FAQ

How do I connect to a partner organization?

Start with a peering request. Once the other organization accepts, you have a peering agreement that lets you share channels and provision connections. See the Peering section of the docs for the step-by-step flow.

What is the difference between a grant and a connection?

A grant gives a peer permission to use a specific channel. A connection is the actual tunnel provisioned from an approved grant. You need both: first grant access, then provision a connection to activate data flow.

Can I connect to one of my own servers?

Yes — this is called self-peering. Send a peering request targeting your own account; it auto-accepts into a self-agreement (a user paired with themselves). Then, within that self-agreement, provision a connection between two servers you own — pick a source server and a target server. It’s useful for testing the full flow without needing a partner. Self-peering connections appear with “Self” as the peer name.

Why does my connection show “Never connected” even though it’s Active?

“Never connected” means the gateway plugin on your Mirth server has never established a tunnel for this connection. Common causes:

• The Gateway Connector plugin is not installed or not started on the server.
• The Connection ID or Shared Secret in your Mirth plugin settings doesn’t match what’s in the platform.
• The server can’t reach the MQTT signaling broker (firewall or network issue).

See Troubleshooting connections for a checklist.

Can a peer see my server’s internal channel names?

No. When you share a channel across organizations, peers only see the public name and public description you explicitly set on the channel. Your internal channel names and server configuration are not visible. (Within your own self-peering agreements, full details are visible.)

Is data encrypted in transit?

Yes. All gateway tunnels use end-to-end encryption. P2P connections use WebRTC DataChannels, secured by DTLS (SCTP-over-DTLS). Admin tunnels run over the same WebRTC DataChannel transport, with an additional mutual-TLS (mTLS) layer applied over the data channel. The MQTT signaling channel uses TLS. No PHI passes through any platform component unencrypted.

A separate “Direct mTLS” mode (TLS 1.3 over direct TCP) is available for gateway data connectors, not admin tunnels.

What happens if I revoke a peering agreement?

Revoking an agreement terminates all connections derived from it, revokes all channel grants between those parties, and notifies the peer. The agreement and its history remain in the audit log. This action cannot be undone.

How many connections can I have?

There is no hard cap on connections. Your tier limits the number of servers, peers, and channels per server. Connections are provisioned from approved grants within those peering relationships.

Who can see connection secrets?

Shared secrets are never shown in list views. Only the owning side can reveal a secret, and only through the dedicated View Secret action on the connection detail page. The action is rate-limited (secret rotation: 5 per 5 minutes; secret viewing: 5 per minute). Free tier users cannot rotate secrets — contact support if you need a rotation.

Why can’t I provision a read-write admin connection?

Read-write admin connections require Standard or Enterprise tier. On Free tier, you can only create read-only admin connections. Upgrade your plan or ask your admin to apply a temporary override.

I sent a peering request but nothing happened.

The recipient must accept it from their Peering → Inbox. The request stays in your Outbox as pending until they respond. It does not expire automatically — if you don’t get a response, reach out to the other organization directly.

Can the platform admin see my data?

Platform admins can view the audit log, user accounts, and subscription information. They cannot see the contents of messages transmitted through gateway tunnels, which are end-to-end encrypted between your servers and your peer’s servers.