AS2 is one of the methods of sending EDI data via the Internet. AS2 lets you encrypt and sign data using certificates to guarantee secure data exchange.
The following Azure resources are needed in order to encode and send a message in AS2 via a logic app:
- Key Vault;
- Integration Account;
- Logic App.
To be able to store the key of the private certificate used to sign the AS2 message, you need a Key Vault type resource. This lets you store keys as well as secrets that can be used to store passwords.
Initially, the key must be imported into a key of the Key Vault (RSA key type is often used to encrypt data).
To be able to call on the key from a logic app, access rights must be granted by selecting “Azure Logic Apps”.
Configure the “integration account”:
The “integration account” Azure resource is essential for AS2 encoding. That is where we will store the certificates, create the partners and also the agreement to configure the type of AS2 sent.
There are two types of certificate: private and public. A private certificate is linked to a key that we previously stored in the Key Vault. The certificate is what allows us to use the key. If the key does not appear in the statements at the time of creation, it might be due to forgetting the Access Policy, as already explained.
The partners refer to the sender and receiver of the message. Two AS2Identity partners must therefore be created.
An agreement defines the rules of communication between two partners. There are several types of agreement on Azure, such as AS2, EDIFACT, and X12.
When creating the agreement, the AS2 type, recipient, and sender of the message must all be defined. When sending, we will configure the sending settings. The private certificate is used to sign the message, and the public certificate is used to encode it.
Once inside the Logic App, use the shape Encode to AS2 message. The value AS2-From must match the input value on creation of the partner who sends the message. AS2-To will be filled with the value representing the partner who receives the message.
Once encoding is complete, simply send it via an HTTP POST. The query is sent with the output encoded data, in the header:
@body('Encode_to_AS2_message')?['AS2Message']?['OutboundHeaders'], and in the body:
In conclusion, the handling of the AS2 protocol in logic apps is quite well designed. The configurations are comprehensive, even though they require a lot of resources such as integration account and key vault.