How to Automate AS2 Transfers — Scheduled B2B File Exchange with Xferity

How to Automate AS2 Transfers

AS2 (Applicability Statement 2) is the protocol for signed, encrypted B2B file exchange over HTTPS. Automating AS2 means setting up Xferity to send and receive AS2 messages on a schedule, with retry, audit logging, and notification on failure.

What you need before you start

your AS2 station ID
your partner’s AS2 station ID
your partner’s AS2 endpoint URL
your private key and certificate (for signing and decryption)
your partner’s public certificate (for encryption and signature verification)
MDN mode: synchronous or asynchronous

If you are receiving AS2 inbound messages, you also need:

a publicly accessible HTTPS endpoint for your AS2 receiver
a reverse proxy (Caddy, nginx, or similar) to terminate TLS

Step 1: Import certificates into Xferity

Before configuring the partner, import the relevant certificates:

Via the web UI: navigate to Certificates → New Certificate, paste or upload the PEM-encoded certificate, set the role (your private key cert → signing, decryption; partner public cert → partner-signing, partner-encryption).

Step 2: Define the AS2 partner

name: acme-logistics
type: as2

as2:
  station_id: YourAS2ID
  partner_id: ACME-LOGISTICS
  partner_url: https://as2.acme-logistics.example.com/as2

  signing:
    algorithm: sha256
    cert_slot: signing          # your signing certificate role

  encryption:
    algorithm: aes256
    cert_slot: partner-encryption   # partner public certificate role

  mdn:
    mode: sync                  # sync or async
    signed: true
    algorithm: sha256

  tls:
    ca_cert_path: file:./certs/acme-root-ca.pem

Step 3: Define the AS2 outbound flow

flows:
  acme-daily-orders:
    direction: upload
    enabled: true
    target:
      partner: acme-logistics
    local:
      path: ./storage/acme/outgoing
    files:
      - pattern: "orders-*.csv"
    idempotency_mode: hash
    delete_after_upload: true
    schedule_cron: "0 0 6 * * 1-5"   # 6am UTC, Monday to Friday
    retry:
      max_attempts: 3
      strategy: exponential
      initial_delay_seconds: 60
      max_delay_seconds: 600
    notifications:
      on_failure: true
      email_to: ops@example.com

Step 4: Validate configuration

xferity validate

Validates all partner definitions and flow configurations against Xferity’s schema. Fix any issues before proceeding.

Step 5: Run diagnostics

xferity diag acme-daily-orders

Diagnostics check:

partner certificate validity and roles
reachability of the AS2 endpoint
flow configuration consistency
idempotency setting
notification configuration

Step 6: Run once manually

xferity run acme-daily-orders

This runs the flow once outside of the schedule. Review the output and check the audit log:

xferity trace orders-2026-03-17.csv

Expected output shows: matched → encrypted → signed → sent → MDN received → committed.

Step 7: Start the service

xferity run-service --config ./config/config.yaml

In Docker:

docker compose up -d

The service polls all enabled flows at their configured schedule and manages AS2 flows automatically from that point.

Inbound AS2

For receiving AS2 messages from partners, configure the inbound endpoint in config.yaml:

as2:
  inbound:
    enabled: true
    path: /as2/receive
    landing_dir: ./storage/acme/incoming

The AS2 receiver decrypts inbound messages, verifies the signature, saves the payload, and sends an MDN receipt to the sender.

Xferity workers process inbound AS2 jobs from the queue. In Postgres mode, workers can scale horizontally to handle message volume.

Audit evidence for AS2

Every AS2 exchange creates structured audit records:

message send/receive
signature verification result
MDN receipt
file landing confirmation

Query audit records:

xferity trace orders-2026-03-17.csv

Or via API:

curl http://localhost:8080/api/audit?file=orders-2026-03-17.csv