AS2 – which is short for Applicability Statement 2 – is a secure file transfer protocol used by businesses to exchange data with trading partners. It is most commonly used to enable the structured exchange of electronic business documents such as purchase orders, invoices, and shipping notices.
AS2 is widely adopted across industries including retail, logistics, and manufacturing, where large organizations require standardized and secure communication. Many major retailers mandate AS2 for supplier communications, making it a critical component of modern supply chains. This widespread adoption often leads organizations to ask what is AS2 used for in practice, especially when evaluating communication requirements with large trading partners.
At its core, AS2 enables secure, verified, and auditable data exchange between partners. Each transaction is tied to a unique AS2 ID, which identifies both the sender and recipient, helping establish trusted connections across systems.
AS2 protocol combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing. By utilizing the strengths of each of them, AS2 has become the preferred protocol in many organizations for exchanging sensitive files.
AS2 messages can be compressed, signed, encrypted and sent over an SSL tunnel making the file transfers very secure. And receipts can be sent back to the sender ensuring the messages were delivered successfully. The receipts can be digitally signed and will contain a checksum value that the sender will use to verify the message received is identical to what was sent.
Related Reading: Which is Better: AS2 vs. SFTP?
How Does AS2 Work?
An AS2 connection follows a structured process that allows trading partners to securely send, receive, and verify data. This workflow supports reliable communication between systems while providing visibility into each transaction.
- A file is prepared in the required document format.
- The message is encrypted and digitally signed using certificates to protect the contents and verify the sender.
- The file is transmitted over a secure HTTPS connection through an AS2 gateway.
- The recipient system receives the message, decrypts it, and validates the signature.
- An AS2 MDN (Message Disposition Notification) is generated as a receipt to confirm successful delivery.
- The sender verifies the receipt to confirm message integrity and completion of the transaction.
Each step plays a distinct role in maintaining both security and accountability. Encryption protects the data in transit, while digital signatures confirm the origin of the message. MDNs provide clear confirmation that the file was received and processed as expected, reducing uncertainty between partners.
This process helps confirm that data is delivered securely and verified at each stage for accuracy and authenticity.
Key Features of AS2 Protocol
- Message Encryption: By using the recipient's public certificate AS2 message contents can be encrypted using modern encryption standards such as AES. This helps protect sensitive business data during transmission and reduces the risk of interception.
- Digital Signatures: The message can be signed using the sender's private certificate which allows the recipient to verify the authenticity of the sender. The receipt that is sent back to the sender can also be signed to ensure the identity of the recipient's system. These digital signatures are used for message integrity and non-repudiation of origin. They are typically used in addition to authentication using a username, password, and/or certificate.
- Compression: To improve transmission time, compression can be added to decrease the size of the message.
- Receipt: The Message Disposition Notification (MDN), which is commonly referred to as a receipt, plays an important role in AS2 protocol as it acknowledges that the recipient received the message. It can also be used to verify the identity of the recipient when the receipt is signed. Receipts that are sent back immediately over the same connection are referred to as a synchronous MDN. Receipts can also be sent back at a later time in asynchronous mode. This allows the recipient to process and verify the data before sending back a status to indicate if the transaction was successful.
- Message Integrity Check: With AS2, the recipient will calculate a checksum of the message using MD5, SHA1, or a SHA2 hashing algorithm. This value is referred to as the MIC and is shared with the sender by placing it in the receipt. The sender will calculate a checksum as well using the same algorithm. These two values are then compared to guarantee that the message sent is identical to the message that was received.
- Non-repudiation of Receipt: The use of signatures on the message and receipt creates a Non-Repudiation of Receipt (NRR) event. This creates a verifiable record of delivery and serves as legal and audit proof that the transaction was completed successfully.
Related Reading: An Introduction to AS2
What Are the Benefits of Using AS2?
Organizations rely on AS2 because it provides a reliable and scalable way to exchange business data securely.
One of the primary benefits is strong security. Encryption, authentication, and verification processes work together to protect sensitive transactions and maintain trust between partners. These protections are built directly into the protocol, allowing companies to exchange data without relying on external layers of security.
AS2 also offers reliable delivery confirmation. The use of receipts allows each message to be tracked and verified, reducing uncertainty and manual follow-up. This visibility helps teams quickly identify issues, confirm successful exchanges, and maintain accountability across trading relationships.
Another advantage is operational efficiency. By automating file transfers and confirmations, AS2 reduces the need for manual intervention. This helps streamline workflows, minimize errors, and improve processing times across systems. Businesses can move data faster while maintaining accuracy and control.
It is a practical choice for companies that need standardized communication across multiple partners. This is particularly important for businesses managing complex integration requirements across systems. Standardization allows organizations to onboard new partners more quickly and helps maintain consistency across transactions.
Compared to traditional Value-Added Networks, AS2 can be more cost-effective because it operates over the internet rather than relying on third-party networks. This reduces ongoing fees while still supporting secure, direct communication between partners.
AS2 supports scalability as well. As transaction volumes grow, organizations can expand their use of AS2 without significantly changing their infrastructure. This makes it well suited for businesses experiencing growth or managing large partner ecosystems.
It also supports compliance needs by creating audit trails and verifiable transaction records, which are important for regulated industries.
Where is AS2 Commonly Used?
AS2 is used across industries that require secure, high-volume data exchange between organizations.
In retail supply chains, AS2 is commonly required by large retailers for supplier communications. Vendors must use AS2 to send and receive documents as part of doing business with these companies. This requirement helps standardize communication across large networks of suppliers and partners.
Logistics and transportation companies use AS2 to exchange shipment data, tracking updates, and delivery confirmations between systems and partners. These real-time updates help improve coordination and keep operations running efficiently across complex supply chains.
Manufacturing organizations rely on AS2 for procurement processes, including purchase orders and inventory updates across supplier networks. This allows manufacturers to maintain accurate inventory levels and respond quickly to production needs.
Healthcare providers and organizations also use AS2 to exchange sensitive records securely while maintaining compliance with data protection regulations. Secure communication is critical in this space, where data privacy and accuracy are essential.
Financial services organizations also leverage AS2 for secure transaction processing and reporting. The ability to verify and track each exchange makes it well suited for environments where accuracy and auditability are required.
In many of these environments, AS2 is deployed alongside a MFT gateway, which centralizes file transfers, improves visibility, and supports automation across multiple protocols. This approach allows organizations to manage different transfer methods within a single platform while maintaining control and efficiency.
What are the Challenges with AS2?
Both organizations will need an AS2 solution in order to exchange data. Due to the complex nature of the AS2 protocol with encryption, signatures, and receipts; it is possible that there can be compatibility issues between two separate products. Fortunately, Drummond Group has a rigorous program that validates an AS2 product follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and allows you to focus on the business aspects of data transfers.
GoAnywhere MFT is Drummond Certified™ for AS2 and supports SHA2 algorithms for stronger security, chunked transfer encoding to handle large files, multiple attachments per message, and filename preservation.
AS2-Certified Software for Secure File Transfer
As a Drummond-approved solution, GoAnywhere MFT can meet your AS2 needs. See a live customized demo of our secure file transfer software to see firsthand how GoAnywhere simplifies and supports the data you exchange with your trading partners.
