The HOSTNAME and PORT needs to be changed as per the environment where case management application is deployed.
Case Management API provides the ability to use Web Services Security (WS-Security) for authentication purposes. WS-Security allows the communication of various security token formats such as user identification and password credentials.
Authorization is accomplished by assigning the users to at least one of two specific roles defined to grant access to the Case Management API service: • CMAPIExtract, for selecting and viewing activities (events) • CMAPIUpdate, for selecting and viewing activities, and updating actions
These roles must be defined in Access Management application and the users should only have access to these roles. If either one of these roles, or both are the only roles that exist for a user, the user’s password will not have an expiration date. Additionally, a user with this role does not need to change the password during the first logon.
In case an external Identity store is being used to authorize the users, these roles must be defined in the external identity store that you are using to manage your users, such as Ldap or AD. The password for these users should be preferably set not to expire in the identity store.
While implementation, the Case Management API service requires you to add a security header to each SOAP call for WS-Security purposes. WS-Security requires a specific format for the SOAP header. The required parameters are: • wsse:userName • wsse:Password
These parameters and their values are the user’s credentials passed to the Case Management API service for authentication and authorization purposes. If this format is not followed, the authentication process rejects the SOAP call. Once the credentials are verified, the rest of the SOAP call is processed accordingly. If the authentication or the authorization fails, the SOAP call receives a SOAP fault and the user is denied access to the Case Management API service.
The following example shows the required format for the security SOAP header and sample SOAP call to extract cases from case management API :