Working with Web Services > Authenticated operations

Authenticated operations

Some operations in Web Services require a user. These are called authenticated operations. For these operations, you must have first logged in the user and received a session token.

Then as part of the request for the authenticated operation, you include the session token for the authenticated user (see Working with Web Services sessions). If an operation also requires specific user privileges, it is known as a privileged operation. For the differences, see Privileged operations.

Additionally, if the Always Require Authentication option is enabled in the Web Services Admin, then all operation requests (except isRestrictedAccess, license , loginUser, and version) will require a valid sessionToken.

For example, with this option enabled, the normally un-authenticated searchCatalog  request would require a session token.

Use the isRestrictedAccess operation to determine whether the Always Require Authentication setting is turned on or off.

If an authenticated operation request does not include a valid sessionToken element, the system returns an Access Denied exception (see SecurityServiceException: Access Denied).

The PatronSamples example shows how to make the login request and return the session token for use in authenticated operations. See Interacting with patron data using Perl for a specific example.

Related topics 

 


© 2009-2012 SirsiDynix