Required Usage Of Web Services and Launch URLs

The OLSA Web services are only for server-to-server communication. Customers should not implement browser based user interfaces that allow direct access to the OLSA Web service. Instead the user interface should always send requests back to the customer application, and the customer application should issue the actual OLSA Web service call.

Some OLSA Web service calls return a launch URL. Launch URLs can be for accessing training content or for accessing the OLSA environment. In either case, launch URLs may be embedded in user interfaces but not the OLSA Web service call that returns them. A launch URL is secured with an OLSA session ID that is time limited, usually several hours, and user specific. A launch URL should not be persisted for long-term storage but should be used as soon as it is received by the customer application. A launch URL should be treated as an opaque value, its format and contents are subject to change from one release of OLSA to another.

Note: All documented URLs use the .com domain as an example only. If your data center is located outside the United States, replace this with the correct domain for your locale. For instance, European data centers use the .eu domain. China data centers use the .cn domain.

The following example illustrates how to access and process a launch URL:

1. An end user logs into the customer application through a Web browser client.
2. The customer application presents its user interface in the Web browser client.
3. The user interface displays a link to access some feature in the OLSA environment.
4. The end user clicks on the feature link.
5. The link calls a Javascript openWindow to create a new browser window on the client that contains the request result. This first client request is sent to the customer application.
6. The customer application receives the first request from the client, and makes the appropriate server-to-server OLSA Web service call. The call returns a launch URL that has an associated session ID which is time-limited and specific to the end-user.
7. The customer application returns as a response to the first client request a Javascript sequence that does a redirect to the launch URL.
8. The new window processes the response, for example, the redirect Javascript. The redirect Javascript is executed on the client that processes launch URL. The launch URL sends a second client request , which is sent to OLSA. OLSA returns the appropriate response, HTML in this case, and this response is now rendered in the new window.