Aptify SOA supports secure access to its web services. In most cases, service endpoints require the caller to be authenticated before the endpoint can be accessed. When a service endpoint requires an authenticated user, a token is provided to the service. If the token is valid, access will be granted. If no token is provided or the token is invalid, the service endpoint will return Not Found (404) as the response code. Not Found is used instead of Forbidden (403) or Unauthorized (401) to reduce the information provided to unauthorized callers. Any response other than Not Found lets the caller know that an endpoint exists.
The Aptify database connected to Aptify SOA must support the Web Users Authentication Provider and have it linked to the Service Application represented. The services layer in IIS needs anonymous authentication, and ONLY anonymous authentication turned on. The services layer should be using HTTPS.
Parameters (GET, as Query Parameters)
Endpoint Example using Web Authentication Provider:
The TokenId you receive is a GUID you will use to make requests to authenticated endpoints. You send it as a header, prefixed by "Web" and a single space character. The following example illustrates the header for identifying an authenticated web user.
|Header Name||Header Value|
|AptifyAuthorization||<Authentication Provider> <TokenId>|
You can find information about developing your own authentication provider and a sample project in this Support portal Solution Article: