Web Services

Your client application can access Common Services by using the web services that are provided by Common Services. The web services are not intended to be used by your end users. Your users access your application and then its business logic can call the web services that it needs to accomplish the task. Some of the web services are implemented as SOAP-based web services and some are implemented as RESTful web services.

The following sections describe security considerations for the SOAP-based web services. The SOAP-based web services are being phased out.

Client application responsibilities

When a SOAP web service is used, Common Services does not do access authentication or authorization. Your client application must ensure that the user is allowed to access the function that is being called by the specific SOAP web service. You can consider the following methods:
  • Restricting the IP addresses that can be used to call the SOAP web service to the addresses where your application is deployed.
  • Using TLS/SSL client authentication from the server your application is deployed on.

For more information about web service security, see Security.

Additional information

The following topics contain more information about Web Services security.