top of page
  • Writer's pictureAlex James

Unraveling Boomi EDI AS2 - Deep dive into AS2 Inbound Flow

Integration in simple terms is moving data from one application to another. An integration middleware such as Boomi gets data from source application, translates/enriches the data, and sends data to the target application. There are various communication protocols such as AS2, SFTP, HTTP that facilitates data exchange between applications.


📌To understand Boomi EDI AS2 better, let’s glance through three foundational terms of cryptography


Certificates – A certificate is a file that holds the public key. Boomi certificate component provides a convenient option to generate a self-signed certificate with public and private key pair. It also provides an option to import certificates provided by the trading partners.

Encryption – Scrambling the text using the public key. The sender scrambles the text using receiver’s public key and the recipient uses their private key to decrypt it. Ensures only intended recipient can read the content.


Signing - Ensures the message is not altered during transit. The sender uses a mathematical algorithm + sender private key to calculate the hash of a message. The receiver uses the same algorithm + sender public key to verify the signature.


📌Two reasons why AS2 is a preferred communication method in EDI B2B integrations


Security – Data is encrypted/signed during transit and hence protected from malicious or accidental tampering.


Non-repudiation – MDN is returned to sender upon receiving the message. Thus, both sender and receiver have cryptographic proof and both parties cannot deny sending/receiving messages. This build trust between trading partners.


📌Boomi EDI AS2


While AS2 is frequently used for EDI transactions, it is also used to exchange other structured documents such as XML. Boomi also has a separate AS2 technology connector to send/listen data. However, we will cover how AS2 is used in the context of EDI B2B document exchanges.


AS2 configuration for EDI documents are configured inside the “Communication” Tab of Trading Partner Component.


📌Pre-requisties to set up AS2


  1. AS2 IDs

  2. Exchange Public certificate (Don’t share private key)

  3. AS2 Send URL

  4. AS2 Parameters

                a. Encryption Algorithm

                b. Signature Secure Hash Algorithm to sign message

                c. MDN (Sync or Async) and MDN Signature Secure Hash Algorithm


📌Boomi EDI AS2 Inbound Flow explained



To understand AS2 Inbound flow, let's imagine that Fresh Flavour (FF) foods is the supplier and Modern Supermarket (SM) is the customer. Let’s assume FF foods is the host and Modern SM is the remote trading partner. FF Foods receives an EDI 850 from Modern SM.


For FF Foods, a My Trading Partner Component needs to be created with a Public + Private key Certificate component configured to it. A “Partner that I trade with” should be created for remote TP “Modern SM” with just public cert component.


1)      For Inbound processing, the process should be configured to start with a Trading Partner Shape.


2)      When an inbound document is received at FF Foods from Modern SM, it is already encrypted using FF Foods public cert and signed with Modern SM’s private key.


3)      The sender AS2 data will also hold information if MDN needs to be returned by the receiver.


4)      For Boomi AS2 processor to decrypt the data, it needs the corresponding private key and the encryption algorithm. It will use the private key configured in the FF Foods “My Trading Partner Component”  and the encryption algorithm from the Modern SM TP component. The below image shows “Triple DES” as the encryption algorithm. Please note the AS2 processor cannot decrypt the message if there is mismatch in cert or the encryption algorithm between the sender and the receiver.


5)      If message signing is enabled, the Boomi AS2 processor would validate the sign. To verify the sign, AS2 processor would use the public cert of the sender (Modern SM) and the Secure Signature Hash Algorithm which is SHA-256 in our example. Signing verification will fail if there is cert or algorithm mismatch.


6)      If the sender has requested for an MDN (signed or unsigned), the receiver FF Foods would return a MDN to the sender Modern SM. If a signed MDN is requested, Boomi AS2 processor would use the private key configured in FF Foods My Trading component and the Signature Hash Algorithm (SHA-256 in MDN Options)  in Modern SM Trading Partner Component to return a signed MDN.


7)      One of the crucial aspects for AS2 set up is ensure the AS2 parameters and the certs match between the sending and receiving trading partners


Should you have anything more to add, please put in comments!

289 views0 comments

Comments


bottom of page