Authentication

Authentication can be done in two ways: via user and password (in clear text) or via an encrypted token.

Naturally, clear text authentication is recommended to be used only in a secure environment (e.g. when the XML requests are transported over HTTPS).

Plain text authentication (login)

Specified using the user and pwd attributes. The pwd attribute is optional and can be omitted when the login does not require a password.

Plain text authentication (single sign-in)

Specified using the domain and user attributes. This is mostly done when using HTTP authorization, where the successful HTTP authorization is carried over into the XML request as single sign-in.

Encrypted authentication

Specified using the auth attribute. A suitable token can be generated programmatically using the update.lib.dll C# assembly using InterfaceAuthenticationTicket.CreateTicket7(String username, String password). The tokens are specific to the CRM.interface they are generated for (i.e. they cannot be shared between the different numbers of CRM.interface), and are intended for one-time only (they have a very short expiration time by default).