Why does the Web API responds «401 Unauthorized» for a request?

authentication
wsse-authentication
web-api
(Dmitry Fedyuk) #1

The generated header has a lifetime of 300s and it expires if not used during this time.
Each nonce might be used only once in specific time for generation of the password digest.
By default, the nonce cooldown time is also set to 300s.
This rule is aimed to improve safety of the application and prevent “replay” attacks.

orocrm.com/documentation/2.0/cookbook/how-to-use-wsse-authentication#header-and-nonce-lifetime

Details:

0 Likes

How is a WSSE header validated?
An example of a Web API request and response
The documentation wrongly says that the WSEE header lifetime is 300 seconds, but really it is 3600 seconds
(Dmitry Fedyuk) #2

See also:

0 Likes