Rest and SOAP Services

Robots can be exposed as Rest or SOAP services. If you open the Edit Project dialog box then, on the Services tab, you can configure the runtime for these services.

Projects - service tab

By default Rest/SOAP services are protected by basic authentication. When invoking the services directly from a browser (using XMLHttpRequest), you have to disable the authentication, as you would otherwise be exposing login credentials in the JavaScript source files. When calling Rest/SOAP services from a programming language like Java, Ruby, C# etc, it is a good idea to have the services protected by authentication (assuming that you can keep the credentials stored in a secure manner).

There are certain restrictions when calling a Rest/SOAP service from a browser, unless the service is located on the same web server as the web page from which it is invoked. When calling a Rest/SOAP service from another domain (referred to as CORS Cross-Origin Resource Sharing), you have to include certain headers for the client to be allowed to process a resource from another domain. The Access-Control-Allow Origin is one such header. If you call a Rest/SOAP service in a cross domain fashion, you must specify the domain, from which the page that generated the request was loaded. If a page on http://example.com contains a page with JavaScript that generates a request to a service located on http://kapowsoftware.com, then the service response from http://kapowsoftware.com must contain the header Access-Control-Allow-Origin: http://example.com or built in security mechanisms in the browser will prevent it from processing the cross-origin response. You may use * as a wildcard, which means that any domain can invoke your Rest/SOAP service in a cross domain fashion.