When retrieving a WSDL from a SOAP-HTTP interface, the cardinality of the elements are not aligned to the cardinality of the Web Service Method Inputs and Outputs. This can cause an incorrect exposure of the WSDL to third party consumers that consume the SOAP-HTTP API.
Here is how we are going to reproduce this:
I am using Outsystems Service Studio 10.0.815.0, the latest as of 11th May 2018. The Tutorial “Developing OutSystems Web Applications, Final Bookings Assignment” is used as reference.
In this example I have a module for API and a module for Database within the same application. I’ve added all entities which are present in the module for Database as dependencies in the module for API. The Room Entity has Id, RoomNumber, AdultsCapacity, ChildrenCapacity and Price. All as Mandatory Entity Attributes.
To show you that all “Entity Attributes” are “Mandatory”.
To expose a SOAP-HTTP API I created 2 structures in the module for API:
All structure attributes are defined as “Optional”
Then I create in the Logic Tab an “Exposing SOAP Web Service” with the Web service name as Rooms. I created a Web Service Method with the Method name as “CreateRoom”. In the “CreateRoom” Method, I create an “Input Parameter” and point to the “HotelRoom” Structure. Then I also create an “Output Parameter” and point to the “Result” Structure.
To show you that all Structure attributes are “Optional” and inherited from the structures:
The “CreateRoom” Web Service Method contains the following contents:
Just a simple invocation receiving the input parameters, Run a “CreateRoom” Action and Assign a correct “Code” and “Message” to the Output.
The expected result of this should be:
- All “Structure Attributes” in the Input and Output of the exposing Web Service Method “CreateRoom” should be “Optional”.
- All Elements in the WSDL should also be “Optional”.
So after publishing the Module for API, I explicitly close my web browser and go the URL:
https://<DomanRemoved>/Bookings/Rooms.asmx?wsdl and here is the CreateRoom Web Service Method with all elements in the HotelRoom ComplexType as “Optional”:
Huhhh….. They are Mandatory….?
What can we conclude from this exercise?
- The cardinality of the ComplexType “HotelRoom” is totally ignoring the Cardinality of the “HotelRoom” structure, instead the cardinality is inherited from the entity “Room”.
- The cardinality of the ComplexType “Result” is inherited from the “Result” structure, because there is no “Result” Entity.
More about API Management
The digital ecosystem is evolving in many directions. Organizations are adopting multiple channels to drive newer sales channels, trigger new business models and generate more and more revenue. This triggers the need of unlocking business assets to the outside world in a secure manner. The increasing demand from Internet Business Models, IoT, social media and Cloud Adoption will exponentially increase the need to expose the business assets to the outside world by means of API.
