Skip to main content
Omnitracs Knowledge Base

Web Service Security

Overview

The MMS Web Service  API provides a means for customers to manage their MMS deliveries.

Web Service Security

Our goal is to provide the same web services security that is provided by the QSP.

Authentication with this web service is done against the QSP.

Both Timestamp and UsernameTokens are required in the security header.

<?xml version="1.0" encoding="utf-8"?>
 
<soap:Envelope
    xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soap:Header>
       <wsse:Security soap:mustUnderstand="1"
          xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp wsu:Id="Timestamp-16"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2011-08-01T18:55:19.593Z</wsu:Created>
            <wsu:Expires>2011-08-01T18:56:19.593Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken wsu:Id="UsernameToken-15"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>USERNAME@COMPANY</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
               password</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
               Up9AQ9zbQTuUlusZp7Z8uA==</wsse:Nonce>
            <wsu:Created>2011-08-01T18:55:17.702Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
 
    </soap:Header>
 
    ... SOAP body goes here ...
 
</soap:Envelope>

 

Authentication Errors

If the Web Service is unable to authenticate the user due to either invalid credentials, or the QSP being unable to authenticate the user, an exception will be returned to the caller which looks like the following:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <SOAP-ENV:Fault>
         <faultcode>SOAP-ENV:Client</faultcode>
         <faultstring xml:lang="en">com.sun.xml.wss.impl.WssSoapFaultException:
             Authentication of Username Password Token Failed; nested exception is com.sun.xml.wss.XWSSecurityException:
             com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed</faultstring>
      </SOAP-ENV:Fault>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

 

  • Was this article helpful?