function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

How to pass BinarySecurityToken in a SOAP Request header ?

As part of an SOAP integration I'm doing. I've requirement where I need to pass the BinarySecurityToken in the header of the SOAP request. Unfortunately the WSDL will not contain the header information, so wsdl2apex convertor will not generate the associated Header classes.I've included the below snippet which is not working and erroring out as 'System.CalloutException: IO Exception: input contained no data'

I've added below two classes in the Webservice stub class that's generated-

    public class Security_element{ 
        public Security_element(String securityToken){
            this.securityToken = new BinarySecurityToken_element(securityToken);
            this.wsse = '';
        public BinarySecurityToken_element securityToken;
        public String wsse;
        private String[] wsse_att_info = new String[] {'xmlns:wsse'};
        private String[] securityToken_type_info = new String[]  {'wsse:BinarySecurityToken','','element','1','1','false'};
        private String[] apex_schema_type_info = new String[]{'','true','false'};
        private String[] field_order_type_info = new String[]{'securityToken'};
    public class BinarySecurityToken_element {
        public BinarySecurityToken_element(String securityToken) { 
        public String securityToken;
        public String myValueType;
        public String myEncodingType;
        public String myID;
        private String[] securityToken_type_info = new String[]{'wsse:BinarySecurityToken','','element','1','1','false'};   
        private String[] myValueType_type_info=new String[]{'ValueType'};
        private String[] myEncodingType_type_info=new String[]{'EncodingType'};
        private String[] myID_type_info=new String[]{'Id'};
        private String[] apex_schema_type_info = new String[]{'','true','false'};
        private String[] field_order_type_info = new String[]{'securityToken'};              

******************This will go to class that makes the callout*************************

List docList = [select id, name,Body from document where name = 'secToken.txt']; //Docuement contains the security token I need to pass in the header
public wsSampleProjectV1.Security_element sec = new wsSampleProjectV2.Security_element(EncodingUtil.base64Encode(docList[0].body));
private String sec_hns = 'Security='; 

*********SOAP Request Header that I need to pass is -

      <wsse:Security xmlns:wsse="">
         <wsse:BinarySecurityToken ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary" Id="X509Token">
                ---Encoded BinarySecurityToken goes here------

Any help on what's going wrong is much appreciated.
Daniel BallingerDaniel Ballinger
There is a blog post Callouts from Salesforce – Adding Soap Headers for WSSE Security, although it isn't explicitly about the BinarySecurityToken header.

I'd suggest looking at the Debug log for when the callout occurs. This will include the CALLOUT_REQUEST events. These will include the raw SOAP message that was sent. You can compare this with what you want to see how they differ.
Thanks Dan ! I did look into that blog already. I'm not able to see the raw SOAP request in the debug log. Can you pls let throw some light on that.
Daniel BallingerDaniel Ballinger
To see the CALLOUT_REQUEST events in the DEBUG log you will need to be a a Developer Edition org. Other org types don't do the same level of logging.

Before you attempt the callout, open the Developer Console. In the Menu under Debug > Change Log Levels, press Add/Change. Ensure the Callouts is set to INFO (or a lower level).

Then trigger the callout to occur in Apex.
Open the corresponding Apex Debug log from the Logs tab.

Scan the log looking at the Event Column. You want to find the CALLOUT_REQUEST event. The details column should contain the raw SOAP message that was sent out.
Another alternative would be to use the FuseIT SFDC Explorer ( to generate the Apex classes. The only trick here is you would need to manually modify the WSDL before hand to have the BinarySecurityToken header. 
Thanks Dan. Will give it a shot. Appreciate your prompt response.
Hi Dan,
Would you know how to add Header to the WSDL. I'm unable to generate he heade thru code.

Phil SpenceleyPhil Spenceley
I don't think it is possible to, using WSDL2Apex (or webserviceCallout.invoke), generate an simple XML type that also contain an attribute...

e.g. I don't think the following is possible...
<wsse:BinarySecurityToken ValueType="wsse:X509v3">Some Value Here...</wsse:BinarySecurityToken>
Ritesh Aswaney 15Ritesh Aswaney 15
@LoveSFDC - what value are embedding in the BinarySecurityToken? What does the standard prescibe is embedded into this element?
Prakash NawalePrakash Nawale
Love SFDC,

I am facing same issue, Can you please let me know how to resovle this?