Authentication
Every request must include a sessionRequest element in the SOAP Header containing your eXite® credentials. Optionally request a digitally signed response.
Login credentials
<env:Header>
<sessionRequest env:mustUnderstand="true">
<eXite:login>
<eXite:user>myExiteUser</eXite:user>
<eXite:password>mypassword</eXite:password>
</eXite:login>
<eXite:uniqueTransmissionID>f88b3b23-78ff-495a-a3ea-a2a4e4a988a1</eXite:uniqueTransmissionID>
<!-- optional: request a digitally signed response -->
<!-- <eXite:signedResponse>true</eXite:signedResponse> -->
</sessionRequest>
</env:Header>
Session header fields
| Element | Card. | Type | Description |
|---|---|---|---|
login / user |
1 | string | eXite® user ID |
login / password |
1 | string | eXite® password |
uniqueTransmissionID |
0-1 | string | UUID recommended. Must be unique per request. Reuse the same ID on retry. See Duplicate Handling. |
signedResponse |
0-1 | boolean | Set true to receive a WSS-signed response (RSA-SHA256 + xmldsig) |
uniqueTransmissionID
Always include uniqueTransmissionID. It is critical for safe retry handling in case of network failures. See Duplicate Handling for details.
Digitally signed responses
When signedResponse is set to true, eXite® signs the SOAP response using OASIS Web Services Security 1.0 (WSS Extension + WSS Utility) with the RSA-SHA256 algorithm and standard xmldsig functions.
The signature covers both the SOAP Body and the sessionResponse header element, referenced by their wsu:Id attributes.