EDI Communication Protocols - AS2, VAN, OFTP2, SFTP, FTP, RosettaNet, API (REST & SOAP)
Applicability Statement (AS2)
AS2 is an http based Client-Server program to transfer files between two systems. It can be used to transmit any type of data however you can restriction as to what kind of data is transmitted. If you set the message content type as ANSI X12, only this standard data will be allowed and other data will be rejected.
AS2 must be installed on two systems to exhcange data. The same software acts as a Server as well as a Client. Both parties will be required to share their configuration which includes an AS2 ID (Unique on both sides), HTTP url for receiving messages, certificate for data encryption and signing. The communication can be made secured by using an SSL certificate. Both parties have an option to either use a self signed created certificate or a third party certificate like Godaddy, Symantec, Digicert, Rapid SSL. Now a days, most organizations are opting for a CA certified certificates. The exhcnage partners will also need to specify the Encryption Algorithm and MDN mode. MDN is a Message Disposition Notification which is given by a receiver to the sender when a message is received. For every single message an MDN is generated, either successful or unsuccessful. Every AS2 transfer will have an unique Message ID, similarly every MDN will have an unique MDN Message ID. This information can be used to for tracing transfers.
The sender initiates a transfer.
The sender encrypts the file with the receiver’s public key;
The sender signs the file with the sender’s private key;
The sender transmits the whole message to the receiver’s AS2 server;
The sender posts file on the receivers AS2 URL.
The receiver identifies the sender by AS2 ID;
The receiver validates the file with the sender’s public key;
The receiver decrypts the file with the receiver’s private key;
The receiver sends an MDN back to the sender, encrypted and signed (reverse of the keys above), acknowledging the successful receipt of the file;
The sender verifies the MDN and the transfer is complete.
MDN is not dependent on message content. It just checks if the sender is valid, data is encrypted with correct certificates.
Due to encryption and signing of message content, there is no threat for messgage integrity. In the early days (2005) the Drummond Group and its certification were critical to getting all the new AS2 developers on board and adhering to the standard. Now the need for that is less as there is plenty of existing AS2 to test new systems against. Either they work or they don’t.
Drummond Group certification is very important for any AS2 software as it validates interportability between different AS2 vendors.
Tech-Agile has AS2 experts who have worked on different AS2 vendors which are given below,
IBM Sterling B2B Integrator
Value Added Network
Tech Agile EDI uses different EDI VAN services to connect to the Trading Community.
This solution consists of flexible cloud solutions to help optimize your B2B process automation. The suite of services includes community services, transformation services, visibility services, and software-as-a service.
The solution is built on a security-rich and flexible service-oriented architecture (SOA), enabling it to process up to 5 million transactions a day from virtually any system, of virtually any data type, format, and/or communication protocol. It helps you overcome the barriers of incompatible systems and standards to help you do business with virtually anyone, anywhere.
The VAN has the following benefits,
Enables “virtually any partner, virtually any format” capability
Faster reaction to marketplace changes
Increased data protection
Improved B2B processes And more.
EDI Integration through API
Companies are moving away from traditional data integration methods which allowed direct access to the database to a more secured form in Application Partner Interfaces (API).
APIs can be accessed through either SOAP or REST. Both have their own advantages. Recent studies have shown a surge in Web Service adoption by major retailers and marketplace players. For some there is no other way to access the data except for APIs.
Marketplace players like Best Buy, Walmart, Rakuten, Amazon give access to the sellers through Web Services. Since every company like Netsuite have its own way of Web Service set up, it becomes challenging to companies to have an inftrastructure to connect to all these APIs.
Tech-Agile’s Connectors makes integration through Web Services a very simple process. We have integration connectors which are already working with customers to integrate data through Web Services for Walmart, Amazon, Purolator, Netsuite, Best Buy and many more. We have a team of API experts who can set up any new Web Service connection.
Odette File Transfer Protocol v2
Exchanging files via local or regional networks is no longer the best option – the most cost-effective method for exchanging large volumes of data efficiently is via the public internet.
is tailored to the specific communications requirements of automotive industry stakeholders and is the most widely used protocol for the exchange of mission critical automotive data across the public internet. It provides flawless and secure transmission between organisations which use a wide range of different communication software systems, ensuring that confidential and sensitive information is transmitted quickly and in complete safety.
The OFTP2 specification (recognized by the Internet Engineering Task Force as RFC5024) was developed, and is continually maintained, by the Odette OFTP2 Experts Group, consisting of telecommunications experts from major automotive companies and technology service providers.
Odette does not develop or sell OFTP2 software, they leave this to our technology service provider partners, but they carry out testing of their OFTP2 software to ensure that they respect the Odette specification and can interoperate seamlessly with each other.
Multi-function: The protocol supports the transfer of both engineering data and commercial information (eg. EDI).
Large file size: Transmitting large volumes of data, such as engineering designs or large EDI interchanges (e.g. delivery schedules), is straightforward with OFTP2 which includes file compression and check point restarts as a standard feature.
Network-independent: OFTP2 works over any IP-based network including the public internet, the foundation of all business-to-business communication.
Traceability: Follow up, receipt and non-repudiation functions across any network allow continuous open communication.
Low cost solution: OFTP2 is inexpensive to implement and use; it delivers significant cost-savings by providing quick, easy and secure exchange of large volumes of sensitive information.
OFTP2 is implemented by the majority of automotive companies including Audi, BMW, Daimler, Ford, Hyundai, MAN, Opel, PSA, Scania, Skoda, Volkswagen and Volvo along with most large Tier 1 suppliers.
Advanced security functionality ensures confidentiality with multiple levels of protection:
Transport Layer Security (SSL/TLS)
Meeting the latest security challenges
The Odette OFTP2 Experts Group regularly reviews the protocol in order to ensure that it always meets current business and security requirements. The Group has recommended several updates to the OFTP2 Implementation Guidelines to ensure that the extensive OFTP2 community remains secure.
SHA-256 algorithm: Several announcements have been made by the IT industry regarding certificates which are signed using the SHA-1 signature algorithm which is considered capable of being broken at some time in the near future. The Odette Certificate Authority (CA) has therefore switched to signing its certificates using signature algorithm SHA-256 (commonly known as SHA-2). All Odette recommended OFTP2 softwares, from providers who have taken an active part in the development of the revised guidelines, have been tested to ensure that they can handle SHA-256 signed certificates.
PFS – Perfect Forward Secrecy: the previous system using asymmetric keys to secure transmission sessions is considered vulnerable to security breaches: if a hacker records the encrypted data exchange and obtains the private key, they may decrypt the whole content of data exchanged. A different system – Perfect Forward Secrecy – prevents this possibility. The community has therefore agreed to make PFS, used in connection with a Diffie Hellmann Ephemeral (DHE) algorithm, the default method of setting up a secure channel (Transport Layer Security – TLS) and a cipher using this method should be offered as the first option to establish sessions security.