Edit

Share via

Exchange AS2 messages in B2B workflows using Azure Logic Apps

Applies to: Azure Logic Apps (Consumption + Standard)

To send and receive AS2 messages in workflows that you create using Azure Logic Apps, use the AS2 (v2) connector. This connector provides actions that support and manage AS2 communication. If you need tracking capabilities, the original AS2 connector is still available, but is being deprecated.

Except for tracking capabilities, the AS2 (v2) connector provides the same capabilities as the original AS2 connector. The AS2 (v2) connector runs natively with the Azure Logic Apps runtime and offers significant performance improvements in message size, throughput, and latency. Unlike the original AS2 connector, the AS2 (v2) connector doesn't require that you create a connection to your integration account. Instead, as described in the prerequisites, link your integration account to the logic app resource where you plan to use the connector.

This guide shows how to add the encoding and decoding actions for AS2 (v2) and AS2 to an existing logic app workflow. The AS2 (v2) connector doesn't provide any triggers, so you can use any trigger to start your workflow. The examples in this guide use the Request trigger.

Connector technical reference

The AS2 connector has different versions, based on logic app type and host environment.

Logic app Environment Connector version
Consumption Multitenant Azure Logic Apps AS2 (v2) and AS2 managed connectors, which appear in the connector gallery under Shared. The AS2 connector has one trigger and multiple actions. The AS2 (v2) connector provides only actions. You can use any trigger that works for your scenario. For more information, see:

- AS2 managed connector reference
- AS2 (v2) managed connector operations
- AS2 message limits
Standard Single-tenant Azure Logic Apps, App Service Environment v3 (Windows plans only), and hybrid deployment AS2 (v2) built-in connector, which appears in the connector gallery under Built-in, and AS2 managed connector, which appears in the connector gallery under Shared. The AS2 connector has one trigger and multiple actions. The AS2 (v2) connector provides only actions. You can use any trigger that works for your scenario.

The built-in version differs in the following ways:

- The built-in version can directly access Azure virtual networks. You don't need an on-premises data gateway.

For more information, see:

- AS2 managed connector reference
- AS2 (v2) built-in connector operations
- AS2 message limits

AS2 (v2) operations

The AS2 (v2) connector has no triggers. The following table describes the actions that the AS2 (v2) connector provides for establishing security and reliability when transmitting messages:

Action Description
AS2 Encode action Provides encryption, digital signing, and acknowledgments through Message Disposition Notifications (MDN), which help support nonrepudiation. For example, this action applies AS2/HTTP headers and performs the following tasks when configured:

- Sign outgoing messages.
- Encrypt outgoing messages.
- Compress the message.
- Transmit the file name in the MIME header.
AS2 Decode action Provides decryption, digital signing, and acknowledgments through Message Disposition Notifications (MDN). For example, this action performs the following tasks when configured:

- Process AS2/HTTP headers.
- Reconcile received MDNs with the original outbound messages.
- Update and correlate records in the nonrepudiation database.
- Write records for AS2 status reporting.
- Output payload contents as base64-encoded.
- Determine whether MDNs are required. Based on the AS2 agreement, determine whether MDNs should be synchronous or asynchronous.
- Generate synchronous or asynchronous MDNs based on the AS2 agreement.
- Set the correlation tokens and properties on MDNs.
- Verify the signature.
- Decrypt the messages.
- Decompress the message.
- Check and disallow message ID duplicates.

Prerequisites

  • An Azure account and subscription. If you don't have a subscription yet, sign up for a free Azure account.

  • The logic app resource and workflow where you want to use the AS2 operations.

  • An integration account resource to define and store artifacts for use in enterprise integration and B2B workflows.

    • Both your integration account and logic app resource must exist in the same Azure subscription and Azure region.

    • Defines at least two trading partners that participate in the AS2 operation used in your workflow. The definitions for both partners must use the same business identity qualifier, which is AS2Identity for this scenario.

    • Defines an AS2 agreement between the trading partners that participate in your workflow. Each agreement requires a host partner and a guest partner. The content in the messages between you and the other partner must match the agreement type. For information about agreement settings to use when receiving and sending messages, see AS2 message settings.

  • Before you start working with AS2 (v2) or AS2 operations, you must link your Consumption logic app or link your Standard logic app to an integration account. When you add an AS2 (v2) or AS2 operation, you might also have to create a connection to the integration account:

    Logic app workflow Link required?
    Consumption - AS2 (v2) connector: No connection required
    - AS2 connector: Connection required
    Standard - AS2 (v2) connector: No connection required
    - AS2 connector: Connection required

  • If you use Azure Key Vault for certificate management, check that your vault keys permit the Encrypt and Decrypt operations. Otherwise, the encoding and decoding actions fail.

    1. In the Azure portal, open your key vault resource. On the resource sidebar, under Objects, select Keys.

    2. On the Keys page, select your key. On the Versions page, select the key version that you're using.

    3. On the Key Version page, under Permitted operations, confirm that Encrypt and Decrypt are selected.

      Screenshot shows the Azure portal and key vault resource with the key and key version pages open and the selected Encrypt and Decrypt operations.

Encode AS2 messages

To encode messages with the AS2 (v2) connector or the AS2 connector, follow the corresponding steps.

AS2 v2 connector

To encode messages with the AS2 (v2) connector, follow these steps:

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 (v2) action named AS2 Encode to your workflow.

  3. In the action information pane, provide the following information:

    Parameter Required Description
    Message to encode Yes The message payload to encode, for example, the Body output from the Request trigger.

    1. Select inside the Message to encode box, then select the lightning icon to open the dynamic content list.
    2. Next to the section name When an HTTP request is received, select See more.
    3. From the list, select Body.
    AS2 from Yes The business identifier for the message sender as specified by your AS2 agreement, for example, Fabrikam.
    AS2 to Yes The business identifier for the message receiver as specified by your AS2 agreement, for example, Contoso.

    For example, the message payload is the Body content output from the Request trigger:

    Screenshot shows the workflow designer and AS2 Encode action with the message encoding properties.

AS2 connector

To encode messages with the AS2 connector, follow these steps:

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 action named Encode to AS2 message to your workflow.

  3. When prompted to create a connection to your integration account, provide the following information:

    Parameter Required Description
    Connection Name Yes A name for the connection.
    Integration Account ID Yes The name for your integration account.
    Integration Account SAS URL Yes The callback URL for your integration account.

    For example:

    Screenshot shows Encode to AS2 message connection information.

  4. When you're done, select Create new.

  5. In the action information pane, provide the following information.

    Parameter Required Description
    AS2-From Yes The business identifier for the message sender as specified by your AS2 agreement, for example, Fabrikam.
    AS2-To Yes The business identifier for the message receiver as specified by your AS2 agreement, for example, Contoso.
    body Yes The message payload to encode, for example, the Body output from the Request trigger.

    1. Select inside the body box, then select the lightning icon to open the dynamic content list.
    2. Next to the section name When an HTTP request is received, select See more.
    3. From the list, select Body.

    Screenshot shows the Encode to AS2 message action with the message encoding properties.

Decode AS2 messages

To decode messages with the AS2 (v2) connector or the AS2 connector, follow the corresponding steps.

AS2 v2 connector

To decode messages with the AS2 (v2) connector, follow these steps:

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 (v2) action named AS2 Decode to your workflow.

  3. In the action information pane, provide the following information:

    Parameter Required Description
    Message to decode Yes The message payload to decode, for example, the Body output from the Request trigger.

    1. Select inside the Message to decode box, then select the lightning icon to open the dynamic content list.
    2. Next to the section name When an HTTP request is received, select See more.
    3. From the list, select Body.
    Message headers Yes The headers for the message to decode, for example, the Headers output from the Request trigger.

    1. Select inside the Message headers box, then select the function icon to open the expression editor.
    2. In the editor box, enter the following expression:

    triggerOutputs()?['headers']

    3. When you're done, select Add.

    For example:

    Screenshot shows the workflow designer and AS2 Decode action with the message decoding properties.

AS2 connector

To decode messages with the AS2 connector, follow these steps:

  1. In the Azure portal, open your logic app resource and workflow in the designer.

  2. In the designer, follow these general steps to add the AS2 action named Decode AS2 message to your workflow.

  3. When prompted to create a connection to your integration account, provide the following information:

    Parameter Required Description
    Connection Name Yes A name for the connection.
    Integration Account ID Yes The resource ID for your integration account, which has the following format:

    /subscriptions/<Azure-subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.Logic/integrationAccounts/<integration-account-name>

    For example:
    /subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/integrationAccount-RG/providers/Microsoft.Logic/integrationAccounts/myIntegrationAccount

    To find this resource ID, follow these steps:

    1. In the Azure portal, open your integration account.
    2. On the integration account sidebar, select Overview.
    3. On the Overview page, select JSON View.
    4. From the Resource ID property, copy the value.
    Integration Account SAS URL Yes The request endpoint URL that uses shared access signature (SAS) authentication to provide access to your integration account. This callback URL has the following format:

    https://<request-endpoint-URI>sp=<permissions>sv=<SAS-version>sig=<signature>

    For example:
    https://prod-04.west-us.logic-azure.com:443/integrationAccounts/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb?api-version=2015-08-1-preview&sp=XXXXXXXXX&sv=1.0&sig=aB1cD2eF-3gH4iJ5kL6-mN7oP8qR

    To find this URL, follow these steps:

    1. In the Azure portal, open your integration account.
    2. On the integration account sidebar, under Settings, select Callback URL.
    3. From the Generated Callback URL property, copy the value.

    For example:

    Screenshot shows Decode AS2 message connection information.

  4. When you're done, select Create new.

  5. In the action information pane, provide the following values:

    Parameter Required Description
    body Yes The message payload, for example, the Body output from the Request trigger.

    1. Select inside the body box, then select the lightning icon to open the dynamic content list.
    2. Next to the section name When an HTTP request is received, select See more.
    3. From the list, select Body.
    Headers Yes The headers for the message to decode, for example, the Headers output from the Request trigger.

    1. Select inside the Headers box, then select the function icon to open the expression editor.

    2. In the editor box, enter the following expression:

    triggerOutputs()?['headers']

    3. When you're done, select Add.

    For example:

    Screenshot shows the Decode AS2 message action with the Body entered from the Request trigger.

Sample

To deploy a fully functioning logic app workflow and sample AS2 (v2) scenario, see the AS2 (v2) logic app template and scenario.

Troubleshoot problems

  • Problems when sending signed or encrypted messages

    Consider trying different SHA256 algorithm formats. The AS2 specification doesn't provide any information about SHA256 formats, so each provider uses their own implementation or format.

Related content