Overview

SOAP web service allows managing user accounts and locations. The SOAP API consists of a set of callable methods.

https://{domain}.worldmanager.com/soap/v7/?wsdl

Please substitute {domain} with the domain name of your World Manager platform.

For testing purposes, we recommend to use your playground system:

https://{domain}-playground.worldmanager.com/soap/v7/?wsdl

Please substitute {domain} with the domain name of your World Manager platform.

Custom Fields permissions are also not applicable to SOAP API, and full permissions are always given to SOAP API consumers.

Security

The API service is protected to ensure that only authorised World Manager users use it.

World Manager APIs use the OAuth 2.0 protocol to control access to the API.

To begin, obtain OAuth 2.0 client credentials by creating an Integration Client in your World Manager platform as outlined in the section below. Make sure to enable “SOAP API” scope for the Integration Client. Then you can obtain an Access Token using Client Credentials grant flow which gives you access to the APIs. For details about using OAuth 2.0 for authentication, see OAuth2 Documentation. Please note that the Access Token will expire after a certain amount of time as specified in the response containing the token. Maximum token lifespan is 12 hours.

Create an Integration Client

Login to the World Manager platform as a World Manager account.
Click on “System Configuration” under “System” section in the Toolbox.
Click on “Integration Clients”.
Choose an existing Integration Client or click “New Integration Client” to create a new one.
The corresponding Client Secret value will be displayed in the “Client Secret” field.
To enable SOAP API, tick “SOAP API” checkbox under “Scopes”.

Access Token

Once you have created an integration client you will be issues “client credentials” in the form of a client identifier and a client secret. The Client ID is a publicly exposed string that is used by the service API to identify the application. The Client Secret is used to authenticate the identity of the application to our API, and must be kept private between the application and the API.

The application requests an access token prior to accessing SOAP API by passing the authorization details including the Client ID client secret to the API token endpoint which will generate your access token.

API Token endpoint for your platform: https://your.worldmanager.com/oauth/token

When accessing SOAP API, send the value as the OAuth 2.0 access token with the authentication type set as Bearer. For example:

Authorization: Bearer <access_token>

Unique Identifiers

Most of the entities which can be retrieved, created, updated, or deleted via the API have uuid field of type WmUuidInput or WmUuidOutput, respectively. This value servers as a unique identifier of the entity.

The API uses version 4 of UUID. See RFC 4122 for more information.

Date Formatting

All date and date-time parameters that are passed to the API are required to be in one of the following ISO 8601-compatible formats.

Date

Date values must comply with ISO_LOCAL_DATE formatting.

Example:

2011-12-03

Date-time

Date-time values must comply with ISO_ZONED_DATE_TIME formatting.

Examples:

2011-12-03T10:15:30Z
2011-12-03T10:15:30+01:00
2011-12-03T10:15:30.2311892+01:00