About WS-Security

Applies to ReadyAPI 3.30, last modified on March 24, 2022

In ReadyAPI, you can use WS-Security to make your requests safer.

Accessing the WS-Security Editor

To open WS-Security settings, switch to any node in the APIs section of the Navigator and select WSS Config from the Auth & Security drop-down on the toolbar.

SOAP API testing: The WSS config button on the toolbar

Click the image to enlarge it.

You can also select Project > WS-Security configurations from the main menu.

In ReadyAPI 3.5.2 and earlier, you could set up WS-Security on the Endpoints page in the service editor. The page was reworked in 3.6.0 and no longer has this feature. If you update from 3.5.2 to a newer version, your WS-Security settings from the Endpoints page will be lost, and you will have to recreate them using the WS-Security Configuration dialog, as described below.

WS-Security Configuration Dialog

The WS-Security configuration dialog includes the following tabs:

SOAP API testing: The WS-Security configuration dialog

Click the image to enlarge it.

  • Outgoing WS-Security Configurations – Configurations that should be applied to outgoing messages, including requests and VirtResponses. This configuration type is used for encrypting, signing and adding SAML, and for timestamp and username headers.

  • Incoming WS-Security Configurations – Configurations that should be applied to incoming messages, including responses, VirtRequests, or monitored requests and responses. This configuration type is used for decrypting and verifying the signature of incoming messages.

  • Keystores – Keystores used for encryption, decryption, and signing.

  • Truststores – Truststores used for signature verification.

See Also

WS-Security Tutorial
WS-ReliableMessaging
WS-Addressing

Highlight search results