all parties you will be receiving messages from: to be able to leave your messages here, they need to be granted access to your website.
all parties that will be retrieving messages for themselves on your website: if a company you send a message to does not have a web interface for SCSN, the message will be put on your website for them to retrieve. They can only retrieve their messages if they have been granted access to your web interface.
Any incoming messages or requests to retrieve messages need to be verified to maintain security. Incoming messages and requests that lack authentication will be refused.
Registering access to your website for other companies
Press '+' to add a party that you want to give access to your service.
Fill in the SCSN code of the company. This has to be the same as their SCSN code in Isah. If it concerns a customer, this code can be found on the Customers form; if it is a supplier, you can find it on the Suppliers form.
Specify the Interface address. This is the address of the company's web service; they will supply this to you.
Pick the access mode for this relation. There are three settings with which you can secure your data:
Blocked: Any company with this setting will be denied access.
Bearer: A company with the authentication type 'Bearer' needs a token to gain access to your environment. This token is supplied by you.
Basic: A company set to 'Basic' needs a username and password to gain access. Their username is always equal to their SCSN code.
After picking either 'Bearer' or 'Basic', click the key icon to generate a token or a password. This will be automatically entered into the relevant field and copied to your clipboard, so you can easily send it on to the company that needs it for their access.
Press the Save icon at the end of the row.
Messages referring to access problems
Whenever there is a call to the web interface, the caller is identified using the methods described above. The interface returns a '401 - Unauthorized':
if there is no authorization in the message
if the message contains a 'Basic' identification, but no matching customer or supplier can be found
if the message contains a 'Bearer' identification, but no matching customer or supplier can be found
For any calls made to the interface, the system logs date, time, caller identity and the result.
If they are an authorized party, the interface still runs the following checks:
When they connect to retrieve a message, the interface checks if the authenticated party matches the party to whom the message is addressed
When they connect to leave a message, the interface checks if the authenticated party matches the sender of the attached SCSN message.
If these checks fail, access will be denied and a '403 - Forbidden' will be returned.
