Authentication
The process of authentication is how we communicate EPCIS files securely with each other. This page gives a brief overview of how we do that.
How We Authenticate To You
We support three methods of sending EPCIS files to you:
- AS2
- RESTful API
- SFTP
Each of these uses a different method of authentication.
AS2 To You
We use the public key that you upload to us when you configure your company use AS2 to encrypt the messages we send to your AS2 endpoint. These encrypted messages can only be decrypted with your private key, which you should not share with any third parties.
RESTful API To You
We use one of two methods here. Either we use HTTP Basic Authentication and provide the username and password that you specify when configuring your company, or we use token authentication and provide the token that you specify when configuring your company. In either case, these methods are secure when using HTTPS for your RESTful API. We expect that your RESTful API url will use HTTPS.
SFTP To You
For SFTP we use the username and password that you specify when you configure your company to use SFTP communication from us to you.
How You Authenticate To Us
We support two methods of sending EPCIS files to us.
- AS2
- RESTful API
Each of these uses a different method of authentication.
AS2 To Us
Here are the details for our AS2 server and sending secure messages to it:
| Parameter | Value |
| Company Name | INSTOCKRX |
| Url | https://epcis.instockrx.com/api/v1/as2/messages |
| Encryption Cypher | aes-128-cbc |
| MDN Format | v0 |
| Outbound Format | v0 |
| Base64 Scheme | rfc4648 |
| InStockRX X509 certificate | Certificate |
To send us EPCIS files, please configure your AS2 server with these parameters. The message will be encrypted with our public key, and can only be decrypted with our private key that we do not share.
RESTful API To Us
We use token based authentication for our RESTful API. On your company page, you have the option to create API Keys. We use the tokens generated by these keys to authenticate calls to our RESTful API.
The tokens are passed as authorization headers in each call to our API:
Authorization: Bearer {token}
Next: Communication
For next steps, please read our communication guide that will give you a quick overview of how you can send us messages and receive messages from us.