Troubleshooting
This guide provides solutions to common issues encountered when integrating with AS2aaS.
Table of Contents
- Authentication Issues
- Message Delivery Problems
- Partner Configuration Issues
- Certificate Problems
- Webhook Delivery Issues
- Performance Issues
- Getting Support
Authentication Issues
Invalid API Key Error
Symptoms:
- HTTP 401 Unauthorized responses
- Error message: "Unauthenticated" or "Invalid API key"
Diagnostic Steps:
| Step | Action | Expected Result |
|---|---|---|
| 1 | Verify API key format | Should start with pk_test_ or pk_live_ |
| 2 | Check key length | Should be 64+ characters |
| 3 | Verify Authorization header | Format: Bearer pk_live_... |
| 4 | Test key in dashboard | Key should appear in API Keys list |
Solutions:
| Cause | Solution |
|---|---|
| Incorrect key format | Copy key exactly from dashboard |
| Deleted or expired key | Generate new API key |
| Wrong environment | Use test key for development, live key for production |
| Missing Bearer prefix | Include Bearer before the API key |
Rate Limiting
Symptoms:
- HTTP 429 Too Many Requests
X-RateLimit-Remaining: 0header
Rate Limits by Plan:
| Plan | Requests/Minute | Burst Limit | Recommended Action |
|---|---|---|---|
| Free | 100 | 20 | Implement request queuing |
| Starter | 300 | 60 | Use exponential backoff |
| Professional | 1,000 | 200 | Monitor usage patterns |
| Enterprise | Custom | Custom | Contact support for adjustment |
Implementation:
async function makeApiRequestWithBackoff(url, options, maxRetries = 3) {
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
const response = await fetch(url, options);
if (response.status === 429) {
const retryAfter = parseInt(response.headers.get('Retry-After')) || Math.pow(2, attempt);
await new Promise(resolve => setTimeout(resolve, retryAfter * 1000));
continue;
}
return response;
} catch (error) {
if (attempt === maxRetries) throw error;
await new Promise(resolve => setTimeout(resolve, Math.pow(2, attempt) * 1000));
}
}
}
Message Delivery Problems
Message Stuck in "Queued" Status
Diagnostic Steps:
| Check | Command | What to Look For |
|---|---|---|
| Partner status | GET /v1/partners/{id} | active: true |
| Partner URL | Test endpoint manually | HTTPS accessibility |
| Certificates | GET /v1/certificates | Valid, non-expired certificates |
| Message logs | Dashboard → Messages → View Details | Specific error messages |
Common Causes:
| Issue | Symptoms | Solution |
|---|---|---|
| Partner endpoint down | Connection timeouts | Contact partner to verify endpoint |
| Invalid certificates | Certificate validation errors | Upload valid certificates |
| Network connectivity | DNS or connection failures | Verify firewall and network settings |
| Partner configuration | AS2 ID mismatch | Verify AS2 identifiers match |
MDN Not Received
Diagnostic Checklist:
| Item | Check | Resolution |
|---|---|---|
| MDN mode | Partner configuration shows async or sync | Set appropriate MDN mode |
| Partner MDN support | Partner supports MDN responses | Confirm with partner |
| MDN endpoint | Partner can reach your MDN endpoint | Provide correct MDN URL |
| Certificate for MDN signing | Valid signing certificate configured | Upload/renew signing certificate |
MDN Troubleshooting:
# Check message MDN status
GET /v1/messages/{message_id}
# Look for mdn_status field:
# - "pending": MDN requested but not received
# - "received": MDN successfully received
# - "failed": MDN delivery failed
# - "timeout": MDN not received within timeout
Partner Configuration Issues
Partner Connection Test Failures
Test Types and Common Failures:
| Test Type | Common Failures | Diagnostic Actions |
|---|---|---|
ping | DNS resolution, connection timeout | Verify URL, check network connectivity |
mdn | MDN endpoint unreachable | Verify partner's MDN endpoint configuration |
full | AS2 protocol errors | Check AS2 ID configuration, certificates |
Connection Test Response Analysis:
{
"success": false,
"results": {
"connectivity": "failed",
"error": "Connection timeout"
},
"timeline": [
{
"step": "DNS resolution",
"status": "success",
"duration_ms": 15
},
{
"step": "TCP connection",
"status": "failure",
"duration_ms": 60000,
"details": "Connection timeout after 60 seconds"
}
]
}
AS2 ID Configuration Problems
Validation Rules:
| Rule | Specification | Invalid Examples | Valid Examples |
|---|---|---|---|
| Character set | Alphanumeric, hyphens, underscores | ACME CORP (space) | ACME-CORP-AS2 |
| Length | 1-50 characters | A (too short for some systems) | ACME-CORPORATION-AS2 |
| Case sensitivity | Exact match required | acme-corp vs ACME-CORP | Use consistent casing |
| Uniqueness | Must be unique per tenant | Duplicate AS2 IDs | Each partner needs unique ID |
Certificate Problems
Certificate Upload Failures
Common Certificate Issues:
| Error | Cause | Solution |
|---|---|---|
INVALID_FORMAT | Unsupported certificate format | Convert to PEM format |
EXPIRED_CERTIFICATE | Certificate past expiration date | Obtain new certificate |
INVALID_KEY_USAGE | Certificate lacks required key usage | Use certificate with correct key usage |
PRIVATE_KEY_MISMATCH | Private key doesn't match certificate | Verify key pair correspondence |
INCOMPLETE_CHAIN | Missing intermediate certificates | Include full certificate chain |
Certificate Format Requirements:
| Format | File Extension | Usage | Notes |
|---|---|---|---|
| PEM | .pem, .crt | Preferred | Base64 encoded with headers |
| DER | .der, .cer | Supported | Binary format |
| PKCS#12 | .p12, .pfx | Identity certificates | Includes private key |
Certificate Validation
Validation Process:
POST /v1/certificates/{id}/validate
Validation Checks:
| Check | Description | Failure Resolution |
|---|---|---|
| Format validation | Certificate structure and encoding | Re-export certificate in correct format |
| Expiry check | Certificate validity period | Renew certificate before expiration |
| Key usage validation | Certificate supports required operations | Use certificate with correct key usage extensions |
| Chain validation | Certificate chain completeness | Include intermediate CA certificates |
Webhook Delivery Issues
Webhook Endpoint Not Receiving Events
Diagnostic Steps:
| Step | Check | Tool |
|---|---|---|
| 1 | Endpoint accessibility | curl -X POST https://your-endpoint.com/webhooks |
| 2 | SSL certificate validity | Browser or SSL checker |
| 3 | Response time | Should respond within 10 seconds |
| 4 | Response status | Must return 2xx status code |
| 5 | Webhook configuration | Verify events and URL in dashboard |
Webhook Requirements:
| Requirement | Specification | Notes |
|---|---|---|
| Protocol | HTTPS only | HTTP endpoints not supported |
| Response time | < 10 seconds | Longer responses treated as timeout |
| Status codes | 2xx range | Any non-2xx triggers retry |
| Content type | Accept application/json | Webhook payloads are JSON |
Webhook Signature Verification
Signature Verification Implementation:
const crypto = require('crypto');
function verifyWebhookSignature(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload, 'utf8')
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature.replace('sha256=', ''), 'hex'),
Buffer.from(expectedSignature, 'hex')
);
}
Common Signature Issues:
| Issue | Cause | Solution |
|---|---|---|
| Signature mismatch | Incorrect secret or payload | Verify webhook secret in dashboard |
| Missing signature header | Header not included in request | Check for X-Signature header |
| Encoding problems | Payload encoding mismatch | Use raw request body for verification |
Performance Issues
Slow API Responses
Performance Optimization:
| Issue | Cause | Solution |
|---|---|---|
| Large response payloads | Requesting too much data | Use pagination and filtering |
| Inefficient queries | Fetching unnecessary data | Request only required fields |
| Network latency | Geographic distance | Consider regional endpoints |
| Concurrent request limits | Too many simultaneous requests | Implement request queuing |
Optimal Request Patterns:
| Pattern | Implementation | Benefit |
|---|---|---|
| Pagination | Use appropriate per_page values | Faster response times |
| Filtering | Apply specific filters | Reduced data transfer |
| Caching | Cache stable data locally | Fewer API requests |
| Batch operations | Group related operations | Improved efficiency |
Message Processing Delays
Processing Time Factors:
| Factor | Impact | Optimization |
|---|---|---|
| Message size | Linear increase | Enable compression |
| Encryption | Moderate increase | Use efficient algorithms |
| Partner response time | Variable | Monitor partner performance |
| Network conditions | Variable | Implement retry logic |
Getting Support
Self-Service Resources
| Resource | URL | Use Case |
|---|---|---|
| System Status | https://status.as2aas.com | Check for known issues |
| Dashboard Logs | Dashboard → Messages → Details | View specific error messages |
| Testing Tools | Dashboard → Testing Tools | Reproduce issues safely |
| API Documentation | https://docs.as2aas.com | Verify API usage |
Information to Include When Contacting Support
For Message Issues
- Message ID
- Partner ID
- Timestamp of issue
- Error message or status
- Expected vs actual behavior
For Partner Issues
- Partner ID
- AS2 ID
- Partner endpoint URL
- Connection test results
- Certificate information
For API Issues
- HTTP status code
- Complete error response
- Request details (without sensitive data)
- API key prefix (not full key)
- Timestamp of request
Support Channels
| Channel | Response Time | Use Case |
|---|---|---|
| Email ([email protected]) | 4-24 hours | General support questions |
| Enterprise Support | 2-4 hours | Paid plan customers |
| Emergency ([email protected]) | 15 minutes | Production outages (Enterprise only) |
Escalation Process
- Self-service - Check documentation and status page
- Dashboard tools - Use testing and diagnostic tools
- Email support - Provide detailed issue description
- Phone support - Enterprise customers for urgent issues
- Emergency escalation - Production-critical issues only
Diagnostic Commands
Quick Health Check
# Test API connectivity
curl -H "Authorization: Bearer pk_test_your_key" \
https://api.as2aas.com/v1/partners
# Check specific partner
curl -H "Authorization: Bearer pk_test_your_key" \
https://api.as2aas.com/v1/partners/prt_000001
# Test partner connection
curl -X POST \
-H "Authorization: Bearer pk_test_your_key" \
-H "Content-Type: application/json" \
-d '{"test_type": "ping"}' \
https://api.as2aas.com/v1/partners/prt_000001/test
Message Debugging
# Get message details
curl -H "Authorization: Bearer pk_test_your_key" \
https://api.as2aas.com/v1/messages/msg_000001
# Check recent messages
curl -H "Authorization: Bearer pk_test_your_key" \
"https://api.as2aas.com/v1/messages?per_page=5&sort=created_at:desc"
Certificate Validation
# List certificates with expiry information
curl -H "Authorization: Bearer pk_test_your_key" \
https://api.as2aas.com/v1/certificates
# Validate specific certificate
curl -X POST \
-H "Authorization: Bearer pk_test_your_key" \
https://api.as2aas.com/v1/certificates/cert_000001/validate