Using tyk to invoke SOAP based web service

We are doing our PoC on using tyk as our api gateway. However, as one of our customer is still using SOAP based web service, is there any way that we can invoke their SOAP based web service through tyk? So far, I only get information from transform request body on how to transform an xml into json. However, in order to invoke their SOAP based web service, we need to do the reverse (i.e. from JSON to XML). Any idea how can we do this? Of course, if tyk can import their WSDL to create that template should be an additional good news to us.


Hi Raymond,

You can make a body transform on both the request and response, and in both cases you can transform either XML or JSON data.

We have documentation for both XML and JSON data transforms:

For response body transformation, it is the same approach but the configuration is stored in a different part of the API definition. In the Dashboard UI, you can switch between the two by selecting either Request or Response when configuring the Body Transform plugin in the Endpoint Designer.


Thank Dave,
will try it

Hi Dave,

One more question about this, as we need to use wsse to access to the SOAP based web service, can we store / access to username/password in tyk and put this information into the output through the template?


If you add the data you want to retrieve as meta data on the API key you can then reference it in the transformation template.

Meta data section of API key:

Then reference the meta data as explained in the documentation.

e.g. if you add a meta data item with key hello and value world then you would reference it as {{._tyk_meta.hello}} in the transformation template.

1 Like

Hi @David,

Thanks for sharing, and i too shared the same requirement as raymond.

I have two quick questions.

For Soap WSS security using BinarySecurity Token, are we able to stored private key / public key as metadata? If yes , is it encrypted?

For the use case above, i will assume that Tyk only handle the transformation , and the upstream server should do the SOAP authentication based on the defined WSS) standard?

Hi Robin,

You could store the keys as metadata, but they won’t be encrypted in the token’s session object. For reference, see the meta_data section here

For the authentication part, Tyk would be authenticating using the token provided in the request, as per standard auth token authentication, but it would not be using the metadata. It is feasible for the upstream server to authenticate the transformed request.


1 Like