This section explains how the security service works and how we recommend implementing it. Below you will find a basic flow
diagram that lays out an implementation process and examples of the XML documents that are returned. You will also
find details of how the SOAP header should be constructed for requests to other methods in XML-3.
When you have been signed up to the XML-3 service you will be assigned a username and password to access it. Along with your
account number, you will use your supplier credentials to call the login method. The login method will return a service ticket that can be
used to call other methods within XML-3.
Below is an example of the XML Document that is returned by the Login method. If login is unsuccessful, an error code is returned
explaining the reason for the failure. For more information about error and return codes please read the Return / Error codes section of this website.
You can download a copy of this XML file from the Downloads and Examples page of this site.
The service ticket that is returned when logging in should be used as part of the Authentication header for the other methods.
It is recommended that the service ticket and ticket expiration date are stored and validated on every request. If the current ticket
in use has expired the login method should be used again to aquire a new ticket. Storing the service ticket means not having to log in
for every request. If you choose to login for every request your service ticket will be refreshed as soon as it expires. A service ticket will
expire every 60 minutes and will require renewing.
| Field |
Description |
Type |
| SessionKey |
The service ticket supplied by the login method. |
Guid |
| UserName |
The name of the user accessing the method |
String |
| AccountNo |
The unique account number associated with the user accessing the method |
String |