Using Web Services › How to Call Web Services › How Clients Invoke Login and Logout Methods

How Clients Invoke Login and Logout Methods

When you call web services with a Java client, a required process is clients invoking login and logout methods for each web service. A typical process follows:

1. The client uses a method for login and authentication.

   Each web service has a set of login methods. Client applications can use several login methods for authentication. For example, the logIn method takes the same parameters as the Login window: User ID, Password and Business Unit.

   To view the method parameter information, including signatures, use the following resources:

   • Web Services API documentation
   • SOAP administration interface for deploying or undeploying web services
2. The Catalog system authenticates the user and determines its role.

   Subsequent method calls operate within the scope of the access rights of the user, as if the user had accessed the GUI.

3. The client does the following:
   • States the service that it is calling
   • Provides the method name and its corresponding parameters before initiating the remote procedure call
   • Checks the WSDL file for this information if it is unknown

     Typically, the client already has this information.

4. The web service returns a session ID. This session ID is a required parameter that the client uses for the remaining web service calls. Because the underlying transport protocol can be either HTTP or non-HTTP, the authentication uses a common logIn web service.

   You can share the session ID across web services. For example, you can use the UserService logIn method to obtain a session ID. You can then use the session ID in a call to a Business Unit web service method.

5. This session ends when either of the following occur:
   • The client calls the logOut web service method.

     Once you are finished using a session ID, you call the logOut web service to terminate the session and invalidate the session ID. Managing sessions efficiently in this manner helps you obtain the best performance.

   • The client is idle for a period longer than the session timeout value.

     The client can use the session ID repeatedly within the timeout period. If the session times out, the session ID becomes invalid.

     To change the timeout value, update the administration configuration setting named User Default: Session Timeout.

     Note: For instructions to modify configuration settings, see the Implementation Guide.