Version 2.2.3

S3 Integration


MFT Gateway maintains its user-facing data (files, receipts etc.) in an AWS S3 bucket dedicated for your tenant. This section guides you to gain programmatic access to this S3 bucket, to integrate and automate your B2B file transfers via AWS API calls.

MFT Gateway enables S3 lifecycle rules by default to manage objects stored in buckets. Objects stored under the following directories of the S3 bucket will be moved to non current status after 35 days and will be permanently deleted in 35 days after moving into non current status (70 days after the creation).

  • AS2/files
  • AS2/raw-message
  • AS2/raw-mdn
  • AS2/headers

Also, objects stored in AS2/tmp directory will be moved into non current status in 1 day and will be permanently deleted after 2 days from the creation.

Getting your Access Keys

MFT Gateway grants you access to the S3 bucket via AWS access keys. Follow these steps to obtain your access keypair:

S3 Integration

  1. Navigate to the S3 integration page of the respective service, e.g. AS2 S3 integration.
  2. Revise the terms and the notice about losing credentials, and tick the Read and understood terms checkbox.
  3. The keypair will get downloaded as a CSV file.

S3 Access Activated

The keys will be downloaded only once! If you lose them, you will have to generate a new keypair.

S3 Structure

Once the keys are ready, you can use them to access the bucket through the AWS SDK (available for several programming languages) or ready-made tools like s3cmd or AWS CLI.

export AWS_ACCESS_KEY_ID=yourAccessKey
export AWS_SECRET_ACCESS_KEY=yourAccessSecret
export AWS_DEFAULT_REGION=us-east-1

aws s3 ls s3://<mftg-yourtenantname>

You will observe root-level prefixes (folders) corresponding to different MFT services enabled on your MFTG account.

For convenience, we shall refer to S3 path prefixes as “folders” and “paths”, moving forward.

Each service path contains folders specific to that service. Some of these are internally used by MFTG; do not attempt to modify their content. (In most cases, your keypair will not have access to them at all.)

Automation via S3 API/Tools


If your service supports automatically picking up and sending files added via S3, you can simply upload (PutObject) the files into the respective path:

aws s3 cp <local-file> s3://<mftg-yourtenantname>/AS2/send/<station-AS2-id>/<partner-AS2-id>/


Received files will be persisted to a service-specific path on the bucket. You can fetch/download (GetObject) them from that path:

aws s3 cp s3://<mftg-yourtenantname>/AS2/files/<station-AS2-id>/<partner-AS2-id>/inbox/<timestamp-random-number>/<attachment-name> <local-path>