Use SecurityToken in SOAP header

To make API V3 SOAP calls a SecurityToken is needed in the header of the SOAP message. The SecurityToken can be retrieved via the Login call and can be used for serveral hours. The access to the different API functions is based on the App integration rights and the subscription settings. The login call authentication is based on the two keys provided by the platform. See: Generating application security keys.

Example of SOAP Header

This example shows the SOAP Header for the call GetInboxDocumentStatus.

<SOAP:Envelope xmlns:SOAP="">
        <Authentication xmlns="" xmlns:xsi="" xmlns:xsd="">
    <SOAP:Body xmlns:xsi="" xmlns:xsd="">
        <GetInboxDocumentStatus xmlns="">

Example of SOAP Handler in Java

Changing the SOAP Header before sending can be done in java by adding a SOAPHandler to the used Service. This can be done with a HandlerResolver.

public class HeaderHandler implements SOAPHandler<SOAPMessageContext> {
    private String securityToken;
    public boolean handleMessage(SOAPMessageContext smc) {
        Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
        if (outboundProperty) {
            SOAPMessage message = smc.getMessage();
            try {
                SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
                SOAPHeader header = envelope.getHeader();
                header = envelope.addHeader();
                SOAPElement security =
                        header.addChildElement("Authentication", "h", "");
                security.addAttribute(new QName("xmlns"), "");
                SOAPElement securityTokenElement =
            } catch (SOAPException | DOMException e) {
        return outboundProperty;

For the complete code see the java example code page: EConnect_API_V3_1_Soap_Example

Example of SOAPHandler in .net c#

The Class EConnectServiceSoapClient is generated with the WSDL.

class Program
    public static EConnectServiceSoapClient client = new EConnectServiceSoapClient();
    public static  Authentication GetToken()
        var login = client.Login(new Login()
           ConsumerKey = "",
            ConsumerSecret = ""
        return new Authentication() { SecurityToken = login.SecurityToken };

    static void Main(string[] args)
        var token = GetToken();
        var inboxdocs = client.GetInboxDocuments(token, new GetInboxDocuments()
            EConnectPartyId = "XCNL10019"



Was this article helpful?