RiskMinder Web Services Developer's Guide › Managing Web Services Security

Managing Web Services Security

RiskMinder Web services are protected from rogue requests through authentication and authorization of all Web service requests. Authentication ensures that the incoming request to the Web service has valid credentials to access the Web service, while authorization ensures that the authenticated request has appropriate privileges to access the Web service. To enable the authentication and authorization feature, you must ensure that your calling application includes the required details in the incoming call header.

The Web services authentication and authorization works as follows:

1. The calling application authenticates to the RiskMinder Web services by including the required credentials in the call header.
2. The RiskMinder Web services authenticate these credentials and, if valid, provide your calling application with an authentication token.
3. The calling application includes the authentication token and the authorization elements in the header of the subsequent calls.

This section covers the following information:

• Authentication Header Elements
• Authorization Header Elements
• SOAP Header Namespace