Exchange AS2 messages using workflows in Azure Logic Apps

Applies to: Azure Logic Apps (Consumption + Standard)

To send and receive AS2 messages in workflows that you create using Azure Logic Apps, you can use the AS2 (v2) connector, which provides actions that support and manage AS2 communication. If you need tracking capabilities, the original AS2 connector is still available, but is being deprecated.

Except for tracking capabilities, the AS2 (v2) connector provides the same capabilities as the original AS2 connector, runs natively with the Azure Logic Apps runtime, and offers significant performance improvements in message size, throughput, and latency. Unlike the original AS2 connector, the AS2 (v2) connector doesn't require that you create a connection to your integration account. Instead, as described in the prerequisites, make sure that you link your integration account to the logic app resource where you plan to use the connector.

This how-to guide shows how to add the AS2 encoding and decoding actions to an existing logic app workflow. The AS2 (v2) connector doesn't include any triggers, so you can use any trigger to start your workflow. The examples in this guide use the Request trigger.

Connector technical reference

The AS2 connector has different versions, based on logic app type and host environment.

Logic app Environment Connector version
Consumption multitenant Azure Logic Apps AS2 (v2) and AS2 managed connectors (Standard class). The AS2 (v2) connector provides only actions, but you can use any trigger that works for your scenario. For more information, review the following documentation:

- AS2 managed connector reference
- AS2 (v2) managed connector operations
- AS2 message limits
Consumption Integration service environment (ISE) AS2 (v2) and AS2 managed connectors (Standard class) and AS2 ISE version, which has different message limits than the Standard class. The AS2 (v2) connector provides only actions, but you can use any trigger that works for your scenario. For more information, review the following documentation:

- AS2 managed connector reference
- AS2 (v2) managed connector operations
- AS2 message limits
Standard Single-tenant Azure Logic Apps and App Service Environment v3 (Windows plans only) AS2 (v2) built-in connector and AS2 managed connector. The built-in version differs in the following ways:

- The built-in version provides only actions, but you can use any trigger that works for your scenario.

- The built-in version can directly access Azure virtual networks. You don't need an on-premises data gateway.

For more information, review the following documentation:

- AS2 managed connector reference
- AS2 (v2) built-in connector operations
- AS2 message limits

AS2 (v2) operations

The AS2 (v2) connector has no triggers. The following table describes the actions that the AS2 (v2) connector provides for establishing security and reliability when transmitting messages:

Action Description
AS2 Encode action Provides encryption, digital signing, and acknowledgments through Message Disposition Notifications (MDN), which help support nonrepudiation. For example, this action applies AS2/HTTP headers and performs the following tasks when configured:

- Sign outgoing messages.
- Encrypt outgoing messages.
- Compress the message.
- Transmit the file name in the MIME header.
AS2 Decode action Provide decryption, digital signing, and acknowledgments through Message Disposition Notifications (MDN). For example, this action performs the following tasks when configured:

- Process AS2/HTTP headers.
- Reconcile received MDNs with the original outbound messages.
- Update and correlate records in the nonrepudiation database.
- Write records for AS2 status reporting.
- Output payload contents as base64-encoded.
- Determine whether MDNs are required. Based on the AS2 agreement, determine whether MDNs should be synchronous or asynchronous.
- Generate synchronous or asynchronous MDNs based on the AS2 agreement.
- Set the correlation tokens and properties on MDNs.
- Verify the signature.
- Decrypt the messages.
- Decompress the message.
- Check and disallow message ID duplicates.

Prerequisites

  • An Azure account and subscription. If you don't have a subscription yet, sign up for a free Azure account.

  • The logic app resource and workflow where you want to use the AS2 operations.

  • An integration account resource to define and store artifacts for use in enterprise integration and B2B workflows.

    • Both your integration account and logic app resource must exist in the same Azure subscription and Azure region.

    • Defines at least two trading partners that participate in the AS2 operation used in your workflow. The definitions for both partners must use the same business identity qualifier, which is AS2Identity for this scenario.

    • Defines an AS2 agreement between the trading partners that participate in your workflow. Each agreement requires a host partner and a guest partner. The content in the messages between you and the other partner must match the agreement type. For information about agreement settings to use when receiving and sending messages, see AS2 message settings.

  • Based on whether you're working on a Consumption or Standard logic app workflow, your logic app resource might require a link to your integration account:

    Logic app workflow Link required?
    Consumption - AS2 (v2) connector: Connection required, but no link required
    - AS2 connector: Link required, but no connection required
    Standard - AS2 (v2) connector: Link required, but no connection required
    - AS2 connector: Connection required, but no link required
  • If you use Azure Key Vault for certificate management, check that your vault keys permit the Encrypt and Decrypt operations. Otherwise, the encoding and decoding actions fail.

    1. In the Azure portal, open your key vault. On the key vault menu, under Settings, select Keys.

    2. On the Keys pane, select your key. On the Versions pane, select the key version that you're using.

    3. On the Key Version pane, under Permitted operations, confirm that the Encrypt and Decrypt operations are selected, for example:

      Screenshot showing the Azure portal with the key vault, key, and key version panes open, which has the "Encrypt" and "Decrypt" operations selected.

Encode AS2 messages

Select the tab for either Consumption or Standard logic app workflows:

AS2 v2 connector

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 (v2) action named AS2 Encode to your workflow.

  3. In the action information box, provide the following information:

    Property Required Description
    Message to encode Yes The message payload, for example, the Body output from the Request trigger.

    1. Put your cursor in the Message to encode box so that the dynamic content list opens.
    2. Next to the section name When a HTTP request is received, select See more.
    3. From the outputs list, select Body.
    AS2 from Yes The business identifier for the message sender as specified by your AS2 agreement, for example, Fabrikam.
    AS2 to Yes The business identifier for the message receiver as specified by your AS2 agreement, for example, Contoso.

    Screenshot showing the "AS2 Encode" action with the message encoding properties.

AS2 connector

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 action named Encode to AS2 message to your workflow.

  3. When prompted to create a connection to your integration account, provide the following information:

    Property Required Description
    Connection name Yes A name for the connection
    Integration Account Yes From the list of available integration accounts, select the account to use.

    For example:

    Screenshot showing Consumption workflow and "Encode to AS2 message" connection information.

  4. When you're done, select Create.

  5. In the action information box, provide the following information.

    Property Required Description
    AS2-From Yes The business identifier for the message sender as specified by your AS2 agreement, for example, Fabrikam.
    AS2-To Yes The business identifier for the message receiver as specified by your AS2 agreement, for example, Contoso.
    body Yes The message payload to encode, for example, the Body output from the Request trigger.

    1. Put your cursor in the body box so that the dynamic content list opens.
    2. Next to the section name When a HTTP request is received, select See more.
    3. From the outputs list, select Body.

    Screenshot showing the "Encode to AS2 message" action with the message encoding properties.

Decode AS2 messages

Select the tab for either Consumption or Standard logic app workflows:

AS2 v2 connector

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 (v2) action named AS2 Decode to your workflow.

  3. In the action information box, provide the following information:

    Property Required Description
    body Yes The body for the message to decode, for example, the Body output from the Request trigger.

    1. Put your cursor in the body box so that the dynamic content list opens.
    2. Next to the section name When a HTTP request is received, select See more.
    3. From the outputs list, select Body.
    Headers Yes The headers for the message to decode, for example, the Headers output from the Request trigger.

    1. Put your cursor in the Headers box so that the dynamic content list opens.
    2. Next to the section name When a HTTP request is received, select See more.
    3. From the outputs list, select Headers.

    For example:

    Screenshot showing the "AS2 Decode" action with the "Body" and "Headers" outputs entered from the Request trigger.

AS2 connector

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 action named Decode AS2 message to your workflow.

  3. When prompted to create a connection to your integration account, provide the following information:

    Property Required Description
    Connection name Yes A name for the connection
    Integration Account Yes From the list of available integration accounts, select the account to use.

    For example:

    Screenshot showing Consumption workflow and "Decode AS2 message" connection information.

  4. When you're done, select Create.

  5. In the action information box, provide the following information.

    Property Required Description
    body Yes The message payload, for example, the Body output from the Request trigger.

    1. Put your cursor in the body box so that the dynamic content list opens.
    2. Next to the section name When a HTTP request is received, select See more.
    3. From the outputs list, select Body.
    Headers Yes The headers for the message to decode, for example, the Headers output from the Request trigger.

    1. Put your cursor in the Headers box so that the dynamic content list opens.
    2. Next to the section name When a HTTP request is received, select See more.
    3. From the outputs list, select Headers.

    Screenshot showing the "Decode AS2 message" action with the message decoding properties.

Sample

To try deploying a fully operational logic app and sample AS2 (v2) scenario, review the AS2 (v2) logic app template and scenario.

Troubleshoot problems

  • Problems when sending signed or encrypted messages

    Consider trying different SHA256 algorithm formats. The AS2 specification doesn't provide any information about SHA256 formats, so each provider uses their own implementation or format.

Next steps