Background

CentraPass provides New Zealand businesses with the most comprehensive decentralized Identity Toolkit to future-proof customer sign-up, access, and authentication experiences. They also provide KYC API for verification of all New Zealand and Australian identity documents.

Challenge

CentraPass required an AS2 gateway for on-premise deployment on its own Amazon Web Services (AWS) account, primarily for secure communication with the Government of New Zealand. The system required to be installed within a short period of time.

AS2 Gateway was required for a government identity verification system integration. CentraPass’s existing KYC API comprises of microservices built on AWS Lambda due to high scalability requirements and as such asynchronous communication between the Lambda function and AS2 Gateway was required.

Solution

CentraPass selected the AS2 Gateway on-premise version from Aayu Technologies LLC, for deployment into its own AWS account. The AS2 Gateway met the requirements sought by CentraPass, and the installation and support offered by Aayu Technologies helped implement the solution in production in a very short period of time.

The Lambda function in the KYC API calls AS2 Gateway using the REST API to send a message to the integration partner. The solution uses AS2 Gateway’s webhook capability to run another Lambda function to push the documents received from the integration partner to an S3 bucket with a 1 minute expiry since the file should be pulled immediately by the API Lambda. The API Lambda function will wait for this file by long polling S3. This process was very straight forward for us and fortunately took only a day to integrate into our workflow. Implementing a long poll also avoids the need to have a database since we strive ourselves in providing a fully stateless verification platform for our customers, where we don’t hold any personally identifiable information.

On average the KYC API verification Lambda takes 3-5 seconds to run. This is quite long for a Lambda function, but the limitation is from the integration partner. CentraPass were using another leading AS2 provider before moving to AS2 Gateway and it took 10 seconds on average, so there was a 100% performance improvement out of the box because of the simple REST API and webhook functionality as opposed to the cronjob type implementation we had in previous AS2 provider.

Deployment

The Aayu Technologies team worked with CentraPass to quickly complete the deployment to meet the urgency requirements. The system was deployed into an AWS account in the Asia Pacific region, meeting the requirements of security, control and ownership by CentraPass for the sensitive information being stored and exchanged. The deployment is a standard AS2 Gateway solution, similar to the publicly hosted Software as a Service (SaaS) version of the AS2 Gateway. CentraPass utilizes the AS2 Gateway webhooks and REST APIs to send and receive messages from its internal systems, and deployed the system for production use since October 2021.

This is deployed across multiple environments: development, UAT and production. CentraPass have 2 AS2 Gateway instances running, 1 test instance (hooked up to the integration partners test environment) and 1 production instance. To make this work on the test environ- ment we have had to share the S3 bucket for both the development and UAT environments which worked fine in our use case.

" We were using another leading AS2 provider before moving to AS2 Gateway. There was a 100% performance improvement out of the box because of the simple REST API and webhook functionality as opposed to the cronjob type implementation we had in previous AS2 provider."

Pramodya De Alwis
CTO
CentraPass

Download Casestudy