Skip to Content

Proxy ==> PI ==> SOAP: Password in Body. Best practices

Hi all,

I'm on PI 7.4 AEX and have the following scenario: ERP (Proxy) --> PI --> CRM (SOAP).

Unfortunately our legacy CRM system needs to have username and password nodes within payload. Example request:

<?xml version="1.0" encoding="UTF-8"?>
<request user="JohnDoe" pwd="verySecret">
  <import extsystem="" catbynum="1">

The communication will be in-house and via HTTPS, so generally, should be ok, from a security perspective.

However, where would you store the user credentials and how to retrieve on PI. Following restrictions would need to be applied

  • Receiver interface cannot be changed, must use those user / pwd nodes in payload
  • Username and password should not be hardcoded like as a constant within mapping
  • Password need to be stored in a secure manner
  • Ideally existing user management (either on PI or on ERP) would be used, so that even some "PEBCAK admnisitrator" like myself can change the password easily (optional requirement, though)

Any inputs are really appreciated.

Many thanks and kind regards


Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Best Answer
    Nov 19, 2014 at 04:56 PM

    Hi Jens,

    First of all i would be careful about who can see the payload in PI, check Michal's blog for this purpose Michal's PI tips: Authorizations for viewing payload of messages on Java stack - implementation

    To store the passwords you could use a PI table or a file and 3DES or RSA algorithm to encrypt the password, for example.


    Add comment
    10|10000 characters needed characters exceeded

    • Thanks Iñaki for pointing out that payload may have to be secured. Great catch.

      Need to check on the 3 possibilities you mentioned tough as all 3 are not really that familiar to me until now 😉 Will come back later.

      Other inputs still welcome, of course 😊