Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Web service authentification: Password in plain text

Hi there,

I would like to deploy a SAPUI5 application (job application form) to an Apache web server.

The application will be calling various web services in SAP backend system (get list of countries etc.).

I call those web services via AJAX:

//Create request

var soapRequest =

  '<soapenv:Envelope xmlns:soapenv="" ' +

  'xmlns:urn="urn:sap-com:document:sap:rfc:functions">' +

  '<soapenv:Header></soapenv:Header><soapenv:Body>' +



// Get service URL

var sServiceUrl =


// Send request

var xmlhttp = new XMLHttpRequest();

              'POST', sServiceUrl, false, 'myUser', 'myPassword');

                        xmlhttp.setRequestHeader('Content-Type', 'text/xml');

                        var result = xmlhttp.send(soapRequest);


The problem that I see is the fact that the password is stored in plain text in the JS source.

How can I avoid that??

What is the best practice regarding web service authentification.

Thanks in advance.

Best regards,


Former Member
Not what you were looking for? View more on this topic or Ask a question