SOAP message query

Hello,

We are exposing our web service to external systems. My network team is suggesting not to do this as the SOAP message consists of local host and credentials to login it is not good idea to expose to external parties.

For posting of the SOAP message from external parties do they need any vpn connection of our network or opening of ports from network or any network activity for the external party to send soap ?

To post the SOAP message to the PI host do they need to connect via vpn. How is it handled kindly suggest ?

Is there any concerns to the network team from external parties if we expose the weh service via soap.

Thanks.