Welcome to Kofax RPA > Management Console > Management Console Configuration and User Interface > Admin > Projects > Rest and SOAP Services

Rest and SOAP Services

Robots can be exposed as Rest or SOAP services. If you open the Services tab of the "Edit project" dialog box under Admin > Projects, you can configure the runtime for these services.

Service Cluster is a cluster used to run REST services in the current project. REST services always use the selected service cluster. If you select Use only Service Cluster in project, Management Console hides all other clusters and use the service cluster for all schedules, when generating code, and when running robots from the robot menu. Note that when you select Use only Service Cluster in project, you must select a Service Cluster.

By default, Rest/SOAP services are protected by basic authentication. When invoking the services directly from a browser (using XMLHttpRequest), you have to disable the authentication, as you would otherwise be exposing login credentials in the JavaScript source files. When calling Rest/SOAP services from a programming language like Java, Ruby, C#, etc, it is a good idea to have the services protected by authentication (assuming that you can keep the credentials stored in a secure manner).

There are certain restrictions when calling a Rest/SOAP service from a browser, unless the service is located on the same web server as the web page from which it is invoked. When calling a Rest/SOAP service from another domain (referred to as CORS Cross-Origin Resource Sharing), you have to include certain headers for the client to be allowed to process a resource from another domain. The Access-Control-Allow Origin is one such header. If you call a Rest/SOAP service in a cross-domain fashion, you must specify the domain, from which the page that generated the request was loaded. If a page on http://example.com contains a page with JavaScript that generates a request to a service located on http://kofax.com, then the service response from http://kofax.com must contain the header Access-Control-Allow-Origin: http://example.com or built-in security mechanisms in the browser will prevent it from processing the cross-origin response. You may use * as a wildcard, which means that any domain can invoke your Rest/SOAP service in a cross-domain fashion.