A student in the Axeda Groovy course had some good questions. Instead of answering via email, I thought I'd answer here, so we could share the knowledge.
Scripto - In order to invoke Custom Objects that are exposed as Scripto services, I need to pass username and password for authentication. How can I achieve this without having to pass them as query parameters in real world cases?
To call Scripto services in a way that doesn't require you to pass username and password as URL parameters, call the "auth" service, get a token, and then authenticate your calls with that token:
There are two self-explanatory parameters to that GET request - principal.username and password.
The return value looks like this:
<?xml version='1.0' encoding='UTF-8'?> <ns1:WSSessionInfo xmlns:ns1="http://type.v1.webservices.sl.axeda.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:WSSessionInfo"> <ns1:created>2015-06-25T18:15:29 +0000</ns1:created> <ns1:expired>false</ns1:expired> <ns1:sessionId>8b65875f-49ba-41f7-969e-2730de89c781</ns1:sessionId> <ns1:sessionTimeout>1800</ns1:sessionTimeout> </ns1:WSSessionInfo>
The token is contained in the sessionId element. In this example, it's 8b65875f-49ba-41f7-969e-2730de89c781. You'll authenticate your Scripto calls with the sessionId:
The sample return for the call above (a training exercise) is:
<message> <salutation>Hello, Artisan World!</salutation> <head/> </message>
Note that the sessionId has a timeout value of 1800. This means the sesionId will expire in 30 minutes (the timeout is configurable by a Platform Administrator). Therefore, the typical workflow is for an extended application is to: