API Overview
The AS2aaS API provides programmatic access to all platform functionality through RESTful HTTP endpoints. This document covers API fundamentals, authentication, and core concepts.
Base Configuration
Endpoints
| Service | Base URL | Purpose |
|---|
| REST API | https://api.as2aas.com | All API operations |
| AS2 Receiving | https://as2.as2aas.com | Inbound AS2 messages |
Transport Requirements
| Requirement | Specification |
|---|
| Protocol | HTTPS only |
| TLS Version | 1.2 minimum, 1.3 recommended |
| Port | 443 |
| Content Type | application/json |
| Character Encoding | UTF-8 |
Authentication
API Key Authentication
All API requests require Bearer token authentication.
| Header | Type | Required | Format | Description |
|---|
Authorization | string | Yes | Bearer {api_key} | API key authentication |
Content-Type | string | Yes | application/json | Request content type |
Accept | string | Yes | application/json | Response content type |
| Header | Type | Format | Description |
|---|
X-Tenant-ID | string | tnt_000001 | Switch tenant context |
Idempotency-Key | string | UUID v4 | Prevent duplicate operations |
User-Agent | string | Application identifier | Client identification |
API Key Types
| Key Type | Prefix | Environment | Billing Impact | Usage |
|---|
| Test | pk_test_ | Sandbox | None | Development and testing |
| Live | pk_live_ | Production | Billable | Production messaging |
Data Types
Primitive Types
| Type | Format | Constraints | Example |
|---|
string | UTF-8 text | Variable length | "example text" |
integer | Signed 32-bit | -2,147,483,648 to 2,147,483,647 | 42 |
boolean | true/false | - | true |
datetime | ISO 8601 | UTC timezone | "2024-01-15T10:30:00.000000Z" |
enum | Predefined values | Case sensitive | "active" |
array | JSON array | - | ["item1", "item2"] |
object | JSON object | - | {"key": "value"} |
Resource Identifiers
| Resource | Prefix | Format | Pattern | Example |
|---|
| Tenant | tnt_ | 6 digits | tnt_\d{6} | tnt_000001 |
| Partner | prt_ | 6 digits | prt_\d{6} | prt_000001 |
| Message | msg_ | 6 digits | msg_\d{6} | msg_000001 |
| Certificate | cert_ | 6 digits | cert_\d{6} | cert_000001 |
| API Key | key_ | 6 digits | key_\d{6} | key_000001 |
| Webhook | wh_ | 6 digits | wh_\d{6} | wh_000001 |
HTTP Methods
Method Usage
| Method | Purpose | Idempotent | Cacheable |
|---|
GET | Retrieve resources | Yes | Yes |
POST | Create resources | No* | No |
PATCH | Partial resource update | No* | No |
PUT | Full resource replacement | Yes | No |
DELETE | Remove resources | Yes | No |
*Idempotent when used with Idempotency-Key header
Rate Limiting
Rate Limits by Plan
| Plan | Requests/Minute | Burst Limit | Concurrent Requests |
|---|
| Free | 100 | 20 | 5 |
| Starter | 300 | 60 | 10 |
| Professional | 1,000 | 200 | 25 |
| Enterprise | Custom | Custom | Custom |
| Header | Type | Description |
|---|
X-RateLimit-Limit | integer | Total requests allowed per window |
X-RateLimit-Remaining | integer | Requests remaining in current window |
X-RateLimit-Reset | integer | Unix timestamp when limit resets |
Retry-After | integer | Seconds to wait before retrying |
| Parameter | Type | Default | Maximum | Description |
|---|
page | integer | 1 | - | Page number (1-indexed) |
per_page | integer | 20 | 100 | Items per page |
| Field | Type | Description |
|---|
current_page | integer | Current page number |
last_page | integer | Total number of pages |
per_page | integer | Items per page |
total | integer | Total number of items |
from | integer | First item number on current page |
to | integer | Last item number on current page |
Error Handling
HTTP Status Codes
| Status | Name | Usage |
|---|
| 200 | OK | Successful GET, PATCH, PUT, DELETE |
| 201 | Created | Successful POST creating new resource |
| 202 | Accepted | Asynchronous operation accepted |
| 400 | Bad Request | Invalid request syntax or parameters |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Valid authentication but insufficient permissions |
| 404 | Not Found | Requested resource does not exist |
| 422 | Unprocessable Entity | Request validation failed |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Server-side error |
| 503 | Service Unavailable | Temporary service outage |
Error Categories
| Category | HTTP Status | Description |
|---|
authentication_error | 401 | Authentication required or failed |
authorization_error | 403 | Insufficient permissions |
validation_error | 422 | Request data validation failed |
resource_error | 404 | Requested resource not found |
rate_limit_error | 429 | Rate limit exceeded |
transmission_error | 400 | AS2 message transmission failed |
certificate_error | 400 | Certificate validation or processing failed |
billing_error | 402 | Billing or usage limit issue |
server_error | 500 | Internal server error |
Idempotency
Supported Operations
| Endpoint | Method | Idempotency Support |
|---|
/v1/messages | POST | Yes |
/v1/partners | POST | Yes |
/v1/partners/{id} | PATCH | Yes |
/v1/certificates | POST | Yes |
/v1/webhook-endpoints | POST | Yes |
/v1/webhook-endpoints/{id} | PATCH | Yes |
Idempotency Key Specification
| Attribute | Requirement |
|---|
| Format | UUID version 4 |
| Header Name | Idempotency-Key |
| Uniqueness Scope | Per tenant |
| Retention Period | 24 hours |
| Collision Behavior | Returns original response |
Content Encoding
Request Encoding
| Content Type | Encoding | Description |
|---|
application/json | UTF-8 | JSON request bodies |
multipart/form-data | Binary | File uploads |
application/x-www-form-urlencoded | UTF-8 | Form submissions |
Response Encoding
| Content Type | Encoding | Description |
|---|
application/json | UTF-8 | JSON response bodies |
application/octet-stream | Binary | File downloads |
text/plain | UTF-8 | Plain text responses |
Request/Response Examples
Successful Request
POST /v1/partners HTTP/1.1
Host: api.as2aas.com
Authorization: Bearer pk_live_abc123def456ghi789jkl012mno345pqr678stu901
Content-Type: application/json
Accept: application/json
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000
{
"name": "Acme Corporation",
"as2_id": "ACME-CORP-AS2",
"url": "https://acme.example.com/as2",
"sign": true,
"encrypt": true
}
HTTP/1.1 201 Created
Content-Type: application/json
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 299
X-RateLimit-Reset: 1705320600
{
"message": "Partner created successfully",
"data": {
"id": "prt_000001",
"name": "Acme Corporation",
"as2_id": "ACME-CORP-AS2",
"url": "https://acme.example.com/as2",
"active": true,
"sign": true,
"encrypt": true,
"created_at": "2024-01-15T10:30:00.000000Z"
}
}
Error Response
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
{
"message": "Validation failed",
"errors": {
"as2_id": [
"The AS2 ID field is required",
"The AS2 ID must not contain spaces"
],
"url": [
"The URL must be a valid HTTPS endpoint"
]
}
}