> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# What is Lerian STA?

> Lerian's client-owned messaging integration to BACEN's file-exchange hub (STA) — the two-way file transport, the SHA-256 integrity boundary, and its multi-tenant, event-first model.

**Lerian STA** is the client-owned messaging integration between a financial institution and **BACEN's STA (Sistema de Transferência de Arquivos)**, the Banco Central file-exchange hub. It moves regulatory and operational files in both directions — files the institution submits to BACEN (outbound) and files BACEN makes available for the institution to download (inbound).

Lerian STA authenticates every exchange with a stored per-institution BACEN operator credential over **mutual TLS**, drives each transfer through BACEN's protocol state machine, verifies file integrity by **SHA-256**, stores inbound artefacts durably, and publishes terminal events that other Lerian products consume. It is multi-tenant, with physical database-per-tenant isolation, and API- and event-first.

## What Lerian STA does — and does not — do

***

* It is the **transport and integrity boundary** between the institution and BACEN's file hub. It moves the bytes, authenticates the exchange, verifies the SHA-256, and records the outcome — it does not interpret the file's business content.
* It **does not post to a ledger**. On a completed inbound download, Lerian STA publishes a terminal event carrying a claim-check; the consuming domain product (for example, [Lerian SISBAJUD](/en/rails/native/sisbajud/what-is-lerian-sisbajud)) fetches the artefact and reconciles it into the **Midaz** ledger. The ledger posting belongs to the consumer, not to Lerian STA.
* It is **multi-tenant** from the ground up, with **physical database-per-tenant isolation** — one deployment serves many institutions with full isolation.

## Who it serves

***

Lerian STA serves financial institutions that operate on BACEN rails and need a governed, auditable path for file exchange with the Banco Central. A single deployment serves many institutions at once.

Downstream, it serves the Lerian products that consume the files it delivers. Each inbound file is routed to a **source product** — the downstream product that owns the file's business meaning — which subscribes to its own events and takes it from there.

## Glossary

***

| Term                             | Meaning                                                                                                                                        |
| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| **Lerian STA**                   | Lerian's client-owned integration to BACEN's file-exchange hub (Sistema de Transferência de Arquivos).                                         |
| **Transfer**                     | One inbound or outbound exchange of a single file between the institution and BACEN, tracked through its lifecycle.                            |
| **Outbound transfer**            | A file the institution submits to BACEN.                                                                                                       |
| **Inbound transfer**             | A file BACEN makes available for the institution to download.                                                                                  |
| **Protocol number**              | The BACEN-assigned identifier for a transfer; the reconciliation and idempotency key.                                                          |
| **Inbound source configuration** | A per-tenant policy binding a BACEN system code to a source product, with polling cadence, credential, retention, and maximum file size.       |
| **Trust store**                  | The tenant's uploaded X.509 root certificates trusted for mutual TLS to BACEN.                                                                 |
| **Credential**                   | An encrypted BACEN operator password, identified by institution code and operator ID.                                                          |
| **Password rotation**            | The three-phase change of a BACEN password — stage, change at BACEN, promote locally.                                                          |
| **Claim-check**                  | The object key, SHA-256, size, name, and document type carried on an inbound-success event so a consumer can fetch and re-verify the artefact. |
| **Source product**               | The downstream product a discovered inbound file is routed to (for example, Lerian SISBAJUD).                                                  |
| **Lerian SISBAJUD**              | The judicial asset-order product that consumes Lerian STA inbound-file events.                                                                 |

For how Lerian STA sits alongside the other native rails and the provider interfaces, see [Native Messaging](/en/rails/native/native-messaging).
