rules to manage transactional objects stored. Objects stored under the following directories will move to non-current status after 35 days, and will be permanently deleted after another 35 days. i.e. Objects will be deleted 70 days since creation.

  • AS2/files
  • AS2/raw-message
  • AS2/raw-mdn
  • AS2/headers

Objects stored in AS2/tmp directory will be moved into non-current status after 1 day, and will be permanently deleted after 2 days from the creation.

3 Automation via SFTP

3.1 Sending Files

To submit a file to be sent over AS2, copy (i.e. SFTP put) it to the location AS2/send/<station-AS2-id>/<partner-AS2-id>/. If you want to send a single file, you can copy it directly to this location. If you have more than one file to be submitted as a single AS2 message, zip the files into a single archive, and then upload the archive.

e.g

put <local-file> AS2/send/<station-AS2-id>/<partner-AS2-id>/<attachment-name>

After a file has been submitted for send, the system will be automatically triggered, and will perform the AS2 communications process to send the file to the designated partner. The processed file will be placed into the AS2/files/<Station-AS2-ID>/<Partner-AS2-ID/outbox location

Files uploaded with same name within a 6 hour window will be considered as duplicates and will not be processed. If you need to submit files with the same name, add a postfix to the filename, such as an extension

SFTP triggers only apply for the content directly uploaded to the above mentioned directory. Any content copied or moved within the SFTP folder structure itself, will be ignored

3.2 Receiving Files

Received files will be persisted to the AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox. You can fetch/download these payload files through SFTP get.

e.g

ls  AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/
get AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/<timestamp-random-number>/<attachment-name> <local-path>

Note that each message will have a unique path, with the timestamp followed by a random number, within which the actual attachments will be found.

3.3 Accessing MDNs, sent files, HTTP headers and raw messages

If required, the MDN’s sent and received, files successfully sent, raw (encrypted) messages or message headers can be downloaded from the SFTP locations as listed in the folder structure layout.