HireRight Integration Platform and API: HireRight Connect. Third Party Developer Guide



Similar documents
Secure Authentication and Session. State Management for Web Services

e-filing Secure Web Service User Manual

EUR-Lex 2012 Data Extraction using Web Services

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems

KMx Enterprise: Integration Overview for Member Account Synchronization and Single Signon

PowerCenter Real-Time Development

A standards-based approach to application integration

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

REST web services. Representational State Transfer Author: Nemanja Kojic

17 March 2013 NIEM Web Services API Version 1.0 URI:

Emerging Technologies Shaping the Future of Data Warehouses & Business Intelligence

soapui Client Testing ecrv Web Services with soapui 1 9/20/2012 First edition soapui-x ecrv Development Team

CONTRACT MODEL IPONZ DESIGN SERVICE VERSION 2. Author: Foster Moore Date: 20 September 2011 Document Version: 1.7

WebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

ActiveVOS Server Architecture. March 2009

Business Object Document (BOD) Message Architecture for OAGIS Release 9.+

This Working Paper provides an introduction to the web services security standards.

Adobe EchoSign API Guide

Grid Computing. Web Services. Explanation (2) Explanation. Grid Computing Fall 2006 Paul A. Farrell 9/12/2006

Mutual Fund Web Service Developer Guide

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006

Developer Guide to Authentication and Authorisation Web Services Secure and Public

Interoperable Provisioning in a Distributed World

Securing Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect

Dynamic Decision-Making Web Services Using SAS Stored Processes and SAS Business Rules Manager

Web Service Facade for PHP5. Andreas Meyer, Sebastian Böttner, Stefan Marr

XML Processing and Web Services. Chapter 17

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Integrating Remedyforce

Integration Overview. Web Services and Single Sign On

Consuming and Producing Web Services with WST and JST. Christopher M. Judd. President/Consultant Judd Solutions, LLC

DEPLOYMENT ARCHITECTURE FOR JAVA ENVIRONMENTS

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

WEB SERVICES SECURITY

Improving Agility at PHMSA through Service-Oriented Architecture (SOA)

Getting started with OWASP WebGoat 4.0 and SOAPUI.

Java Security Web Services Security (Overview) Lecture 9

Easy CramBible Lab DEMO ONLY VERSION Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0

Contents at a Glance. 1 Introduction Basic Principles of IT Security Authentication and Authorization in

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On

Single Sign-On Implementation Guide

CRM On Demand. Oracle Web Services On Demand Guide

Web Services Platform Guide

Load Testing SOAs which Utilize Web Services

Assessing the usefulness of the WS-I tools for interoperability testing

Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team

An Oracle White Paper Dec Oracle Access Management Security Token Service

PHP Integration Kit. Version User Guide

Siebel Web UI Dynamic Developer Kit Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

An Oracle White Paper November Oracle Primavera P6 EPPM Integrations with Web Services and Events

Integrating Siebel CRM with Microsoft SharePoint Server

Java Web Services Training

IBM Rational Asset Manager

Software Requirement Specification Web Services Security

Web Service Testing. SOAP-based Web Services. Software Quality Assurance Telerik Software Academy

Understanding Evolution's Architecture A Technical Overview

Consuming and Producing Web Services with Web Tools. Christopher M. Judd. President/Consultant Judd Solutions, LLC

Guiding Principles for Technical Architecture

Federated Identity Management Solutions

HexaCorp. White Paper. SOA with.net. Ser vice O rient ed Ar c hit ecture

WEB SERVICES. Revised 9/29/2015

MINISTRY OF FINANCE SYSTEM INTEGRATION PLAN ATTACHMENT NR 2 SEAP XML SPECIFICATION WEBSERVICE INTERFACE FOR EXTERNAL SYSTEMS PROJECT ECIP/SEAP

Sabre Web Services. Guide to Accessing and Consuming Services. July 15, 2014 v1.40

RS MDM. Integration Guide. Riversand

Oracle Access Manager. An Oracle White Paper

How To Build A Financial Messaging And Enterprise Service Bus (Esb)

Database Extension 1.5 ez Publish Extension Manual

NEMSIS v3 Web Services Guide

vcommander will use SSL and session-based authentication to secure REST web services.

Multi Factor Authentication API

Model User Guide for Implementing Online Insurance Verification

SOA, case Google. Faculty of technology management Information Technology Service Oriented Communications CT30A8901.

FUSE-ESB4 An open-source OSGi based platform for EAI and SOA

Agents and Web Services

PHP Language Binding Guide For The Connection Cloud Web Services

Technik und Informatik. SOAP Security. Prof. Dr. Eric Dubuis Berner Fachhochschule Biel. Version April 11, 2012

Developing Web Services with Documentum

Developing Java Web Services

Introduction to Service Oriented Architecture (SOA)

The Business Benefits of the Proliance Architecture. September 2004

JVA-561. Developing SOAP Web Services in Java

SOAP and WSDL. At the heart of Web services today are SOAP and WSDL, so it s important that. Part II

Web Services for Management Perl Library VMware ESX Server 3.5, VMware ESX Server 3i version 3.5, and VMware VirtualCenter 2.5

Acknowledgments. p. 55

WCF WINDOWS COMMUNICATION FOUNDATION OVERVIEW OF WCF, MICROSOFTS UNIFIED COMMUNICATION FRAMEWORK FOR.NET APPLICATIONS

An Interface from YAWL to OpenERP

SOAP Web Services Attacks

Reusing Existing * Java EE Applications from Oracle SOA Suite

Increasing IT flexibility with IBM WebSphere ESB software.

Using Foundstone CookieDigger to Analyze Web Session Management

Transcription:

HireRight Integration Platform and API: HireRight Connect Third Party Developer Guide

Table of Contents INTRODUCTION... 3 SECURITY... 3 LOGICAL VIEW OF API ARCHITECTURE... 5 NETWORK VIEW OF API ARCHITECTURE... 5 OPERATIONS... 6 WSDL & XSD ARTIFACTS... 7 USEFUL TOOLS... 8 APPENDIX A: SCENARIO 1 - CREATE A NEW ORDER... 9 APPENDIX B: SCENARIO 2 SSO CREATE ORDER PROCESS... 19 APPENDIX C: SCENARIO 3 EVENT-TRIGGERED BACKGROUND REPORT RETRIEVAL 31 APPENDIX D: USER SYNCHRONIZATION-RELATED APIS... 37 APPENDIX E: SIMPLE SSO APIS... 40

Introduction HireRight provides a robust technology integration platform called HireRight Connect. HireRight Connect makes it easy for third party vendors and partners to build custom integrations using standard tools and technologies. HireRight Connect allows other applications to seamlessly integrate with HireRight because it is built using a standards-compliant Service-Oriented Architecture (SOA). HireRight Connect also supports the HR-XML Consortium guidelines for XML data exchange. As part of HireRight Connect, HireRight offers a SOAP-based API that exposes most of the critical functions necessary to place and track background screening orders. The API toolkit is a library of data and services available to build integrations with HireRight applications. The integration provides a similar user experience and feature set available in our existing pre-integrated solutions. Because of our strong commitment to data security and integrity, HireRight Connect uses a SOAP-based interface (instead of a REST-based API) with the WS-Security framework in place. HireRight regularly adds new operations and services to HireRight Connect. SECURITY HireRight s API uses the WS-Security standard for authenticating inbound requests. Within the WS-Security framework, several different implementation profiles are supported. We use the UsernameToken with PasswordDigest method for authenticating users. This requires the presence of certain SOAP Headers, and relies upon an SHA-1 encryption digest to encrypt the password we provided (see the section WSDL & XSD ARTIFACTS for a test account username/password). The best source of information on how to implement this can be found in the specifications themselves, found at: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf The WS-Security UsernameToken Profile is currently provided, out-of-the-box by many different vendors/tools. Microsoft s.net environment includes support, as does popular Java-based tools such as Apache Axis (Rampart module) and Spring-WS, to name a few. Page 3 of 40

The basic principal used by these tools is to take a SOAP envelope: <soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:body> <hr_objs:list xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:hr_objs="urn:enterprise.soap.hireright.com/objs" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:xsd="http://www.w3.org/2001/xmlschema"> <hr_objs:hrobject xsi:type="hr_objs:listaccounts"> <hr_objs:companycode>xyz</hr_objs:companycode> </hr_objs:hrobject> </hr_objs:list> </soapenv:body> </soapenv:envelope> And wrap it with the appropriate SOAP WS-Security Headers: <soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:header> <wsse:security xmlns:wsse="[abbreviated]wss-wssecurity-secext-1.0.xsd" soapenv:mustunderstand="1"> <wsse:usernametoken xmlns:wsu="[abbreviated*]" wsu:id="xwssgid-11752176687181786926962"> <wsse:username>john</wsse:username> <wsse:password Type="[abbreviated*]">wrbuq1vbuB9II7/UswhPaxHkwnU= </wsse:password> <wsse:nonce EncodingType="[abbreviated*]">Js91z1AfVAU2bvBlilTbPCBg </wsse:nonce> <wsu:created>2007-03-30t01:21:09z</wsu:created> </wsse:usernametoken> </wsse:security> </soapenv:header> <soapenv:body> <hr_objs:list xmlns:hr_objs="urn:enterprise.soap.hireright.com/objs" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/xmlschema" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"> <hr_objs:hrobject xsi:type="hr_objs:listaccounts"> <hr_objs:companycode>xyz</hr_objs:companycode> </hr_objs:hrobject> </hr_objs:list> </soapenv:body> </soapenv:envelope> [abbreviated*] = Namespaces abbreviated for presentation purposes see the cited PDF files for full examples. The Nonce value is simply a unique identifier, similar to a GUID, that is used in conjunction with the Created timestamp to prevent reply type attacks. The Password digest value is composed by the following algorithm: Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ) Page 4 of 40

Logical View of API Architecture Network View of API Architecture Page 5 of 40

OPERATIONS HireRight s API uses a verb-noun type metaphor to manage how services are invoked. Below are a list of supported operations (i.e., verbs,), along with their supported objects ( nouns ). Operation Object Description Create Applicant Use to create an Applicant. Application Order User Use to create an Application. Requires Applicant Id. Use to place a background Order. Requires Application Id. User to create one or more HireRight users. GenerateWebLink SingleSignOnWL Returns a URL to the main HireRight landing page (user logged in). OrderApplicationWL Returns a URL to place an Order. List ListAccounts Returns a list of Accounts for a given CompanyCode. ListProductCatalogRequest ListUsers Returns a list of Packages for a given CompanyCode & AccountId. Returns a list of Users for a given CompanyCode & AccountId. Move EASApplication Used to move an EAS Application from one HireRight account to another. ReceiveReportFromQueue StatusScreeningReport Returns all queued Status Messages for a given API account. Will span across all HireRight accounts associated with that API account. Search ScreeningStatusReport Returns a single Screening Status Report for a given ApplicantId or OrderId, specified using ObjId. BackgroundScreening Report Returns a single Background Report for a given ApplicantId or OrderId, specified using ObjId. Update ModifyUser Allows updates to HireRight users. ActiveUser DeactiveUser Activate a HireRight user. Deactivate a HireRight user. What can be a source of confusion is that, if the Operation/Service has the same name and works with the same base XSD object, how do you differentiate the inbound requests? This is accomplished by way of an XSD extension. For example, the Application element is defined as: Page 6 of 40

<xsd:complextype name="applicant"> <xsd:complexcontent> <xsd:extension base="hr_objs:hrobject"> <xsd:sequence> <xsd:element name="candidate" type="hr_applicant:candidatetype"/> </xsd:sequence> </xsd:extension> </xsd:complexcontent> </xsd:complextype> Thus, the Applicant XSD element extends the HRObject, and adds additional elements that are unique to that object (CandidateType). This is expressed in the resulting XML as: <hr_objs:create xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:hr_objs="urn:enterprise.soap.hireright.com/objs" xmlns:s1="http://ns.hr-xml.org/2006-02-28" xmlns:s2="ext:enterprise.soap.hireright.com" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:s0="urn:enterprise.soap.hireright.com/applicant" xmlns:xsd="http://www.w3.org/2001/xmlschema"> <hr_objs:hrobject xsi:type="hr_objs:applicant"> <hr_objs:companycode>xyz</hr_objs:companycode> <hr_objs:userid>2222</hr_objs:userid> <hr_objs:accountid>3333</hr_objs:accountid> <hr_objs:candidate> <s0:candidateprofile> <s1:personaldata> <s1:personname> <s1:formattedname></s1:formattedname> <s1:middlename></s1:middlename> </s1:personname> ** NOT SHOWN ** </s1:personaldata> </s0:candidateprofile> </hr_objs:candidate> </hr_objs:hrobject> </hr_objs:create> In the above example, the xsi:type attribute defines what extension object is being used. WSDL & XSD ARTIFACTS HireRight has been a long-time supporter and member of the HR-XML consortia, and as such, we leverage the HR- XML specifications as closely as possible. We deviate only where there are no established schema elements which we can utilize. Since the HR-XML specification is extremely broad, we have paired down the HR-XML schemas to a more manageable size, based upon only those elements/attributes that we support. In other words, HireRight has implemented a fully compliant subset of the standard HR-XML schemas. The HireRight API WSDL can be found at: http://api.hireright.us:8090/services/hirerightapi.wsdl. This is currently a test-only environment, and does not interface or otherwise directly connect to HireRight s underlying backend. It is a testing sandbox that returns dummy data for each service call made, and is intended primarily for connectivity and WS-Security compatibility testing. NOTE: This is considered the official WSDL, and may likely be more up-to-date than this document describes. The URL used for placing service calls is found at: http://api.hireright.us:8090/services/hirerightapi/v/1/0 (as identified in the WSDL). However, you may also use http://api.hireright.us:8193/service/ (the trailing / is required) if you want to test without including the WS-Security SOAP Headers. This is beneficial for initial testing. We suggest first testing without WS-Security, and then adding it later once you ve established that you can successfully request/receive service calls. When connecting to the testing environment, use the following user name and password: User Name: john Password: changeme Page 7 of 40

HireRight has certified that our WSDL and operations are WS-I Basic 1.0 Compatible (using SOAPScope 5.2 from Mindreef). USEFUL TOOLS We ve found the following tools to be very useful: TOOL DOWNLOAD URL DESCRIPTION Mindreef SOAPScope http://www.mindreef.com/products/soap scope/index_temp.php Excellent commercial SOAP testing/invocation & documentation tool. soapui http://www.soapui.org/ Powerful open-source testing/invocation & inspecting tool. Alternative to SOAPScope. TCP Mon http://ws.apache.org/commons/tcpmon/ Tool for intercepting in-transit SOAP messages. Shows you raw XML as it s being exchanged. Very helpful. WebServiceStudio 2.0 http://www.gotdotnet.com/community/u sersamples/details.aspx?sampleguid= 65a1d4ea-0f7a-41bd-8494- e916ebc4159c Useful tool for testing compatibility with.net applications. Page 8 of 40

Appendix A: Scenario 1 - Create a New Order This scenario is where a faceless integration is required. That is, a complete data set is sent to HireRight for the creation of an order. This model is generally only appropriate where the source/client system can ensure that all data required for the package that is order is valid and complete. The process to create a new Order in this model is straightforward, and requires 3 web service (SOAP) calls to HireRight. The sequence is illustrated below: The steps involved are: Create->Applicant. This is used to create an Application, and only requires personal descriptor information that can be used to uniquely identify the applicant. These descriptors, such as Government ID (SSN) are those that do not change, regardless of the position being applied. This service call returns an ApplicantId. Create->Application. Once an Applicant is created within the HireRight system, an Application for that individual can be created. This is done through the Create->Application method call. HireRight supports multiple Applications per Applicant, which is two operations, are required (for example, different position being applied for may have different data requirements, such as years of employment experience that must be specified etc). Required fields (specified in the WSDL schema) include ApplicantId and contact information. This service call returns an ApplicationId. Create->Order. This operation, which requires an ApplicationId, is used to actually generate the HireRight Order. Similar to the relationship between Applicant and Application, there can be multiple Orders per an Application. This might result from where subsequent products are desired, perhaps based upon the initial results of the first Order placed. The Order requires a PackageId, which can be provided by HireRight, or queried directly using an API call. Page 9 of 40

With the OrderId that is returned from the Create->Order service method, the Client can optionally receive status updates pertaining to the ongoing processing of the Order, and also use it to fetch the complete Screening Report. Below are XML examples for the Create Applicant, Application and Order operations (Note: they do not contain the WS-Security SOAP headers, which can be rather verbose). Create->Applicant Example (REQUEST) <hr_objs:create xmlns:soapenc=http://schemas.xmlsoap.org/soap/encoding/ xmlns:hr_objs="urn:enterprise.soap.hireright.com/objs" xmlns:s1="http://ns.hr-xml.org/2006-02-28" xmlns:s2="ext:enterprise.soap.hireright.com" xmlns:s0="urn:enterprise.soap.hireright.com/applicant" xmlns:xsd="http://www.w3.org/2001/xmlschema"> <hr_objs:hrobject xsi:type="hr_objs:applicant" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"> <hr_objs:companycode>xyz</hr_objs:companycode> <hr_objs:userid>479321</hr_objs:userid> <hr_objs:accountid>ws_someaccount</hr_objs:accountid> <hr_objs:candidate> <s0:candidateprofile> <s1:personaldata> <s1:personname> <s1:givenname>john</s1:givenname> <s1:middlename>j</s1:middlename> <s1:familyname>doe</s1:familyname> </s1:personname> <s1:persondescriptors> <s1:legalidentifiers> <s1:personlegalid countrycode="us" validfrom="notapplicable"> <s1:idvalue name="ssn">111111111</s1:idvalue> </s1:personlegalid> <s1:userarea> <s2:drivinglicenseinfo> <s2:drivinglicense countrycode="us" idowner="ministry of Transportation" issuingregion="ny" validfrom="notapplicable" validto="notapplicable"> <s2:idvalue name="driver's License">123</s2:IdValue> <s2:nameonlicense>drvname5</s2:nameonlicense> </s2:drivinglicense> </s2:drivinglicenseinfo> </s1:userarea> </s1:legalidentifiers> <s1:biologicaldescriptors> <s1:dateofbirth>2000-10-15</s1:dateofbirth> </s1:biologicaldescriptors> </s1:persondescriptors> <s1:userarea> <s2:othernames> <s2:othername type="" validfrom="notapplicable" validto="2000-01-01"> <s2:personname> <s2:formattedname>first Name1 Last Name1</s2:FormattedName> <s2:givenname>first Name1</s2:GivenName> <s2:middlename>middle1</s2:middlename> <s2:familyname>last Name1</s2:FamilyName> </s2:personname> </s2:othername> <s2:othername type="" validfrom="notapplicable" validto="2001-01-01"> <s2:personname> <s2:formattedname>first Name2 Last Name2</s2:FormattedName> <s2:givenname>first Name2</s2:GivenName> <s2:middlename>middle2</s2:middlename> <s2:familyname>last Name2</s2:FamilyName> </s2:personname> Page 10 of 40

</s2:othername> </s2:othernames> </s1:userarea> </s1:personaldata> </s0:candidateprofile> </hr_objs:candidate> </hr_objs:hrobject> </hr_objs:create> Create->Applicant Example (RESPONSE) <ns1:createresponse xmlns:ns1="urn:enterprise.soap.hireright.com/objs"> <ns1:result> <ns1:id>000000000000000001</ns1:id> <ns1:success>true</ns1:success> </ns1:result> </ns1:createresponse> Page 11 of 40

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information