S3. Security Context Identification
The Invoking Application may pass a Security Context (XSC parameter) in order to identity and authenticate the calling application / customer. The Security Context is paired with the Security Token (XST parameter) to validate the request. The value of the Security Context is configurable in XDOC at a Project Level, and must be kept in sync with the value sent by the Invoking Application.
Note: The use of a Security Token is optional for Service invocations originating from other back-end server applications (non-end-user clients) that reside on the same network when security can be controlled by Firewall restrictions and Certificates. The Security Token is required however if your XDOC server is available over the internet, or the invoking application is not on the same network.