CA AuthMinder Web Services Guide › Managing Web Services Security

Managing Web Services Security

To restrict the rogue requests to Web services, you can prompt the incoming requests for authentication. To enable this feature, you need to ensure that the calling application includes the user credentials in the incoming call header.

The Web services authentication and authorization works as follows:

1. The calling application authenticates to the AuthMinder Web services by including the required credentials in the call header.
2. The Web service authenticates these credentials and, if valid, provides the calling application with an authentication token.
3. The calling application includes the authentication token and the authorization elements in the header of the subsequent calls.

This chapter covers the following information:

• Authentication Header Elements
• Authorization Header Elements
• SOAP Header Namespace