Workflow of Cloud Connect Web Services
Before calling a Cloud Connect web service from an application, a software vendor needs to develop the following modules:
>Communication Module: Create HTTPS communication module to send and receive messages. The software vendor application should establish SSL session with Directory Services and Cloud Connect using CA certificate. The message exchange happens over SSL.
>Signature Module: Create HMAC-SHA256 signature as specified by Thales to authenticate a software vendor node. Each software vendor request is authenticated by Sentinel Cloud Connect.
>Message Module: Directory Services and Cloud Connect use XML messages for sending request and response. Therefore software vendor client application should develop module to create and read XML.
Calling Sequence
The software vendor application (web service client) should call Cloud Connect web services in the following order:
| 1 |
Send the POST registration request to Directory Services with Vendor ID, to register the client and acquire Cloud Connect URL for subsequent web service calls. Directory Services will return an XML response containing the Cloud Connect URL for the given vendor. |
|
After the success of the POST registration request, the client can call other web services by using the acquired Cloud Connect URL. The software vendor application needs to send the POST registration request during the start. Once the request is successful, it is not required to be sent again. |
|
| 2 |
Send the GET license request to information of entitlements, products, and features, license consumption, and license availability. The Sentinel Cloud Connect will return response in the XML format. |
| 3 |
Send the POST licenseSession request to consume a feature with details of customer, feature, and user. The Sentinel Cloud Connect will return the session handle. |
| The client will store this session handle to use the feature. The same session handle is used later either to update the session or complete the session. | |
| 4 | Send the PATCH licenseSession request periodically to Cloud Connect with the acquired session handle to update a particular session. |
| 5 |
Send the DELETE licenseSession request, to Cloud Connect to stop the feature consumption, and complete the session. The request is sent with the acquired session handle (returned in step 3). |
| If the HTTP error 401 occurs in response to a request, retrieve the Cloud Connect URL again by sending the POST registration request. |
About HTTP 401 Error
The HTTP 401 error is returned if the Cloud Connect URL has been changed due to infrastructure changes. The software vendor application communication module traps HTTP 401 error, connects with Directory Services again, and retrieves a new Cloud Connect URL.
For other errors (such as licensing and parameter errors), the web services client gets an error in XML which need to be parsed. The HTTP error is not used in this case.
HTTP Error 401 with Error Code 2027 - for Invalid Vendor ID from Sentinel Cloud Connect
The following is the sample flow to handle the case where HTTP status code 401 is encountered with the error code 2027, when the vendor ID passed in the request message is invalid:
1.Call the POST registration web service to get the Cloud Connect URL.
2.Call POST licenseSession/DELETE licenseSession/PATCH licenseSession/GET license on Cloud Connect URL.
3.If HTTP error 401 is encountered in step 2 , go to Step 1.
