AnsweredAssumed Answered

Integration with Clarity Web Services

Question asked by on Aug 22, 2011
Latest reply on Aug 22, 2011 by
Hi All,

We are on Clarity 8.1 yet.

We have other business partners that want to be able to access Clarity and using the Project Unique Name they want to get some information of the project like Status and if the Project really exists.

Looking at the Integration.pdf documentation I can see suggestions like XOG, GEL and Web services.

To me the Web services would be the best way of doing that kind of integration but I am concerned with the way this is available today.

First, only the entire object data is returned if I try to get data from a Project for instance. That is because the OOTB solution provides a Project object web services that returns all data related to that project. That not only means lots of garbage as well as unnecessary risk since we are sending lots of data that should not be sent.
How can I make sure that only the information I want will be sent to the requesters? Should I create a new Object that would have only the fields I want from a Project?

Second, according to what I could read, the client will have to specify user/password in the SOAP envelope or there will be at least 1 call to get the session ID with the user/password as texts in the SOAP envelope. That is not secure and will not be allowed. I do understand the need to know the user doing the request in order to apply the necessary security but sending user/password unencrypted in a SOAP call is just too unsecure in my point of view, even thorugh SSL it would still means that the client would have user/password information as text on their side so no good at all.
Anyone knows of a simple way to get data without the need to provide that kind of information?
Maybe a way to make a service that could be accessed by any application inside the company and that uses a standard user since the data provided does not contains confidential or highly restricted information? (I know there is a concurrency issue here but it would be a different topic)

XOG and GEL are also a possibility but I would probably be working with exporting data to files, I would very much prefer stay on web services in order to not to have to worry with lots of other security issues regarding that approach in my company.

I would appreciate any insights on that kind of situations since I am sure lots of you had to deal with this some time in the past. -_-


Fabricio De Marchi