Authentication
User authentication credentials (user ID and password) are transmitted as part of the SOAP header in the web service request.
Authentication occurs at the beginning of each web service call, so a persistent user session is not created.
The eCRV Web Services application uses Username Token Profile V1.0 (pdf) specification, part of the OASIS Web Services Security (WS-Security) specification.
Getting a Username
The username your system uses is assigned when you begin using the eCRV Web Services interface. To get a username, contact eCRV Support.
Sample Header with Username and Password
The code below shows the correct format for the Web Services header. Specific elements are explained in the table below the code. All of the elements are required.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ocurity-secext-1.0.xsd" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ocurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-BBB4D9312FCBD984BE15753056690802">
<wsu:Created>2019-12-02T16:54:29.080Z</wsu:Created>
<wsu:Expires>2019-12-02T16:59:29.080Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-BBB4D9312FCBD984BE15753056690771">
<wsse:Username>########</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">########</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">P1W25ZNQ4RLlS2FkqX22NQ==</wsse:Nonce>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Element |
Description |
---|
<wsse:Username> |
Username
<wsse:Username>########</wsse:Username>
|
<wsse:Password> |
Password for the specified <Username> sent as plain text
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">########</wsse:Password>
|
<wsse:Nonce>
|
Randomly generated cryptographic token to prevent theft and replay attacks
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">P1W25ZNQ4RLlS2FkqX22NQ==</wsse:Nonce>
|
<wsu:Timestamp> |
- Identifies when message was created and is validated against xsd:dateTime type defined in the XML schema
- Must be formatted in UTC format
<wsu:Timestamp wsu:Id="TS-BBB4D9312FCBD984BE15753056690802">
<wsu:Created>2019-12-02T16:54:29.080Z</wsu:Created>
<wsu:Expires>2019-12-02T16:59:29.080Z</wsu:Expires>
</wsu:Timestamp>
|