Delivering functionality through web services provides great flexibility to request an action from any computer in your corporate network. This functionality also presents a serious security concern. We require every request to contain a user ID and password. This requirement ensures that CA Automation Point only performs an action for an authorized program. For more information on specifying user ID requirements, see the documentation for each API request.
The user ID must be a valid user account for the type of action being requested. These user IDs are defined in CA Automation Point Remote Manager or defined as a login in Notification Manager. The context in which a user ID is confirmed is called an authentication realm. The HTTP standards do not require that an authentication realm be supplied by a client program when calling a web service. However, the client-side API presented by some programming languages require the caller to supply the authentication realm. One example is the Library for WWW in Perl – LWP. For all operations against notification objects the authentication realm is named NotificationManager. For all operations against sessions and messages, the authentication realm is named RemoteManager.
A user ID and password are included in each request. Therefore, use TLS (Transport Layer Security, also known as SSL – Secure Sockets Layer) when running the web services in a production environment. This procedure ensures that the user ID and password are not accessible to an attacking program. Since you are communicating through HTTP, this means that you must use the HTTPS network scheme to secure your communications. For guidance on how to establish a TLS environment for CA Automation Point web services, see the web services section in the CA Automation Point Administrator Guide.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|