Skip to main content

Authentication

XGS Web Services use secret credentials for authentication. Each SOAP request requires valid credentials to authenticate the user. These credentials are provided in the request and are validated before any further processing is done by the service.

Authentication Details

Credentials Format

The credentials are passed in the request using the following XML structure:

  • UserID: A unique identifier for the user.
  • UserPassword: The password associated with the provided UserID.

Both UserID and UserPassword are required fields and must be passed with each SOAP request.

Example Request with Authentication

Below is an example of a SOAP request where the authentication credentials are included in the ratingRequest section:

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:ns1="http://xgsi.com/">
    <SOAP-ENV:Body>
        <ns1:GetRates>
            <ns1:ratingRequest>
                <ns1:UserID>your_user_id</ns1:UserID>
                <ns1:UserPassword>your_password</ns1:UserPassword>
                <!-- Other request parameters -->
            </ns1:ratingRequest>
        </ns1:GetRates>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

In this request:

  • UserID should be replaced with the actual username.
  • UserPassword should be replaced with the actual password.

Authentication Failure

If the authentication credentials are incorrect, the service will return an error indicating a failure in authentication. This can happen if either the UserID or UserPassword is invalid.

Error Response Example

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:xsd="http://www.w3.org/2001/XMLSchema"
               xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <faultstring>Authentication Failed: Invalid UserID or UserPassword</faultstring>
    </soap:Body>
</soap:Envelope>

In this case, the faultstring will provide a message explaining that the credentials provided were incorrect.

Recommendations

  • Always ensure that the UserID and UserPassword values are correct before making a request.
  • Avoid hardcoding credentials in source code or public-facing services. Use environment variables or secure methods for storing credentials.
  • In case of persistent authentication failures, contact XGS support with the request payload and error response for assistance.