Hi,

I have already previously asked about using SOAP to create a backend in relation to the e-commerce module (se this thread. I see now that SOAP is mentioned under APIs in the list of features in Silverstripe 2.3.0 (here).

Is there any documentation about how one would create a new SOAP based API? So far I have seen none. There are a few basic items that I would need to know:
- How to create the access functions
- How to get data into and out of the database
- How to secure the SOAP API, i.e., make it HTTPS only and require authentication of some sort (possibly require HTTPS client authentication)

Hans

Its a wrapper around RestfulServer, see http://doc.silverstripe.com/doku.php?id=restfulserver.
I've improved documentation slighty (see http://doc.silverstripe.com/doku.php?id=soapmodelaccess),
but its still fairly crude...

@Ingo

Thanks. You're doc updates are a start. So does this mean that you must have a REST API in order to have a SOAP backend?

I'd like to see more details about the security side of things. How do you restrict API access for data objects? How would you force all API accesses to use SSL?

Hans

Yes, you'll need to enable RESTful as well for the moment, I've filed a ticket to separate them a bit more cleanly: http://open.silverstripe.com/ticket/3727

> How do you restrict API access for data objects?
That should be in the RESTfulServer docs. Anything else you need?

> How to secure the SOAP API, i.e., make it HTTPS only
You have Director::forceSSL() at your disposal, which you could limit to match specific URLs only. Patches to make this configurable in the SOAP/REST servers are welcome :)