You need to sign in to do that
Don't have an account?
BNG Holdings Inc
Subsequent API Calls not working
So I can get the login() API call to work and return the sessionId and whatnot. However I cannot get any subsequent calls to work.
I get the error:
INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
However I recieved the Session ID from the return of the login method, so how can it be wrong?
I did notice that ever time I login() the sessionId seems to be the same. Also I noticed that it appears to be be encoded, do I need to decodebase64() the sessionId before I can use it? What should a valid sessionId look like?
Please Help!
If you need the WSDL you should save it to a local file and load it from that. but if you can't send soap headers at all, then you won't be able to use the SOAP API. Have you looked at the REST API, that might be more amianable to your tooling.
All Answers
A valid session id, I believe, should be something like <org-id>!<encrypted-data>.<more-encrypted-data>. The format has changed over time, so I could be wrong, and I don't have an easy way to grab a session ID right now.
Usually this error is caused because the ID is inside a malformed header. Try using your programming language's SOAP tracing functions to dump a request's XML to a file so you can examine it. The request should be formatted very similar to the "Example SOAP calls" section on the documentation area of this site.
Generally, you use something like "setSessionHeader()" on the binding using an object typically called SessionHeader. The exact details may vary depending on your language's SOAP implementation.
The formatting for my sessionId is laid out like you said, sfdcfox.
Essentially my language requires me to use an HTTPSecureSocket object, then I configure parameters for a SOAPmethod object, attach the SOAPmethod to the socket and call, and then put the output in a SOAPResponse object. (For anyone curious or experience similar issues I'm using Real Studio).
The abridged code for a login looks like this:
I then get the info from sr. If sr.error is true I report the error, otherwise I get the sessionId and other results.
But now that I have the sessionId, I make calls to other methods using the sessionId and new url and I get the sessionId error. I was originally adding the session header as a parameter on the SOAP method which I'm assuming is wrong as I discovered I can set headers on the Socket. So I do that:
But I still get the same invalid session id error.
I have two different ideas for where to go next. A lot of people have been talking about certificates and adding a certificate to the HTTPSocket. I was wondering if there were any more details as to how this works?
Am I required to use 2-way SSL?
My next idea was to try different connection types for the socket. My options are
SFSocket.ConnectionType = SSLSocket.<type>
TLSv1, SSLv2, SSLv3, SSLv23
Any other ideas?
Thanks for any help. I've been getting super frustrated at just trying to get over this last hurdle before its easy sailing and I do appreciate the help.
It should be a soap header, not a socket header (which i'm guessing in reality is a http header). You need to ensure that the soap header is created with the right xml namespace. (if you can get your tool to dump what its actual soap request looks like, we can check that the header is correct).
You are not required to use 2-way SSL.
Simon,
Thanks for taking the time to reply! I dont think your method will work for me unfortunately. The problem is the SOAPmethod object doesn't have headers.
Properties
Methods
I haven't been loading the WSDL from the url - but I have to be logged in to get the WSDL in the first place. Is it required that the WSDL be loaded? I figured I could just manually look at it to make sure I name parameters correctly. I'm also assuming that I either need to use parameters for the SessionHeader or use the HTTPSocket header, but neither seem to work. I'm frustrated and sad :-(
If you need the WSDL you should save it to a local file and load it from that. but if you can't send soap headers at all, then you won't be able to use the SOAP API. Have you looked at the REST API, that might be more amianable to your tooling.