Local authorization
The authorization to use the webPDF web service API is controlled via the local authorization in the server configuration. The settings are made via the Admin Portal and allow the specific activation and deactivation of the SOAP or REST interface, as well as the authentication used and the use of anonymous login. These settings can be configured separately for SOAP and REST.
You should always use the web services in conjunction with the SSL configuration of the server, otherwise the user data (name and password) may be transmitted in clear text.
SOAP API
In the default installation, no authorization is required on the SOAP interface and anonymous access is allowed. The web service endpoints can therefore be used directly without authorization and login.
The SOAP interface can be completely deactivated via the configuration if it is not used. It is also possible to disable anonymous use of the interface. In this case, a corresponding authorization must be passed with each web service call via the SOAP interface.
This SOAP authorization can either be done via the local authorization or be an authorization that has been done via an external OAuth2 provider. In the first case, the local authentication (login) is performed via the configured user source and is passed directly when the SOAP web service is called. In the second case, authentication is performed via the configured and external OAuth2 provider. The access token of the OAuth2 provider issued in this way is passed to the SOAP web service and used as authorization.
REST API
In the default installation, authorization is always required on the REST interface, i.e. each call to a web service must include an access token. The access token is provided via local authorization and a corresponding authentication or must be provided via an external OAuth2 provider. With local authorization, anonymous logon (authentication) is also possible, provided this has not been disabled via the configuration.
Local authorization uses the user source during authentication to check the user credentials consisting of user name and password and issue a corresponding access token.
Additionally, the REST API can also be disabled in its entirety via configuration.
Local authorization
Local authorization provides authentication in the local server via user name and password. For this purpose, the configured user source is used to verify the user's credentials. Anonymous login is also performed using this authorization. If local authorization is disabled, then authorization can only be done via an external OAuth2 provider.
The local authorization provides the access token (and refresh token, if applicable). The access token is then passed when calling the SOAP and REST API web services.