Executive summary: If you use ConnectAsAdministrator() or ConnectAsAdministratorWithCustomerNumber() you must switch to ConnectWithToken(). Here’s our step-by-step guide to token authentication.
If you connect to our SOAP API as an administrator, you have most likely come across the ConnectAsAdministrator or ConnectAsAdministratorWithCustomerNumber method, which is our most basic authentication method in SOAP for the administrators.
In the e-conomic SOAP API we currently expose the following methods for authentication:
After the removal, only access via ConnectWithToken will be possible.
A brief history
While ago we were announcing Connect removal for the regular users. You can read more about why we did that here.
We continue further depreciation of the two remaining methods for the administrators as they, no longer meet the requirements that we have in the current state of the e-conomic eco-system.
The ConnectAsAdministrator method uses the administrator credentials, including password, which means that partners are essentially given full access to the agreement via API as well said administrator in the web application. If an administrator utilises multiple partners that use ConnectAsAdministrator, there is no effective way to revoke access to a single partner.
As app uptake grows this issue escalates with it.
Furthermore, the old methods require our partners to store user credentials for our system which introduces its own set of issues.
Removal of the ConnectAsAdministrator* method
In consideration of security issues as well as the availability of the more modern ConnectWithToken method, we will be removing both methods on 30.06.2018.
This means that all integrations utilising this method today, must be updated to take advantage of ConnectWithToken, otherwise, they will not be able to deliver SOAP API based functionality to the end-users.
Key advantages to using tokens
- You will not need to store user credentials
- Easy transition towards REST
- Enables hybrid solutions, as tokens are API independent
- Gives access to our Partner API to automatically collect tokens
- Using the Partner API enables you to keep track of access status
- Using token authentication is the first step to get your app in the e-conomic app list
Get started with tokens
You can read about our token-based authentication methods in the following guide, which explains the entire process from setting up a free developer agreement and registering an app, all the way to automatically fetching the tokens.
Generate token while in SOAP
In order to ease migration process for our integration partners, we expect to release additional SOAP method for generating a token: Application_CreateAdministratorAgreementGrantToken. The method accepts an appSecretToken and is only applicable when current session is established using the ConnectAsAdministrator method.
This means you’ll be able to authenticate using existing credentials and generate an “AgreementGrantToken” for your app, reducing the need for generating the tokens manually.
The method will require your “AppSecretToken” as a parameter, so you will need to already have a developer agreement and an app.
Please note: The SOAP method ConnectWithToken uses an older naming scheme. AppSecretToken = AppToken, AgreementGrantToken = Token.
Should you have any questions regarding this matter, please do not hesitate to contact our API support. We will be more than happy to assist you with the challenges you might have during the migration process.