SOAP authentication session id help

I'm a beginner and require assistance with implementing authentication for a SOAP resource. Specifically, my challenge involves the use of a session ID within the SOAP header for each subsequent call I make in my app.

To provide context, here's an example of what a typical raw soap envelope of the final query similar to the type that I want to make in my app might look like:

eg.

<?xml version="1.0" encoding="utf-8"?>
        <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
          <soap:Header>
            <UserSessionCredentials xmlns="http://www.url.net/">
              <UserId>{USER_ID}</UserId>
              <ClientId>{CLIENT_ID}</ClientId>
              <SessionId>{SESSION_ID}</SessionId>
            </UserSessionCredentials>
          </soap:Header>
          <soap:Body>
            <GetReportData xmlns="http://www.url.net/">
              <getReportRequest>
                <TemplateName>{template_name}</TemplateName>
                <SearchClause>{search_clause}</SearchClause>
                <OrderBy>{order_by}</OrderBy>
                <Columns>{columns}</Columns>
              </getReportRequest>
            </GetReportData>
          </soap:Body>
        </soap:Envelope>

I've successfully created a custom authentication flow in the resource section, where a call is made to the SOAPAction Authenticate providing a username and password. This returns a session ID.

However, I'm uncertain about how to include this session ID in the SOAP header for subsequent calls I query in my web app. I understand the process for REST API calls, where I would return the session ID I defined as a variable in the workflow in one of the headers here

But for SOAP, I'm unsure how to pass this session ID into the SOAP header, which is then used as a query in the final web app. I can't do this all in the resource section because I want the elements in the SOAP body to be selected by the user in the app. Eg. user requests a specific {template_name} {search_clause} as in the above image within certain date range, etc.

Could anyone please guide me on how to correctly implement this? Or is my approach off? What I want is a way to pass down the session id which i define in resource step to be available in the soap body of the query API call I make in my web app.

I also see I can do this all in the front-end app eg. 1) query that gets the sessionID, save this as a variable, use in subsequent queries. But this would involve making username and password visible I think?

Thanks in advance for any assistance.

Just to make my request a bit more concise - I need the session ID that I generate in my custom auth to be available in the body of my query. I cannot pass the magic variable with my session id to the SOAP header since this is in the body of my request and it appears the resource variables are not available there .

Can anyone point me in the direction of any alternative methods of how I might go about doing this?

image1321×468 72.1 KB

Anyone able to offer any assistance on this?

Hey @declan1231! As you've noted, it is not currently possible to use data obtained in the resource authentication process inside of an app.

Your thoughts here are correct:

I also see I can do this all in the front-end app eg. 1) query that gets the sessionID, save this as a variable, use in subsequent queries. But this would involve making username and password visible I think?

Though if the username and password are static values, you can set them up as configuration variables. Secret config vars are not available in the app, but the others are. This doesn't prevent someone with edit access and some curiosity from seeing those values, but is a step up from having them in plain text in the app.