Our supplier synchronization through Integration Hub is returning 400 Bad Request errors when attempting to sync supplier data via SOAP API. The external supplier management system requires custom authentication headers that don’t seem to be getting passed through correctly.
Error response:
<soap:Fault>
<faultcode>Client</faultcode>
<faultstring>Missing required header: X-Supplier-Auth-Key</faultstring>
</soap:Fault>
We’ve configured the SOAP consume in Integration Hub with basic authentication, but the supplier API documentation mentions additional custom headers for their authentication scheme. The OnBeforeRequest event seems like the right place to inject these headers, but we’re not sure how to properly access and modify the SOAP envelope before transmission. This sync failure is blocking our automated procurement workflows.
You’re correct that OnBeforeRequest is where you need to inject custom SOAP headers. However, you can’t just add them as HTTP headers - they need to be properly formatted within the SOAP envelope itself. Are you trying to add them to the SOAP header section or as HTTP transport headers? The X-Supplier-Auth-Key sounds like it might need to go in the SOAP Security header rather than HTTP headers.
For SOAP web services in OutSystems, HTTP headers need to be added programmatically in the OnBeforeRequest callback. The Integration Hub connector should expose this event handler. You’ll need to use the SetRequestHeader action within that callback to add your custom authentication header. Make sure you’re also passing any additional context like supplier ID or tenant information that the API might need for validation.
The supplier API documentation shows it as an HTTP header, not within the SOAP envelope. But when I try to add it in the Integration Hub REST-style headers section, it doesn’t seem to apply to SOAP requests. Is there a different approach for adding HTTP headers to SOAP calls in OutSystems?
Another consideration - does the supplier API require the custom header on every request or just during the initial authentication handshake? Some SOAP services use a session-based approach where you authenticate once with the custom header, receive a session token, and then use that token for subsequent calls. This would require different handling in your Integration Hub configuration.
Here’s the complete solution for injecting custom SOAP headers through Integration Hub’s OnBeforeRequest event:
First, ensure your Integration Hub SOAP connector has the OnBeforeRequest callback properly configured. In the connector’s advanced settings, enable ‘Custom Request Processing’ which exposes the OnBeforeRequest event handler.
In your OnBeforeRequest logic, add the custom header:
SetRequestHeader(
HeaderName: "X-Supplier-Auth-Key",
HeaderValue: Site.Properties.SupplierAuthKey
)
For SOAP-specific requirements, you need to verify that the supplier API actually expects this as an HTTP transport header versus a SOAP Security header. Based on your error message, it appears to be an HTTP header requirement. However, also check if they require WS-Security headers by examining their WSDL. If they do, you’ll need to modify the SOAP envelope itself.
The key issue with Integration Hub and SOAP is that it abstracts away much of the low-level SOAP handling. For complex authentication schemes, you may need to:
- Use the OnBeforeRequest event to inject HTTP transport headers (as shown above)
- If supplier API requirements include SOAP envelope modifications, consider using a REST-based approach to manually construct and send the SOAP XML
- Ensure your authentication credentials are properly formatted - many supplier APIs expect compound auth headers like “API-Key: {key}|{timestamp}|{signature}”
For the specific 400 Bad Request error, verify these supplier API requirements:
- Header name case sensitivity (X-Supplier-Auth-Key vs x-supplier-auth-key)
- Required header value format (plain text, base64, JWT, etc.)
- Any additional required headers like X-Supplier-ID or X-Request-Timestamp
- Whether the API expects the header on the initial WSDL request or only on operation calls
Implement proper error logging in your OnBeforeRequest handler to capture the actual headers being sent. This helps debug whether headers are being properly injected before the SOAP call leaves OutSystems. Most importantly, test with the supplier’s API documentation examples to ensure your header format matches their exact specification.