In this document we will go through the usage of token based authentication to communicate with dk Software using dkWSItems SOAP Service.
dkAuth works mostly like oAuth 2.0 except that one Token has the ability to be a combined
APIKey + RefreshKey = MasterToken
When to use
The services is supplied for customers as a SaaS
For security reasons we do recommend using dkAuth in every situation
with that said we do allow the use of WSE 2.0 authentication and BasicSecurity authentication
for systems like eCommerce that do the integration between system.
Tokens should always be used the the application communicating with the service is user/device based for security reasons along with other prices that do apply for this kind of integration.
How it works
You can request Token(s) using the service Interface using a CreateToken function in the web-service
the initial token requested is called a MasterToken.
All tokens from the service are valid for 5 day´s after creation and after that time they cannot be used in any other function than RefreshToken
You can request up to 10 tokens that are valid within the 5 day period and after the valid period the token will not be recognized by the service and will be rejected.
By giving the token a 5 day validation period systems communicating with the service do not have to force the already generated to be replaced in for example user web session and the token fades away gradually.
MasterToken is always the latest token requested from the service and is the only token in the token stack that can be used to initiate a Token Refresh using the service
All tokens are assigned to a application defined by you using the APPID defined in the TToken object in the service.
The token is return with information related to the user it is assigned to that can then be used for many purposed.
To refresh a token and get a new MasterToken that will push the current master token into the token stack do the following
NOTE : dkAuth 1.0 is available in version 1.4.5+