all parties you will be receiving messages from: to be able to leave messages, they need to be granted access to your website.
all parties you will be sending messages to: you need to register the authentication they have sent you for their interface here.
all parties that will be retrieving messages for themselves on your website: if a company you send a message to does not have a web interface for SCSN, the message will be put on your website for them to retrieve. They can only retrieve their messages if they have been granted access to your web interface.
If some of these parties are companies that belong to your own organization, you can decide whether or not they need authentication to send, receive or retrieve messages on the Settings tab. External parties always need authentication.
Press '+' to add a party.
Enter the company name.
Fill in at least one unique company identification. For non-Multicompany users, these codes can be found in Isah under customer '99999' and supplier '99999'. Multicompany users can have more than one company registered under Customers and/or Suppliers, and each of these will have unique ID's.
SCSN code: code for supply chain communication
GLN: Global Location Number
COC: Chamber of Commerce identification
VAT: tax identification.
Fill in the URL to the party's supply chain interface service. They will provide you with this.
Your company's message service will be contacting the web interfaces of parties you do business with to send or retrieve messages. The service will only gain access to these interfaces if you have registered the authentication information these companies have sent you. You do this as follows:
Open the record in which the party is defined by clicking the arrow in front of it.
Under Outgoing authentication, press '+' to add your access authentication.
Under Company, select your own company.
Pick the authentication type for this relation. This depends on the access data the party has sent you. There are three possible settings:
None: You do not need a password or token to gain access.
Bearer: The party has sent you a token to gain access to their environment
Basic: The party has sent you a user name and password to gain access to their environment.
After picking either 'Bearer' or 'Basic', fill in the token or user name/password the company has sent you.
Press Save.
Note: If a party belongs to your organization and the authorization setting specifies your own companies don't need authentication, a message to that effect is visible when you click the arrow in front of the party.
Open the record in which the party is defined by clicking the arrow in front of it. There will already be a line for incoming authentication, but it is set to 'Blocked'.
Click to edit the line.
Under Type, pick the access mode for this relation. There are three settings with which you can secure your data:
Blocked: Any company with this setting will be denied access.
Bearer: A company with the authentication type 'Bearer' needs a token to gain access to your environment. This token is supplied by you; you generate the token in the next step.
Basic: A company set to 'Basic' needs a username and password to gain access. The username is generated automically; you generate the password in the next step.
After picking either 'Bearer' or 'Basic', click the key icon to generate a token or a password. This will be copied to your clipboard, so you can easily send it on to the party that needs it for their access.
Note: If a party belongs to your organization and the authorization setting specifies your own companies don't need authentication, a message to that effect is visible when you click the arrow in front of the party.
Whenever there is a call to the web interface, the caller is identified using the methods described above. The interface returns a '401 - Unauthorized' if:
there is no authorization in the message
the message contains a 'Basic' identification, but no matching customer or supplier can be found
the message contains a 'Bearer' identification, but no matching customer or supplier can be found
For any calls made to the interface, the system logs date, time, caller identity and the result.
If they are an authorized party, the interface still runs the following checks:
When they connect to retrieve a message, the interface checks if the authenticated party matches the party to whom the message is addressed
When they connect to leave a message, the interface checks if the authenticated party matches the sender of the attached SCSN message.
If these checks fail, access will be denied and a '403 - Forbidden' will be returned.