The AS4 connector supports sending and receiving messages via the AS4 protocol.
Overview
An AS4 connection is configured in two places. Configure the AS4 Profiles page with a local AS4 party identifier and a private certificate. Then configure individual AS4 connectors with connection settings specific to a single trading partner. When an input file is processed by an AS4 connector, it is packaged and sent to the specified trading partner.
When receives a file over AS4, it attempts to route the file to a specific AS4 connector. The application uses the AS4 party identifiers in the AS4 message to determine which AS4 connector should receive the file. When a file is routed to an AS4 connector, that file is placed in the connector’s Output tab, or is passed along to the next connected connector in the flow.
Profile Configuration
The AS4 Profile must be configured before connections can be established with individual AS4 connectors. Click Profiles on the navbar, then click the AS4 tab.
AS4 Profile Tab
Personal Id
Settings for identifying the local profile.
| Setting | Description |
|---|
| Party Identifier | Your AS4 identifier. Messages sent by must be addressed to this identifier, and outgoing messages use this value to identify the originator of the message. Identifiers are case-sensitive. |
| Party Identifier Type | The optional type declaration of the Party identifier. If specified, supply the domain to which the identifier belongs. |
Personal Certificate
Settings related to the private decryption and signature certificate.
| Setting | Description |
|---|
| Private Certificate | The certificate used to decrypt incoming messages and sign outgoing messages. Never share this certificate with external parties. Click the Create Certificate button to generate a self-signed certificate that is ready to use in an AS4 transaction: a corresponding public key is also generated with the same filename and a .cer extension. |
| Certificate Password | The password required to access the Private Certificate. |
Application URLs
Settings and displayed values related to accessing from the public web.
| Setting | Description |
|---|
| Receiving URL | The URL at which listens for incoming AS4 messages. Share this URL with all your trading partners. |
Logging
Settings that govern the creation and storage of logs.
| Setting | Description |
|---|
| Log Level | The verbosity of logs generated by the connector. When you request support, set this to Debug. |
| Log Rotate Interval | The number of days to wait before creating a new log file. |
| Log Delete Interval | The number of days to wait before deleting old log files. |
Miscellaneous
Connector Configuration
Once you configure the global AS4 profile settings, create and configure individual AS4 connectors for each trading partner on the Flows page.
Settings Tab
Configuration
| Setting | Description |
|---|
| Connector Id | The static, unique identifier for the connector. |
| Connector Type | Displays the connector name and a description of what it does. |
| Connector Description | An optional field to provide a free-form description of the connector and its role in the flow. |
Trading Partner Info
Settings for identifying and connecting to a specific AS4 trading partner.
| Setting | Description |
|---|
| Party Identifier | The AS4 party identifier specific to the target trading partner. This value is included in the outgoing AS4 message to ensure it is delivered to the intended recipient, and it is used to route incoming AS4 messages to the appropriate AS4 connector. Identifiers are case-sensitive. |
| Party Identifier Type | The optional type declaration of the Party identifier. If specified, supply the domain to which the identifier belongs. |
| Partner URL | The trading partner’s public endpoint where outgoing AS4 messages should be sent. |
| Agreement | The shared AS4 Agreement that governs the exchange. This is required in ENTSOG profiles. |
Connection Info
Settings related connection parameters for the specified trading partner.
| Setting | Description |
|---|
| Send Message Security | Whether to sign and/or encrypt outgoing AS4 messages. CData strongly recommends you use signatures and encryption. |
| Receive Message Security | Whether to require that signatures and encryption are present for incoming AS4 messages. An error is thrown if a received message does not have a required security parameter. |
| Compression | Whether to compress the payload of outgoing messages. |
| Connection Timeout | The length of time (in seconds) the connector waits for a connection response before throwing a timeout error. |
| Profile | The AS4 profile to use in the AS4 interchange. Profiles help determine shared configuration settings to ensure compatibility between partners. The available profiles are: Standard, ENTSOG, e-SENS, DBEW, ENTSOG V4, and eDelivery V2. |
| Message Partition Channel | The channel over which the AS4 interchange should occur. If you do not specify a channel, the default Message Partition Channel (MPC) is implicitly assigned. MPCs are important when sending or receiving pull requests, because only messages queued in the assigned MPC are returned in response to the pull request. |
Receipt
Settings related to requesting receipts when sending AS4 messages.
| Setting | Description |
|---|
| Enable Receipt | Whether a receipt should be returned in response to incoming AS4 messages, and expected in response to outgoing AS4 messages. |
| Delivery | Whether the receipt should be returned as a direct response to the outgoing AS4 message (Synchronous) or returned later as part of a separate connection (Asynchronous). Synchronous receipts are recommended unless the size of the AS4 message is very large (50MB is a common threshold), in which case processing the message and delivering a synchronous receipt might strain the connection timeout duration. |
Trading Partner Certificates
Settings related to the public key certificates provided by the trading partner.
| Setting | Description |
|---|
| Encryption Certificate | The public key certificate used for AS4 encryption when sending messages. This certificate must be paired with the trading partner’s private certificate, and the trading partner should provide a public key certificate when sharing AS4 configuration details. |
| Verification Certificate | The public key certificate used to verify AS4 signatures when receiving messages. This field is often unnecessary; most AS4 parties use the same private certificate for both signing and decrypting. If this value is not specified, the application uses the Encryption Certificate to verify signatures. |
| TLS Server Certificate | The public key certificate used to verify the identity of a TLS/SSL server. This is only necessary if the partner’s AS4 system requires HTTPS instead of HTTP. If the trading partner does not provide a TLS server certificate, you can leave this setting blank to allow the underlying OS/JVM to perform certificate validation, or it can be set to Any Certificate to unconditionally trust the target server’s identity. |
Business Agreement Details
Settings related to the shared details of the AS4 business agreement. These values should be confirmed with the trading partner prior to configuration.
| Setting | Description |
|---|
| Service | The business process accepting the message. |
| Service Action | The operation or activity being executed in the business process. |
| Service Type | The optional qualifier providing context to the Service. |
| From Role | The role of the party from which the message originates. These roles can either be reversed or remain the same when sending versus receiving AS4 requests, based on your partner agreement. This value is used in the PartyInfo element of the resulting AS4 SOAP envelope. |
| To Role | The role of the party to which the message is delivered. These roles can either be reversed or remain the same when sending versus receiving AS4 requests, based on your partner agreement. This value is used in the PartyInfo element of the resulting AS4 SOAP envelope. |
Automation Tab
Automation Settings
Settings related to the automatic processing of files by the connector.
| Setting | Description |
|---|
| Send | Whether files arriving at the connector are automatically sent as AS4 messages. |
| Retry Interval | The number of minutes before a failed send is retried. A retry is triggered when the server does not respond to a send attempt, or responds negatively to communicate that the file was not received. |
| Max Attempts | The maximum number of times the connector processes the input file. Success is based on a successful server acknowledgement and validation of the receipt (when requested synchronously). If you set this to 0, the connect retries the file indefinitely. |
| Resend Interval | The number of minutes before unacknowledged messages are resent. A resend is triggered when the server receives the file, but an asynchronous receipt is not provided within the expected timeframe. |
| Max Attempts (async) | The maximum number of times the connector processes the input file when asynchronous receipts are requested. Success is based on the return of an asynchronous receipt within the Resend Interval after a successful server acknowledgement. If a successful server acknowledgement is not returned, Max Attempts is applied instead. If this is set to 0, the connector resends the file indefinitely. |
| Receive | Whether the connector should automatically make pull requests to receive messages from the trading partner. |
| Pull Interval | The interval between automatic pull requests. |
| Minutes Past the Hour | The minutes offset for an hourly schedule. Only applicable when the interval setting above is set to Hourly. |
| Time | The time of day that the attempt should occur. Only applicable when the interval setting above is set to Daily, Weekly, or Monthly. |
| Day | The day on which the attempt should occur. Only applicable when the interval setting above is set to Weekly or Monthly. |
| Minutes | The number of minutes to wait before attempting the download. Only applicable when the interval setting above is set to Minute. |
| Cron Expression | A five-position string representing a cron expression that determines when the attempt should occur. Only applicable when the interval setting above is set to Advanced. |
Alerts Tab
SLAs Tab
Advanced Tab
Token Authentication
Settings related to using and requiring token authentication.
| Setting | Description |
|---|
| Token Authentication (Receiving) | Whether authentication tokens must be included in incoming AS4 messages. If enabled, incoming messages must include username credentials that match the Username and Password fields set under this option. |
| Token Authentication (Sending) | Whether authentication tokens should be included in outgoing AS4 messages. If enabled, outgoing messages include username credentials that match the Username and Password fields set under this option. |
| Password Type | Whether username tokens should be in plain text or encrypted digest format. |
Alternate Local Profile
Settings that override the AS4 configuration on the Profiles page for this specific AS4 connector. Setting an alternate local profile lets you use different local certificates and identifiers for certain trading partners.
| Setting | Description |
|---|
| Party Identifier | Your AS4 identifier. Overrides the Party Identifier on the Profiles page. |
| Party Identifier Type | Your AS4 identifier type (optional). Overrides Party Identifier Type on the Profiles page. |
| Private Certificate | The certificate used to decrypt incoming messages and sign outgoing messages. Overrides the Private Certificate on the Profiles page. |
| Certificate Password | The password required to access the local private certificate. |
TLS Client Authentication
Settings related to client authentication when two-way TLS authentication is required.
| Setting | Description |
|---|
| Use Profile Settings | Whether to use the Private Certificate configured on the Profiles page as the TLS certificate for client authentication. |
| Private Certificate | The private certificate presented during TLS client authentication. Only applicable if you are not using the same private certificate from the Profiles page. |
| Certificate Password | The password required to access the TLS client certificate. |
Message Properties
A set of custom message properties, specified in name-value pairs, to include as part of the outgoing message.
Other Settings
Settings not included in the previous categories.
| Setting | Description |
|---|
| Agreement Ref P-Mode | The processing mode attribute of the shared AS4 agreement. If you use this, provide the PMode.Id parameter. |
| Agreement Ref Type | The reference type attribute of the shared AS4 agreement. The two parties should decide upon the semantics of this value. |
| Attach XML Files | Whether XML payloads should be packaged as a MIME attachment to the SOAP message, or included directly in the SOAP body. |
| Duplicate Message Action | How the connector should behave when it receives an AS4 message with a Message Id that the connector has seen before. Options: Continue (processes the duplicate file like any other file), Ignore (silently ignores/discards the inbound file), Failure (raises an error and does not process the file). |
| Duplication Interval | The number of minutes that a message with the same Message Id is considered a duplicate. If you set this to 0, the Message Ids are stored until the server is restarted. |
| Encryption Algorithm | Which encryption algorithm to use if you require message encryption. |
| Pull URL | The URL endpoint to which pull requests should be sent. Only required if it is different from the Partner URL. |
| Receipt URL | The URL endpoint to which receipts should be sent. Only required if it is different from the Partner URL. |
| Security Token Format | Which format to use for security tokens (certificate references). |
| Signature Algorithm | The algorithm to use when signing outgoing messages. The same algorithm is requested for the corresponding receipts. |
| Processing Delay | The amount of time (in seconds) by which the processing of files placed in the Transactions tab is delayed. This is a legacy setting. Best practice is to use a File connector to manage local file systems instead of this setting. |
| TLS Enabled Protocols | The list of TLS/SSL protocols supported when establishing outgoing connections. Best practice is to only use TLS protocols. Some obsolete operating systems do not support TLS 1.2. |
Proxy Settings
Logging
Settings that govern the creation and storage of logs.
| Setting | Description |
|---|
| Log Level | The verbosity of logs generated by the connector. When you request support, set this to Debug. |
| Log Subfolder Scheme | Instructs the connector to group files in the Logs folder according to the selected interval. The Weekly option (which is the default) instructs the connector to create a new subfolder each week and store all logs for the week in that folder. Leaving this setting blank tells the connector to save all logs directly in the Logs folder. For connectors that process many transactions, using subfolders helps keep logs organized and improves performance. |
| Log Messages | Check this to have the log entry for a processed file include a copy of the file itself. If you disable this, you might not be able to download a copy of the file from the Input or Output tabs. |
Miscellaneous
Personal Profile Configuration
Your AS4 profile contains key pieces of information that are used to identify you with trading partners. It is configured on the AS4 tab of the Profiles page.
To get started, specify the following information:
- Party Identifier
- Personal Certificate
Party Identifier
Similar to an email address in an email exchange, this identifies the partner in an AS4 transmission.
Set Party Identifier to a value that meaningfully identifies you or your organization. The value set here is sent in the headers of AS4 transmissions initiated by .
The Party Identifier is one piece of information exchanged with trading partners when sharing profile information. Trading partners should use this value in their AS4 system so that they can process requests coming from that identifier.
Personal Certificate
The private key certificate is used to sign outgoing messages and to decrypt incoming messages. The AS4 profile uses a private key certificate in PKCS#12 format (a .pfx or .p12 file).
- Click Upload Certificate in the Private Certificate dropdown to select an existing certificate from disk.
- Click Create Certificate to create a new self-signed certificate. This creates a new private key certificate and a public key certificate (.cer file) with the same name.
Receiving URL
This is generated based on the Base URL in Settings > Advanced and the default listening endpoint.
Share this value with trading partners so that they can successfully send AS4 messages to .
Partner Setup
Trading partners are responsible for providing specific settings required to connect to their AS4 endpoints. Each AS4 connector must be configured for a single trading partner relationship.
The following AS4 configuration options are required:
- Party Identifier
- Partner URL
- Trading Partner Certificates
- Use Receipt
- Service and Service Action
Party Identifier
The trading partner provides their Party Identifier, which is the part of their profile that is used to identify their organization in an AS4 transmission.
This value is case sensitive, so when configuring new trading partners, make sure the capitalization is correct.
Partner URL
The Partner URL is the public endpoint where the trading partner’s AS4 system listens for incoming messages. After receiving a URL from the trading partner, test the URL with a web browser to detect any networking or connectivity issues.
In some cases, the trading partner might provide more than one URL if they use separate URLs for pushing AS4 transmissions, pulling AS4 transmissions, and returning asynchronous receipts. Configure additional URLs on the Advanced tab under Pull URL and Receipt URL.
Trading Partner Certificates
Each AS4 connector must be configured with the public key certificate(s) for the target trading partner. The trading partner provides the certificates necessary to encrypt and verify AS4 messages exchanged with them. accepts X.509 public key certificates (files with .cer, .der, or .pem extensions).
Typically the trading partner provides a single certificate, which should be configured in the Encryption Certificate field.
If the trading partner provides multiple certificates, they must clarify the purpose of each certificate. If the partner provides a full certificate chain (as acquired from a commercial certificate authority), only the leaf certificate needs to be configured (the last certificate in the chain). Sometimes, a separate public key certificate might be required to verify the partner’s digital signatures. In this case, set the signature verification certificate on the Settings tab > Trading Partner Certificates > Verification Certificate.
If the trading partner requires TLS/SSL connections, they can provide you with the public key certificate for their TLS server. This should be set under TLS Server Certificate. Alternatively, you can set this field to Any Certificate to implicitly trust the identity of the target TLS server.
Use Receipt
Requesting a receipt ensures non-repudiation of the AS4 message. We strongly recommend enabling the Use Receipt field. Be sure to agree on the use of receipts with the trading partner ahead-of-time.
By default, receipts are delivered synchronously, meaning that they are returned as a direct response to the AS4 message. Asynchronous receipts are delivered later in a separate connection. Synchronous receipts are recommended unless the size of the AS4 messages is very large, in which case processing and delivering a synchronous receipt might strain the connection timeout duration.
Service and Service Action
Service, Service Action, and other business agreement details should be communicated with the trading partner. These values help define the business logic associated with the AS4 messages exchanged and how each party should interpret the messages.
Import from SMP
If the trading partner has a Service Metadata Publisher (SMP) profile, these settings can be imported by clicking the Import from SMP button in Settings tab > Trading Partner Info. The resulting prompt requires the SML Domain, Participant Id and Scheme, and Document Id and Scheme from which to obtain the SMP profile. The connector settings are automatically populated with the values read from the SMP profile.
Send and Receive Files
After the AS4 profile and partner-specific AS4 connectors have been configured, files can be securely sent and received.
Send Files
In an AS4 connector, the Input tab displays the files that should be sent to the target trading partner. If Send Automation is enabled on the Automation tab, files that reach the connector Input tab are automatically enveloped and sent.
The Create Test Files button lets you generate a simple series of test files to send to the trading partner.
Resend and Retry
An AS4 Resend is triggered when the trading partner is expected to return an asynchronous receipt, but fails to do so within the Resend Interval duration (60 minutes by default). The application then attempts to resend the transmission. The application continues resending the message until a receipt is received or the Max Attempts (async) is exhausted.
A Retry is triggered when the HTTP response from the trading partner indicates that the server has not received the transmission (the response is not a positive 200 OK status). This can indicate a networking or connectivity issue, which is often transient. The application retries the transmission every Retry Interval minutes until the transmission is received or the Max Attempts is exhausted.
Receive Files
In an AS4 connector, the Output tab displays the files that have been received by the application and routed to the connector (based on the AS4 identifiers present in the incoming AS4 message). Expand each file row to display a list of available logs for the transmission.
These files are available on the connector Output tab. If the connector is connected to other connectors in the flow, files are automatically moved from the Output tab of the AS4 connector to the Input tab of the next connector in the flow.
Macros
Examples
