Highlighted

Public SOAP API access

kevinh95689533

24-09-2019

I have defined a SOAP method on a custom data schema.  The system that will be calling this service is hosted in a cloud infrastructure, not fixed IP address.

I created an operator for the service to authenticate with and linked it with the Public Security Zone as the authorized connection zone.  The logon request works fine and the session & security tokens are returned.   However, when I make the subsequent call to my custom SOAP method from the cloud infrastructure the response is an HTTP 403. What do I need to configure to allow requests for this operator from a variable IP infrastructure?

Replies

Highlighted

wodnicki

MVP

24-09-2019

Hi,

Are you able to use the service with any users?

Are there any firewalls between the server and the cloud?

Thanks,

-Jon

Highlighted

kevinh95689533

24-09-2019

The service request works fine if it is made from an IP configured in the VPN security zone using the same operator.  e.g. From my machine all requests are fine.

Firewalls are not an issue ... the logon request works fine and I am getting a response from the application when it returns the HTTP 403.  I can see in the web logs on the campaign server this error: 

  1. 2019-09-24 18:00:17Server response:\nXTK-170019 Access denied.

  2. 2019-09-24 18:00:17XTK-170019 Access denied. (iRc=-69)

I can see in the log for the logon request just before that the IP is found in the public security zone.

  1. 2019-09-24 18:00:16xx.xxx.x.xxx found in public security zone

  2. 2019-09-24 18:00:16Finding client ip with xx.xxx.x.xxx in public security zone

Highlighted

wodnicki

MVP

25-09-2019

Hi,

Are the securityZone's configured differently, i.e. does one have allowUserPassword="true" and the other not?

Thanks,

-Jon

Highlighted

kevinh95689533

30-09-2019

They differ with these 3

allowDebug="true" 

allowHTTP="true"

sessionTokenOnly="true"

Since I am passing the session and security tokens over HTTPS, it should be accepted.

I did notice that the public security zone has a proxy configured with a localhost IP mask: proxy="127.0.0.1, ::1"
Does this mean that only request from the local server AC is on can make requests through the public zone?  If that is true, this is why my requests are being denied.