Integration methods

The preferred method of integrating your system with CAS is through the use of the APIs over HTTPS with JSON. This will give you the best automatization & integration experience.

We do also support XML & FTPS, but both are considered legacy options.

Take care to allow for extra data fields to be added with additional releases of CAS. This is especially important when using XML as some DTD validations will not allow for this type of extension. JSON implementations are typically more tolerant for adding extra data fields to the data model. However, we'll ensure that once a data field is introduced, it remains supported for that major version of the api ensuring backwards compatibility.


The CAS APIs for machine to machine communication are secured by HTTPS & TLS (Transport Layer Security). The minimum required version for communication with the CAS APIs is TLS version 1.2.

The APIs publishes their public key for the encryption protocol through a public key certificate. The renewal of the certificate is an automatic process and will occur several days before the end of the validity period. If you have enabled certificate pinning for e.g. performance reasons, we recommend to automate the update of the certificate on renewal, in order to ensure production continuity.

Acceptance environment

We provide a test environment for your convenience when implementing an integration with CAS. It will allow you both to verify the integration with the APIs and the configured flows. This environment is fully functional. However, the declarations made through this environment are not real declarations and will not incur a customs cost.

The acceptance environment uses the same DNS names but with an additional "-acc" in the name. For example, becomes for the acceptance environment.


Before you can use the APIs, you'll need to authenticate and get a bearer token. This token is a JWT token with a 1 hour lifetime. More information can be found at Authentication.

Rate limiting

The APIs are subject to rate limiting.

If you exceed the provided rate limit for a given endpoint, you will receive the 429 Too Many Requests response.

FTPS technical description

Be aware that FTPS only supports sending shipments to CAS, the first part of the data flow

Protocol: FTPS (FTP encrypted with TLS)


  • Acceptance environment: ftps://
  • Production environment: ftps://

Port: 990 (or 21)

Username and password will be provided by service desk. You will obtain a different username and password for the acceptance and the production environment.

Messages should be ingested in the folder with the name that equals to the name of the MessageType, which is formatted as {Publisher}.{MessageContent}.{MessageVersion}.

The standard MessageContent definitions supported by CAS can be found here.

For example, for CustomsShipment you would ingest data in the folder 'Cas.CustomsShipment.V1'

The naming convention for ingested files is: {messageId}.{extension}. Where messageId is a unique identifier for the ingested message and extension is either

  • xml for XML formatted documents
  • json for JSON formatted documents

The availability of the file is detected through a polling system. It can take up to 5 minutes after your file has been created to be ingested in the CAS ingest flow. After the file is ingested by CAS, it will be removed from the FTPS folder, and become visible in the CAS ingest history.