Executive summary: If you use Connect() you must switch to ConnectWithToken(). Here’s our step-by-step guide to token authentication.
As a user of our SOAP API, you have most likely come across the Connect method, which is our most basic authentication method in SOAP.
In the e-conomic SOAP API we currently expose the following methods for authentication:
Where the two last ones, are purely dedicated for administrator authentication, the majority of our SOAP consumers use either Connect or ConnectWithToken. Only Connect will be affected this time. All other authentication methods will remain untouched.
A brief history
The Connect method was introduced as our first authentication method. At the time it was released it was providing everything that was needed – access.
Unfortunately this method today, no longer meets the requirements that we have in the current state of the e-conomic eco-system. For starters, it does not offer the highest standards in terms of security.
The Connect method uses the end-user credentials, including password, which means that partners are essentially given full access to the agreement via API as well said user in the web application. If an end-user utilises multiple partners that use Connect, there is no effective way to revoke access for a single partner.
As app uptake grows this issue escalates with it.
Furthermore the Connect method requires our partners to store user credentials for our system which introduces its own set of issues.
Removal of the Connect method
In consideration of security issues as well as the availability of the more modern ConnectWithToken method, we will be removing the Connect method on 31.01.2018.
This means that all integrations utilising this method today, must be updated to take advantage of ConnectWithToken, otherwise they will not be able to deliver SOAP API based functionality to the end-users.
Key advantages to using tokens
- You will not need to store user credentials
- Easy transition towards REST
- Enables hybrid solutions, as tokens are API independant
- Gives access to our Partner API to automatically collect tokens
- Using the Partner API enables you to keep track of access staus
- Using token authentication is the first step to get your app in the e-conomic app list
Get started with tokens
You can read about our token based authentication methods in the following guide, which explains the entire process from setting up a free developer agreement and registering an app, all the way to automatically fetching the tokens.
Generate token while in SOAP
UPDATE: 19.02.2018 Method is now unavailable due to the Connect removal, tokens can now be generated only using requestURL link, see more details here.
In order to ease migration process for our integration partners we expect to release additional SOAP method for generating a token: Application_CreateAgreementGrantToken. Method accepts an appSecretToken and is only applicable when current session is established using the Connect method. This means you’ll be able to authenticate using existing credentials and generate an “AgreementGrantToken” for your app, reducing the need of generating the tokens manually. The method will require your “AppSecretToken” as a parameter, so you will need to already have a developer agreement and an app.
Please note: The SOAP method ConnectWithToken uses an older naming scheme. AppSecretToken = AppToken, AgreementGrantToken = Token.
Should you have any questions regarding this matter, please do not hesitate to contact our API support. We will be more than happy to assist you with the challenges you might have during the migration process.