Developing custom JSSP-based services on ACC works lovely leveraging the __sessioncookie=username/password queryString method. However security standards have evolved and queryString based authentication is frowned upon due to potential retention in logs, etc.
However for single request authentication eg and avoiding soaprouter and logon() token requests for high volume transactions, we would like to understand if it is supported to resolve the sessioncookie authentication by placing it in the HTTP header instead of the queryString.
Thanks for any tips.