Implementing the Publication

Authorization

(Only applicable for Document Providers connected with their Document Senders through NSSO authorization server)

Only applications are allowed to publish messages to the e-Box. These are the valid scopes:

Scenario	Scope	Partition API check
Document Sender — An application publishing for its own enterprise	`scope:document:management:consult:ws-eboxrestentreprise:publicationsender`	NONE
Service Provider — An application publishing on behalf of another enterprise	`scope:document:management:ws-eboxrestentreprise:eboxrepresentativepublication`	`/ebox/{enterpriseNumber}/hasMandate`

For Service Providers

Service provider applications are allowed to publish for enterprises with which a mandate has been signed. Steps:

Verify scope scope:document:management:consult:ws-eboxrestentreprise:eboxrepresentativepublication.
Extract enterpriseNumber via token introspection.
Verify On-Behalf-Of-Enterprise-Number header exists.
Extract mandataryEnterpriseNumber from header.
Call Partition API /ebox/{enterpriseNumber}/hasMandate with enterpriseNumber, mandataryEnterpriseNumber, operation "publish" and verify response hasMandate=true.

Event notifications Webhook

Mandatory for all Document Providers

Document Providers must implement POST /eventNotifications from the MessageRegistry API.
It acts as a webhook notifying that something happened for a company.
See Webhook documentation for details.

Routing rules

Apply routing rule for all new documents

Mandatory

Document Providers must check routing rules via Partition API and apply them immediately if they match.
Otherwise, default target = GENERAL.

Awareness of routing rules updates

Routing rule updates are pushed via notifications.

Determine the matching routing rule

Criteria:

messageTypeId
senderApplicationId
senderOrganizationId

Routing rules from /ebox/{enterpriseNumber}/routingRules are ordered by priority.

Handling Partition API unavailability

Use PENDING_ROUTING partition while API is down.
When API is restored, re-route messages still in PENDING_ROUTING.

Document sender routing rules suggestions

Informational — senders can propose routing rule suggestions via Partition Management API.

Order of the HTTP parts

messageToPublish may be last because digest computation requires reading documents.
Filenames may contain encoded characters and must be decoded.

Multicast (optional)

Allows publishing to many recipients without duplicates.

Creating a publication

POST /ebox/{enterpriseNumber}/publications → returns publicationId.

Synchronous (≤100 recipients)

POST /ebox/{enterpriseNumber}/publications/{publicationId}/addRecipients

Asynchronous (large recipient lists)

POST /ebox/{enterpriseNumber}/publications/{publicationId}/multicastTasks → returns Location header with taskId.

Polling:

GET /ebox/{enterpriseNumber}/multicastTasks/{multicastTaskId}/messagePublicationStatuses

Authorization​

For Service Providers​

Event notifications Webhook​

Routing rules​

Apply routing rule for all new documents​

Awareness of routing rules updates​

Determine the matching routing rule​

Handling Partition API unavailability​

Document sender routing rules suggestions​

Order of the HTTP parts​

Multicast (optional)​

Creating a publication​

Synchronous (≤100 recipients)​

Asynchronous (large recipient lists)​