General Information

Date/Times

All Date/Times will be returned by the API either directly or as properties of complex types in Universal Standard Time (UTC). It is assumed all Date/Times provided to the API as method arguments are also in UTC format.

Exception Handling

All exceptions returned by the API to the caller during method operation will be provided as a FaultException type with a generic message property. Further details of the exception’s true cause and any possible resolutions or workarounds will be logged on the server where the API is hosted. The API is only provided with bare minimum information during error state to enable it to elevate security concerns i.e. not informing attackers of valid system login names due to password failure.

catch (FaultException exception)
{
// Perform specific handling for API exceptions
}
catch (Exception exception)
{
// Perform specific handling for any implementation exceptions
}

Security and Authentication

The SOAP interfaces support three possible security configurations: WCF Windows security, WCF Username security and manual credentials provided via method argument.

For both WCF Windows and Username channel configurations the caller should pass NULL to the Credentials argument for each API method. The authentication will be taken as the caller’s channel context identity and authenticated against PolicyHub.

For manual credential security the API services can be deployed without endpoint security. Instead the API caller will need to provide a PolicyHub username and password within the Credentials argument for each API call.

  Note: If the API service has been deployed to use Windows or Username security channels and the Credentials argument is provided to a method call the API will
          assume the Credentials take precedent. If this is the case, then the API will attempt to authenticate them using the given username and password combination in the
          argument.