Adobe Campaign, Marketing Automation

ACC TIP | Build REST over SOAP API

Adobe Campaign Classic REST over SOAP

If you’re familiar with Adobe Campaign Classic, you may have noticed that it utilizes the SOAP (Simple Object Access Protocol) API.

We live in an age where REST is taking over, and the good old XML SOAP is slowly being forgotten. To me, as an old-timer, I can confidently say that it doesn’t make any difference because both are used for the same purpose: making systems work together.

Despite being widely used when ACC was released back in 2001, SOAP has since become less popular in favor of newer APIs. However, Adobe Campaign Classic still utilizes SOAP, and understanding its functionality is crucial for successful integration.

Same same but different meme james franco

For wrapping SOAP with REST we will use NL.API.init from api.js (xtk) library. Here’s an explanation of how to use this library:

  1. Import the necessary server-side dependencies:
    loadLibrary('/nl/core/shared/nl.js')//(required) bootstrap to NL framework 
    // with above we can use NL.reuire()  it is basically same as loadLibrary() with additional steps 
	// of checking if the library has not been loaded already before
	NL.require('/nl/core/shared/xtk.js')//(optional) Shared functions to manipulate XTK data and datatypes
	.require("xtk:shared/json2.js")//(optional) if you need to manipulate json object
    .require("/nl/core/api.js")// (required)
    .require('/nl/core/jsspcontext.js')//(required)
  1. Call the NL.API.init function to initialize the API with default behavior:
NL.API.init = function(request, response, options, callback) 

The init function takes four parameters:

  • request: The HTTP request object.
  • response: The HTTP response object.
  • options: An object containing additional options for API initialization.
  • callback: A function responsible for generating the API call, which takes the jsspContext as an argument.
  1. Configure the API initialization options: The options object can have the following properties:
  • jsonOutput (Boolean, default: false): Set it to true to have JSON output content type.
  • authentication (Boolean, default: true): Set it to false to implement an API call without authentication.
  • escalationToken (Object): An object containing an optional login property for privilege escalation.
  1. Implement the callback function: The callback function is responsible for generating the API call. It takes the jsspContext as an argument and should contain the logic for processing the API request.
  2. Additional functionality: The code snippet also includes cache control headers and content type configuration based on the provided options. It handles authentication and privilege escalation if applicable.

If you take a look at the line 88 of ‘api.js’ library, you will see the authentication process handled by ‘xtk:jsspcontext.js’ library. From where we can see the our API call will accept session token in query parameters or in POST request, unless the authentication is not switched off.

Authentication

You can use sessiontoken with GET, POST and cookie to authenticate to the API service. If you do not want to use authentication at all you can turn it of by setting the property authentication to false. This can be used for ping monitoring service, where all server vitals are monitored by another monitoring tool eg. splunk.

GET __sessiontoken

Session token passed in GET request. GET requests can be cached by browsers, stored in browser history, logged in web server logs, and displayed in the URL bar. If a security token is included in the URL of a GET request, it can potentially be exposed in these places, making it easier for attackers to exploit it.

POST header X-Security-Token

Session token passed in POST header ‘X-Security-Token’. Since POST requests do not expose the parameters in the URL, they provide an extra layer of security compared to GET requests. However, it’s important to note that POST requests are not immune to attacks. They can still be vulnerable to other types of security threats, such as cross-site scripting (XSS) or SQL injection, if proper security measures are not implemented.

Session token

You can obtain session token with another call that the REST will follow. We can show it on example inside Adobe Campaign Classic workflow in JavaScript activity.

var http = new HttpClientRequest("https://example.com/nl/jsp/saprouter.jsp"),
    token,
    response,
    document;

http.header["Content-type"];
http.header['SOAPAction'] = "xtk:session#Logon";
http.method = "POST"
http.body = <soapenv:Envelope>
   //SOAP XML REQUEST AS IS IN WSDL FILE 
  //..
  //..
  //SOAP XML REQUEST AS IS IN WSDL FILE 
</soapenv:Envelope>;

http.execute();
response = http.response;

if(response.code == 200){
//parse out the session token
  document = response.body.toDocument();
  token = document.getElementByTagName("pstrSessionToken");
}

Example

 // as we are in JSSP you can also use page directives to import libraries
 // <%@ page import="/nl/core/shared/nl.js"%>
  <%  
    loadLibrary('/nl/core/shared/nl.js')
    //with above we can use NL.reuire() instead loadLibrary()
	NL.require('/nl/core/shared/xtk.js')
	.require("xtk:shared/json2.js")
	.require("xtk:common.js")
    .require("/nl/core/api.js")
    .require('/nl/core/jsspcontext.js')//for authentication

 NL.API.init(request, response, {
    jsonOutput: true
    }, function(jsspContext) {
            response.addHeader("Pragma", "no-cache")
            response.addHeader("Cache-Control", "no-cache");
            response.addHeader("Expires", new Date().toGMTString());
            
            //do something resty
   			//ot call other SOAP libraries as needed
   
            document.write(JSON.Stringify({result:"some result"}));
    });
%>

Newly created REST API is then called:

https://example.com/namespace/jsspPageName.jssp

With “wrapping SOAP to REST” methods or even create new ones to provide a more familiar and straightforward interface for developers who are accustomed to working with RESTful services.

Oh hi there 👋
I have a FREE e-book for you.

Sign up now to get an in-depth analysis of Adobe and Salesforce Marketing Clouds!

We don’t spam! Read our privacy policy for more info.

#JavaScript #jsapi #programming
Marcel Szimonisz
Marcel Szimonisz
MarTech consultant As a marketing automation consultant, I specialize in solving problems, automating processes, and driving innovation in my clients' marketing platforms.

I hold certifications in Adobe Campaign v6 (3x certified) and Salesforce Marketing Cloud (5x certified).

Additionally, I serve as a community advisor for Adobe Campaign, offering expert insights and guidance.

In addition to my professional pursuits, I also enjoy exploring various programming languages, CMSs, and frameworks, further enhancing my technical expertise and staying at the forefront of industry advancements.
Take a look at our subscription offering in case you are looking for a Marketing Automation Consultant.

Leave a comment

Your email address will not be published. Required fields are marked *

Similar posts that you may find useful

how to publish cloud page immediatelly
Marketing Automation, Salesforce Marketing Cloud, SFMC Tips & Tricks

SFMC TIP | How to publish cloud page immediately

2 minutes read

You know the struggle when developing a cloud page application and trying to debug some issues or make changes. You publish the cloud page and wait and wait. Sometimes it takes ages, and other times it is right away. Why does this happen? How can we make it work immediately? Why we have to endure … Read more

Continue reading
SFMC tips and tricks
Marketing Automation, Salesforce Marketing Cloud, SFMC Tips & Tricks

SFMC TIP | Data views for transactional emails

1 minute read

Data views in Salesforce Marketing Cloud are very handy, when it comes to getting data insights from various sources inside the platform. I will give you a quick start on how to get data insights for you transactional emails using data views. We will use data from _Sent, _Job, and _Subscriber view s.TriggererSendDefinitionObjectID – object … Read more

Continue reading
SFMC tips and tricks
Marketing Automation, Salesforce Marketing Cloud, SFMC Tips & Tricks

SFMC TIP | Open a case

less than a minute read

As the title says open a case every time you experience issue or some feature you used on another instance and now is gone. Why open a case? For example when you automation fails with detailed error “Error has occurred”. Simple solution is to “open a case”. Support will tell you exactly what happened. You … Read more

Continue reading
Adobe Campaign Classic tips
ACC Tips & Tricks, Adobe Campaign, Marketing Automation

ACC TIPS | How to aggregate data in workflow

1 minute read

Every now and then, you may receive a request to aggregate data within an Adobe Campaign Classic workflow. However, if you group by something other than the targeting dimension, you may encounter an error such as “‘w0.iid’ must appear in the GROUP BY clause or be used as an aggregate function. The reason behind Adobe … Read more

Continue reading
Adobe Campaign post
Adobe Campaign, Marketing Automation

ACC | Complete guide to schemas

4 minutes read

I want to gather as much information I have and have it at one place for my future reference and for others to learn what can be possible with the custom schemas in the Adobe Campaign Classic – ACC If you work with adobe campaign for some time you might figured out that almost any … Read more

Continue reading