...

In Blueriq it is possible to create your own web services, either via REST or SOAP. Blueriq Runtime supports security on Blueriq as a Service out of the box by adding roles to the webservice definition. It is also necessary to use the 'securityEnabled' property on the shortcut, it will make sure that the endpoint itself will be secured.

Secured shortcuts

It's possible to secure BAA(R)Ses by providing a property to the shortcuts for the baa(r)s:

blueriq.shortcut.<shortcut name>.securityEnabled = true

, which will secure the endpoint. 

Adding a role to the webservice

...

A Role can be added to an exposed Flow (which is started from the service definition) in Blueriq Encore. This can be useful if the flow is started from multiple contexts. Otherwise adding the role at the service definition is preferable over this option.

Conversations

A Role can be added to a Conversation in Blueriq Encore which is Exposed as a web service. 

Image Added

Security endpoints

These endpoints are secured when a role is set and the securityEnabled property is enabled for the shortcut.

REST: Runtime/server/rest/{Webservice}/{Operation}
SOAP: webservices/aaas/{Webservice}/{Operation}

The SOAP WSDL is not secured.

webservices/aaas/{Webservice}/aaas.wsdl

Response status codes

Both REST and SOAP services return status codes to indicate the result of the request that was sent. There are however differences between the results produced when a request does not end successfully. 

REST Service 

REST services will return a 401 status code for when a user is unauthenticated and a 403 code for when a user is authenticated but does not possess the required roles.

SOAP Service

SOAP services work differently because they will only return a 200 status code for successful requests or a 500 code accompanied by a SOAP fault for failed requests.