SOAP Request Security Header

Summary

The request header should include a security section, with both Timestamp and UsernameToken sections.

The parent parameter of the Security section is wsse:Security.

Note: ProspectManagerService, unlike other SOAP services, does not require the SOAP security header.

wsu: Timestamp

The Timestamp section is required. In it you may include optional Creates and Expires parameters.

wsse:UsernameToken

The UsernameToken includes a username and hashed password. The hash uses a Created timestamp and Nonce (random number) included with the message.

Example

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>UTC Timestamp</wsu:Created>
<wsu:Expires>UTC Timestamp</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-16" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>ABC-provided username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Hashed password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Random string/wsse:Nonce>
<wsu:Created>UTC Timestamp</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>

ABC Financial Web Services
© 2014 ABC Financial Services, Inc. All rights reserved.