Version 1.0

S3 Integration


MFT Gateway maintains its user-facing data (files, receipts etc.) in an AWS S3 bucket dedicated for your tenant. This section guides you to gain programmatic access to this S3 bucket, to integrate and automate your B2B file transfers via AWS API calls.

Getting your Access Keys

MFT Gateway grants you access to the S3 bucket via AWS access keys. Follow these steps to obtain your access keypair:

S3 Integration

  1. Navigate to the S3 integration page of the respective service, e.g. AS2 S3 integration.
  2. Revise the terms and the notice about losing credentials, and tick the Read and understood terms checkbox.
  3. Click Get Credentials. The keypair will get downloaded as a CSV file.

S3 Access Activated

The keys will be downloaded only once! If you lose them, you will have to generate a new keypair.

S3 Structure

Once the keys are ready, you can use them to access the bucket through the AWS SDK (available for several programming languages) or ready-made tools like s3cmd or AWS CLI.

export AWS_ACCESS_KEY_ID=yourAccessKey
export AWS_SECRET_ACCESS_KEY=yourAccessSecret
export AWS_DEFAULT_REGION=us-east-1

aws s3 ls s3://<mftg-yourtenantname>

You will observe root-level prefixes (folders) corresponding to different MFT services enabled on your MFTG account.

For convenience, we shall refer to S3 path prefixes as “folders” and “paths”, moving forward.

Each service path contains folders specific to that service. Some of these are internally used by MFTG; do not attempt to modify their content. (In most cases, your keypair will not have access to them at all.)

Automation via S3 API/Tools


If your service supports automatically picking up and sending files added via S3, you can simply upload (PutObject) the files into the respective path:

aws s3 cp <local-file> s3://<mftg-yourtenantname>/AS2/send/<station-AS2-id>/<partner-AS2-id>/


Received files will be persisted to a service-specific path on the bucket. You can fetch/download (GetObject) them from that path:

aws s3 cp s3://<mftg-yourtenantname>/AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/<timestamp-random-number>/<attachment-name> <local-path>