SOAP API to require authentication or a way to block the SOAP API

SOAP API to require authentication or a way to block the SOAP API

Environment

iVend 6.6 

Problem Description

SOAP API to require authentication or a way to block the SOAP API,


Scenario

Need  to  disable SOAP endpoint because there should be a way for the SOAP API to require authentication or a way to block the SOAP API, since they point out that someone with access could still perform update, create, and delete operations without authentication (Even if access is restricted by server rules, anyone with the URL for the REST endpoint can still access the SOAP API, since they are located at the same address.)

Solution

In iVendAPI folder - web.config, comment out the below mention section to disable SOAP endpoint.
    <!--<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp" contract="CXS.Retail.API.IIntegrationService" bindingNamespace="http://www.iVend.com/IIntegrationService/2010/12">         
          <identity>
            <dns value="localhost"/>
          </identity>
            </endpoint>-->
Note - 1. After disabling this endpoint, SOAP requests are accepted, but empty response will be returned.

Symptoms

N/A.

Resolution/Work Around

In iVendAPI folder - web.config, comment out the below mention  section to disable SOAP endpoint.
    <!--<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp" contract="CXS.Retail.API.IIntegrationService" bindingNamespace="http://www.iVend.com/IIntegrationService/2010/12">         
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>-->
Note - 1. After disabling this endpoint, SOAP requests are accepted, but empty response will be returned.

    • Related Articles

    • What is way to block the ability for the user to delete the audit log history.

      Customer Query - What is way to block the ability for the user to delete the audit log history. Proposed Solution: we can block the ability for the user to avoid such activity from security rights in the management console. Steps: Kindly follow the ...

    • Customer unable to do refund invoices in one site due to API Url not working at this showroom

      Environment: iVend 6.6 Problem Statement: Customer unable to do refund invoices in one site and getting the error attached at below Error Screenshot: Issue steps : 1. Open POS and press transaction search 2. Search with transaction SA0222000468 3. ...

    • API Authentication User Id and Password Using Soup UI

      Environment : iVend 6.6 Problem Statement : In Soup UI all API's are exposed , if any end user can use API and see the transaction without any API token. API is configured in unauthenticated access , now we need to configure basic authentication that ...

    • Calling iVend Retail Web API using SoapUI

      Introduction This knowledge base article explains about using SoapUI in an iVend Retail Web API Call. SoapUI is one of the simplest designed applications to test web services. Overview In this article, you will learn how to use SoapUI in the iVend ...

    • Calling iVend Retail Web API using SoapUI

      Introduction This knowledge base article explains about using SoapUI in an iVend Retail Web API Call. SoapUI is one of the simplest designed applications to test web services. Overview In this article, you will learn how to use SoapUI in the iVend ...