Introduction to the Document Service

The Secure Document Service is a SOAP web service written in PHP (its source code is included with the plugin).

The ACF_Plugin provides built-in functions to seamlessly interact with this web service. These functions are categorized as follows:

• Web Service Authentication
• Document Sending and Retrieval
• Encryption and Decryption Functions
• PHP Encryption/Decryption Compatibility Features
• Configuration Object Features

Traditionally, implementing a Document Archive involves OS-level access to the filesystem of the Document Archive. Unless encryption is applied, documents are stored as-is. This traditional approach requires that the Archive path remains mounted continuously to access it from within the FileMaker solution.

To utilize the document service, you must install the Secure Document Service SOAP web service on the server used for the archive. Subsequently, you'll employ the HTTPS protocol for secure document exchange. Additionally, the plugin offers automatic encryption and decryption of documents, ensuring that all documents saved on the server are encrypted using the AES256 algorithm.

From the client-side perspective, the web service necessitates the URL and authentication parameters. To create a tamper-resistant configuration object, you can store these details within an encrypted configuration object, directly facilitating authentication services. This approach conceals the server's location, username, and password from client-configurable settings. Moreover, you can include the document encryption key within this object, keeping it confidential.

In your service application, creating the configuration object can be achieved with code similar to this:

Set Variable [ $config ; Value: 
"ENDPOINT-URL:" & Clients::Publishing_wsURL & "¶" & 
"USER:" & Clients::Publishing_wsUser & "¶" & 
"PASSWORD:" & Clients::Publishing_wsPassword & "¶" & 
"DOCENCRYPTION-KEY:" & 
    dsPD_GetPHPSampleEncryptDecryptCode( Clients::DocumentEncryptionKey; "HEX" ) ] 

Set Field [ Clients::DocServConfig ; dsPD_EncryptParBlock2Base64( $Config ; Clients::ConfigEncryptionKey ;"Clients " & Clients::Name & " configuration Object") ]

This configuration object can then be integrated into the application preferences.

Using this object, you can authenticate the service as shown below:

Set Variable [ $res ; Value:
dsPD_AuthBase64Encrypted( Configuration::Publishing_Config;
     "hardCodedEncryptionKey" )]
If [ GetValue ( $res ; 1 ) ≠ "OK" ] 
    Show custom dialog....
End If

Subsequently, documents can be sent to the service:

Set Variable [ $res ; Value: dsPD_SaveDocument( $LocalFile ; "MyServerDocs/" ; 
        "UPDATE"; "myFile.docx"  ) ] 
    If [ GetValue ( $res ; 1 ) ≠ "OK" ] 
        Show Custom Dialog [ "Upload document" ; $res ] 
    Else
        Show Custom Dialog [ "Upload document" ; "Success" & ¶ & $res ] 
    End If

And retrieved from the service as follows:

Set Variable [ $res ; Value: dsPD_GetDocument( "myFile.docx" ; "MyServerDocs/" ; "[TEMP]" ) ] 
If [ GetValue ( $res ; 1 ) = "OK" ] 
        // GetValue ( $res; 3 ) provides the local path for the unencrypted 
        // document in the temporary folder
End If

While documents on the server are stored in an encrypted format using the AES256 algorithm, as depicted below:

This approach ensures that unauthorized access to the documents will not reveal their content.