Skip to main content

AS2 Receiver Credential

The AS2 Receiver credential configures Splice's inbound AS2 endpoint. It tells the AS2 webhook which keypair to use to decrypt messages a partner sends to you and to sign the MDNs you return, and — optionally — which partner certificate to trust when verifying the signature on inbound messages.

This is the receiving counterpart to the AS2 Client credential, which handles outbound sends. Where the AS2 Client signs and encrypts messages you send, the AS2 Receiver decrypts and verifies messages you receive.

Overview

When a trading partner posts an AS2 message to your Splice endpoint, Splice must:

  1. Decrypt the message using your receiver private key.
  2. Verify the partner's signature on the message (when a partner signer certificate is configured).
  3. Sign and return an MDN acknowledging receipt, using the same receiver keypair.

The AS2 Receiver credential references Certificate credentials for this material rather than embedding raw keys, so certificates can be rotated and reused independently of the receiver configuration.

Required Setup

Before creating the AS2 Receiver credential you need:

Certificate CredentialContainsPurpose
Receiver CertificateYour X.509 certificate and matching private keyDecrypts inbound messages and signs returned MDNs
Partner Signer Certificate (optional)The partner's signing certificateVerifies the signature on inbound AS2 messages
Certificate Exchange

Send the partner the public half of your receiver certificate so they can encrypt messages to you. They send you the certificate they sign with, which you store as the Partner Signer Certificate. Never share your receiver private key.

Credential Fields

Receiver Certificate (required)

The Certificate credential holding your receiver keypair. It must include a private key — without it Splice cannot decrypt inbound messages or sign MDNs. The same certificate's public half is what partners use to encrypt messages addressed to you.

Partner Signer Certificate

(Optional) The Certificate credential holding the partner's signing certificate, used to verify the signature on inbound AS2 messages.

  • Configured — inbound signatures are verified against this specific certificate. This pins trust to the partner you expect.
  • Unset — verification falls back to permissive validation: the signature math is checked, but the message is accepted without confirming it was signed by a specific known certificate.

For production partner relationships, configure this field so a message must be signed by the partner's certificate to be accepted. Leave it unset only for permissive setups or during onboarding.

Example Configurations

Standard inbound partner (signature pinned)

Receiver Certificate: Acme Production Receiver Cert  (keypair, with private key)
Partner Signer Certificate: BigRetailer Signing Cert

Permissive validation (signature math only)

Receiver Certificate: Acme Production Receiver Cert  (keypair, with private key)
Partner Signer Certificate: (not set)

Security

  • The receiver private key is sensitive material — it decrypts everything partners send you. Splice stores it encrypted and never returns it on read. Never share it or place it in workflow parameters or logs.
  • Pin the partner signer certificate in production — leaving it unset means any technically-valid signature is accepted, not only your partner's.
  • Only share the public half of your receiver certificate with partners so they can encrypt to you.
  • Plan certificate rotation before expiry, and coordinate with the partner when either side's certificate changes.