SFTP Integration | Aayu Technologies
EDI and AS2 Gateways by Aayu Technologies
mft gateway logo as2 gateway logo edi generator logo
Link Search Menu Expand Document
logo
Contact

SFTP Integration for AS2 & SFTP

1 Introduction

The MFTGateway allows SFTP based integration with your existing systems, in a very similar manner to the native AWS S3 integration. The location paths are the same as for S3, since the MFT Gateway actually utilizes Amazon Transfer service over the same AWS S3 bucket created for each account, to expose the SFTP connectivity.

This section guides you on using SFTP access, for integration of AS2 & SFTP communications with external systems.

1.1 What is SFTP?

SFTP stands for SSH File Transfer Protocol, or Secure File Transfer Protocol. It is a separate protocol packaged with SSH, that works similarly over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote system. SFTP is a good choice for integration when large numbers of files, possibly including large files, needs to be securely exchanged.

1.2 Enabling SFTP Integration

SFTP Integration Navigate to ‘SFTP’ after clicking the ‘Integrations’ menu icon on the left navigation pane. If you have not already setup SFTP integration the above page will appear, allowing you to enable the integration. You can provide a username, and choose to either generate a new key, or opt-to login using an existing SSH key that you already have. Only key based SFTP access has been allowed. Note that the username must be in latin letters (a-z, A-Z), digits (0-9), hyphen (-) and underscore (_), and cannot start with a hyphen.

To generate a new key, choose the Private key type desired, based on how you plan to access the SFTP server, and your client operating system. You can optionally add a password to protect the generated private key. This will be your passphrase to open the private key file for later use.

Windows based systems

The Putty format keys (PPK) works best for Windows systems. When using WinSCP as an example, download the .ppk file and load it into Pageant, by right-clicking on the file. Then configure a session on WinSCP providing the username. The SFTP server is `sftp.mftgateway.com` and over the default port 22.

WinSCP Connection

👉 Read this article to learn how to log into the MFT Gateway SFTP server from FileZilla SFTP Client

Linux based systems

If you created a new key, download it to the client system. First you need to change file permissions to only allow read access to the user. Then you can connect by providing the username, and the key file.

sudo chmod 400 <private-key>
sftp -i <private-key> <username>@sftp.mftgateway.com

If you choose to ‘enable with existing key pair’, you will need to copy the public key of your existing keypair. Usually this will be located as .ssh/id_rsa.pub file, on a Linux based operating system.

$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAA...QLWY5Ow== user@host

1.3 SFTP Folder Structure in AS2 & SFTP Directories

1.3.1 SFTP Folder Structure in AS2 Directory

Once you login via SFTP, you will be placed into your home directory, which is mftg-<your-mftgateway-account-id>. The following hierarchy exists for each account. <Station-AS2-ID> refers to the AS2 ID of the local Station defined in the MFT Gateway, while <Partner-AS2-ID> refers to the AS2 ID of the remote partner. The AS2/raw-message contains the encrypted AS2 messages as-sent, or as-received, while the AS2/files contains the actual payload files without, or after decryption. It should be noted that AS2/keystore and AS2/tmp are special locations and end-users should not access them, and are listed here only for completeness.

  • AS2/files [Raw files of messages]
    • <Station-AS2-ID>/<Partner-AS2-ID>/inbox
    • <Station-AS2-ID>/<Partner-AS2-ID>/outbox
  • AS2/headers [Raw HTTP headers of messages]
    • <Station-AS2-ID>/<Partner-AS2-ID>/inbox
    • <Station-AS2-ID>/<Partner-AS2-ID>/outbox
  • AS2/keystore [Key stores]
    • https.jks [SSL/TLS certificates and keypairs]
    • identity.jks [AS2 Station encryption/signature certificates]
    • trust.jks [AS2 Partner certificates]
  • AS2/raw-mdn [Raw MDNs]
    • incoming
    • outgoing
  • AS2/raw-message [Raw AS2 messages]
    • <Station-AS2-ID>/<Partner-AS2-ID>/inbox
    • <Station-AS2-ID>/<Partner-AS2-ID>/outbox
  • AS2/send [Send location]
  • AS2/tmp [Temporary file location]

1.3.2 SFTP Folder Structure in SFTP Directory

Similar to the AS2 directory found in the home directory, mftg-<your-mftgateway-account-id>, we can find the SFTP directory for SFTP communications. The hierarchy in the SFTP directory is as follows. SFTP/external is the external directory that is accessible by your SFTP partner when you partner connects to the SFTP server. The directory SFTP/partners contains the messages that have been sent and received by each SFTP partner. Note that <Partner-SFTP-ID> refers to the SFTP ID of the remote partner. And the SFTP/send directory is used to send the actual SFTP messages to the relevant partner.

  • SFTP/external [Location accessible by SFTP partners]
    • <Partner-SFTP-ID>/inbox
    • <Partner-SFTP-ID>/outbox
    • <Partner-SFTP-ID>/send
  • SFTP/partners [Access messages sent to & received by partners]
    • <Partner-SFTP-ID>/inbox
    • <Partner-SFTP-ID>/outbox
  • SFTP/send [Send location]
    • <Partner-SFTP-ID>/

1.4 Disabling SFTP

You may disable SFTP access, create a new keypair, or provide a new key, by visiting the SFTP integration page and disabling the current SFTP integration.

2.2 Default Lifecycle rules

MFT Gateway utilizes Amazon S3 lifecycle rules to manage transactional objects stored. Objects stored under the following directories will move to non-current status after 35 days, and will be permanently deleted after another 35 days. i.e. Objects will be deleted 70 days since creation.

AS2SFTP
AS2/filesSFTP/external
AS2/raw-messageSFTP/partners
AS2/raw-mdn 
AS2/headers 

Objects stored in AS2/tmp directory will be moved into non-current status after 1 day, and will be permanently deleted after 2 days from the creation.

3 Automation via SFTP over AS2 Protocol

3.1 Sending Files

To submit a file to be sent over AS2, copy (i.e. SFTP put) it to the location AS2/send/<station-AS2-id>/<partner-AS2-id>/. If you want to send a single file, you can copy it directly to this location. If you have more than one file to be submitted as a single AS2 message, zip the files into a single archive, and then upload the archive.

e.g

put <local-file> AS2/send/<station-AS2-id>/<partner-AS2-id>/<attachment-name>

After a file has been submitted for send, the system will be automatically triggered, and will perform the AS2 communications process to send the file to the designated partner. The processed file will be placed into the AS2/files/<Station-AS2-ID>/<Partner-AS2-ID>/outbox location

Files uploaded over AS2 with the same name within a 6 hour window will be considered as duplicates and will not be processed. If you need to submit files with the same name, add a postfix to the filename, such as an extension (Duplicated files will be moved to AS2/duplicate/<Station-AS2-ID>/<Partner-AS2-ID>/)

SFTP triggers only apply for the content directly uploaded to the above mentioned directory. Any content copied or moved within the SFTP folder structure itself, will be ignored

3.2 Receiving Files

Received files will be persisted to the AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox. You can fetch/download these payload files through SFTP get.

e.g

ls  AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/
get AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/<timestamp-random-number>/<attachment-name> <local-path>

Note that, by default, each message will have a unique path, with the timestamp followed by a random number, within which the actual attachments will be found.

You can customize the file structure by updating the AS2 Partner’s File Structure settings.

3.3 Accessing MDNs, sent files, HTTP headers and raw messages

If required, the MDN’s sent and received, files successfully sent, raw (encrypted) messages or message headers can be downloaded from the SFTP locations as listed in the folder structure layout.

4 Automation via SFTP over SFTP Protocol

4.1 Sending Files

To submit a file to be sent over SFTP, copy (i.e. SFTP put) it to the location SFTP/send/<Partner-SFTP-ID>/. If you want to send a single file, you can copy it directly to this location. If you have more than one file to be submitted as a single SFTP message, zip the files into a single archive, and then upload the archive.

e.g

put <local-file> SFTP/send/<Partner-SFTP-ID>/<attachment-name>

After a file has been submitted for send, the system will be automatically triggered, and will perform the SFTP communications process to send the file to the designated partner. The processed file will be placed in the SFTP/partners/<Partner-SFTP-ID>/outbox location

Files uploaded over SFTP with the same name within a 6 hour window will be considered as duplicates and will not be processed. If you need to submit files with the same name, add a postfix to the filename, such as an extension (Duplicated files will be moved to AS2/duplicate/<Station-AS2-ID>/<Partner-AS2-ID>/)

SFTP triggers only apply for the content directly uploaded to the above mentioned directory. Any content copied or moved within the SFTP folder structure itself, will be ignored

4.2 Receiving Files

Received files will be persisted to the location SFTP/partners/<Partner-SFTP-ID>/inbox. You can fetch/download these payload files through SFTP get.

e.g

ls SFTP/partners/<Partner-SFTP-ID>/inbox/<random-message-id>/
get SFTP/partners/<Partner-SFTP-ID>/inbox/<random-message-id>/<attachment-name> <local-path>

Note that, by default, each message will have a unique path, with the timestamp followed by a random number, within which the actual attachments will be found.

You can customize the file structure by updating the SFTP Partner’s File Structure settings.