AS2 Receive Endpoint Settings

AS2 receive endpoint settings configure the source endpoint in an inbound message flow that receives B2B EDI messages from partners directly or via 3rd party connections. One AS2 endpoint can receive data from multiple partners, 3rd party connections, or both.

Only a host can own AS2 receive endpoints. Use a host-owned AS2 receive endpoint for an inbound message flow that uses a 3rd party connection.

Create AS2 receive endpoints by configuring these settings on the Host page:

Setting Description Required


Host that owns the endpoint



Receive from partners





Endpoint name

Automatically generated name used to identify the endpoint, which you can subsequently modify manually.



User-supplied value that describes the purpose of the endpoint.


Private port when deploying to Anypoint Virtual Private Cloud (Anypoint VPC).

  • When enabled, the AS2 receive endpoint application deploys to the private port 8092 in Mule in your Anypoint VPC. You can manage the access control to the endpoint via the Anypoint VPC and dedicated load balancer settings.

  • When disabled, the AS2 receive endpoint application deploys to the public port 8082 by default. You can access the endpoint URL directly over the internet.

This configuration is applicable only to Anypoint VPC deployments from Partner Manager.


<Host> keystore

Host keystore files in your environment that store your organization’s public certificate and private key


AS2 Receive Endpoint URL

You can deploy an AS2 receive endpoint on a public port, on a private port, or on-premises.

Deploy to CloudHub on a Public Port

When an AS2 receive endpoint is deployed with the private port configuration enabled, the endpoint application is deployed on the public HTTPS port (8082), with the traffic routed through the shared load balancer. The value in the URL field is automatically generated when you deploy a message flow to CloudHub that uses this endpoint.

You can view this URL by either selecting the receiving endpoint from your deployed message flow or clicking the endpoint name from the endpoints list. You can share this URL with the partners that send AS2 messages to this endpoint.

If your organization uses Anypoint VPC without a dedicated load balancer (DLB), your organization’s platform administrator can configure the necessary VPC firewall rules to allow specific partner or 3rd party connection IP addresses to access the endpoint.

Deploy to CloudHub on a Private Port

When an AS2 receive endpoint is deployed with the private port configuration enabled, the endpoint is deployed to the private HTTPS port 8092. The internal URL of the endpoint appears on the Message Flow or Endpoint detail page.

You can also set CloudHub to automatically deploy newly created HTTP, HTTPS, and AS2 endpoints to a private port via the CloudHub deployment settings.

After deploying the first message flow using the AS2 receive endpoint configuration, you can view the runtime application name for the endpoint from the Endpoint details page or the Receive section of your message flow. To configure URL mapping rules in the DLB to forward AS2 messages received from your partners to the application, provide the application name to your organization’s platform administrator.

Your organization’s platform administrator can also add your partner’s IP addresses to a list of allowed addresses in the DLB settings to allow specific IP addresses to access the endpoint.

The external URL that you can share with your partners is https://{DLB-domain}/{Input-path}/receive-as2.

For example, if the name of your DLB domain is and the runtime application name is b2b-inbound-as2-zap3, then your administrator adds a URL mapping rule in the DLB settings to forward incoming requests to the runtime application within your VPC:

URL mapping rules for AS2 in the DLB settings

With these configurations, the external AS2 endpoint URL is

Deploy to an On-Premises Mule Instance

To deploy to an on-premises Mule instance that uses a firewall and load balancer, work with your organization’s hosting or network security team to obtain the externally accessible DNS or the name of the instance host. Replace the {runtime_host} value in the URL with the specific value for your organization. For example, if the DNS host name is, then the AS2 receiver URL is

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub