>  >  

How to Use the API

Table of contents

Authentication token

To access a service through the Open Xerox API, you first need to obtain a token. This token will then be used to authenticate any service request you make and must therefore be sent in with the request. 

1. WRAP or OAuth2 ?

Open Xerox support both WRAP and OAuth2 authentication methods.

More information on WRAP can be found here :

OAuth2 Authorization Protocol draft is available here:

Here is some information to help you choose between WRAP and OAuth2;

  • OAuth2 is a replacement for WRAP, which is now deprecated. However, it will remain supported by Open Xerox.
  • OAuth2 specifications are still a draft, and it is possible that they change in the future.
  • OAuth2 provides more features (e.g. refresh token, client credentials) but a bit more complexity, as the token information is sent back in JSON format that needs to be parsed.

2. Obtaining a token

You may obtain an authentication token by using a post request (using https) with the username and password to the following url :

  • To obtain a token with WRAP : https://services.open.xerox.com/api/Auth/Authenticate.
  • To obtain a token with OAuth2 : https://services.open.xerox.com/api/Auth/OAuth2.

More information on OAuth2 Authorization on Open Xerox is available in this page. The token is valid for 20 minutes, so you can reuse it, after that you need to re-authenticate using the username/password or the refresh-token for OAuth2.

The token returned by the authentication server looks like this:

WRAP access_token="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=smith&Issuer=https://open.xerox.com&Audience=https://open.xerox.com&ExpiresOn=1350570924&HMACSHA256=XD2ARNZYiBUd%2f52xb5Hm%2fSAWZBFBfpjhoBM828eXFpk%3d"

And the refresh token:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=smith&http://open.xerox.com/RefreshTokenDate=1338383147&Issuer=https://open.xerox.com&Audience=https://open.xerox.com&ExpiresOn=1369919147&HMACSHA256=j9%2fJz4asHR8eNX3aY29BesXTWUnhwUEzajTMkpQy73I%3d

Check all samples here to get the token.

2. Sending a token

You may send the token in one of the following ways (e.g. for WRAP): 

  • in the Authorization Http Header:
    WRAP access_token="PUT THE TOKEN HERE"
  • in the query string like this:
    wrap_access_token=PUT THE TOKEN HERE
  • in a SOAP Header for a Soap call:
    <Authorization xmlns="http://open.xerox.com/">PUT THE TOKEN HERE<Authorization>

SOAP Web Service

To access an Open Xerox soap web service, you need to use the following urls with the Wsdl and the associated binding (Soap 1.1 or Soap 1.2) : 

The wsdl can be accessed using basic authentication to support various IDE.

Check all samples here to call a SOAP Web Service.

Open Xerox allow easy integration of SOAP Web service using a REST Api, more information here on this help page.

REST Web Service

To access an Open Xerox Rest web service, you need to use the following url :