FAQ

Operator-oriented answers to the questions that come up most. For buyer-facing questions, see docs/marketing/faq.md.

Operator-oriented answers to the questions that come up most. For buyer-facing questions, see docs/marketing/faq.md. For per-area depth, follow the links inline.

Since v1.0 these answers describe the General Availability product.

Product model

Does it replace my API gateway? No. SOAP-2-REST complements your existing gateway. Your gateway keeps doing authentication, rate-limiting, traffic management, and WAF; SOAP-2-REST sits alongside it, purpose-built to convert between SOAP and REST. It runs in your VPC and has no public endpoint.

What's the difference between Publish and Consume? They are the two directions of the SOAP↔REST boundary, both on the same runtime:

PUBLISH — REST in → SOAP out. Consumers call a generated REST API; the runtime converts to SOAP and calls your SOAP backend. Published contract: OpenAPI v3.
CONSUME — SOAP in → REST out. Legacy SOAP clients call a SOAP endpoint; the runtime converts to REST and calls a migrated REST backend, then wraps the response back into SOAP. Published contract: WSDL (served back at the consume endpoint).

A service runs in exactly one direction. See Core concepts → Publish vs Consume.

Do I have to write transformations or mappings? No. The platform generates a deterministic, full-field mapping from each contract automatically — every element, attribute, and optional field, not just the happy path. There is no proprietary transformation language and no per-service scripting. When a business rule requires it, you override field-by-field in the UI. See Conversion → Field-level overrides.

SOAP & conversion

Which SOAP versions are supported? SOAP 1.1 and SOAP 1.2. The runtime detects the version from the message body and content type (including SOAP 1.2's application/soap+xml and two-level fault model). Document/literal (wrapped and bare) and rpc/literal message styles are supported, with full XSD type coverage.

What XSD features are covered? Scalars and complex types; sequence / choice / all; groups and attribute groups; import / include / redefine (cycle-protected); nillable and optional fields; attributes and mixed content; substitution groups; xsi:type polymorphism; enumerations; regex patterns; numeric bounds and length facets; list / union; and any / anyType wildcards. See Conversion → SOAP & XSD support.

What about RPC/encoded SOAP? Document/literal and rpc/literal are supported; RPC/encoded (SOAP section-5) is intentionally out of v1.0 scope (it is a retired format deprecated by WS-I Basic Profile 1.0). Import surfaces a structured warning (S2R-ADM-0424) listing affected operations, and the runtime returns a clear coded error (S2R-RUN-0415) rather than mis-decoding such a response.

How are SOAP faults handled? Faults are normalized into a deterministic REST error shape, and WSDL-declared fault detail contracts are reflected in the generated OpenAPI. You can opt into RFC 7807 Problem Details as the error shape via a conversion option.

Can I change how a field converts? Yes — via conversion options, each settable platform-wide and overridable per service / operation / (for most) per field: date/time formatting, numeric and boolean handling, null handling, array collapsing, whitespace, binary encoding, duration, field-name casing, SOAP header propagation, response envelope shape, JSON field ordering, error/fault shape, xsi:type discriminator handling, and validation modes. Your choices are reflected in the generated OpenAPI v3.

Is the generated OpenAPI v3 standards-compliant? Yes. It validates against the OpenAPI v3 specification and imports cleanly into mainstream developer-portal tools, SDK generators, and AI-agent toolchains. The emitted schema reflects your conversion and validation settings.

Discovery & onboarding

Do I have to upload every WSDL by hand? No. Traffic-driven discovery learns your service inventory from live gateway-edge traffic via a connector (or the generic-HTTP receiver). The master discovery view shows per-service 24-hour / 7-day / 1-month request counts, loaded from pre-computed aggregation tables for sub-second performance. You can still import a WSDL directly in the onboarding wizard. See Discovery.

What gateways and load balancers are supported? Since v1.0 the shipped connectors cover load balancers (F5 BIG-IP, Citrix NetScaler/ADC, HAProxy, nginx, Kemp LoadMaster, A10 Thunder ADC, Radware Alteon) and API gateways (IBM DataPower, Layer7, webMethods, Akana, TIBCO Mashery, Oracle API Gateway). A generic-HTTP receiver works with any edge that can emit accessible HTTP traffic logs, so you're not blocked if your gateway isn't on the list. See Connectors.

What is a learned example? A real request/response payload (and its headers) captured from production traffic and curated against a service/operation, so consumers see what actually flows rather than synthetic placeholders. See Discovery → Learned examples.

Can I onboard a large WSDL quickly? Yes — zero-touch autopilot generates a draft service, its operations, and mappings in one step, with a per-operation readiness score. See Onboarding → Zero-touch autopilot.

Deployment & operations

How is it deployed? Since v1.0: GCP-native (Cloud Run + Cloud SQL + Cloud Storage + IAP), a Kubernetes / OpenShift Helm chart, a GCP Marketplace listing, or a standalone Docker Compose stack — all running in your VPC. VM appliance images and native AWS / Azure / Oracle ports are on the v1.1 roadmap. See Installation and System requirements.

What database does it need? PostgreSQL (validated against 16), with Flyway-managed migrations that run automatically. UTF-8 encoding is required, and the pgcrypto extension is required for credential encryption. Tables are prefixed s2r_. See System requirements → Database.

Do I need to install Java on the host? No. The JVM (Java 25) is bundled inside the container images. A host JDK is only needed if you build the images yourself.

How much traffic can it handle? It's engineered and load-tested for a ~1M-calls/day baseline (~12 rps sustained, ~100 rps burst), with configurable timeouts and retries. Dashboards stay sub-second across large estates because they read pre-computed aggregation tables. See System requirements → Capacity baseline.

Is there a payload size limit? Yes — 30 MB for synchronous payloads. Larger requests are rejected with S2R-RUN-0413 (HTTP 413). See Error codes.

What are the default timeouts and retries? 100 ms per-operation timeout and 2 retries by default; both are configurable.

Security, data & licensing

Where does my data live? In your VPC. SOAP traffic, request/response payloads, archives, learned examples, and the metadata database all stay in your infrastructure. The product has no public endpoint. See Security → Network & data residency.

How is access controlled? Role-based access control with three roles — admin / operator / reader — resolved from your identity provider's groups, direct in-app principal bindings, or an emergency bootstrap list. Identity is via Google IAP, Azure AD, or standard SAML / OIDC. Every change is captured in the audit trail. See Security → RBAC & roles.

How are backend credentials protected? They are encrypted at rest (pgcrypto) and are never logged or returned in plaintext. The encryption key (S2R_CREDENTIAL_KEY) must stay stable — regenerating it invalidates every existing encrypted credential. See Security → Backend credential encryption.

How long is data retained? 60 days by default, configurable. See Security → Data retention.

Can I run it air-gapped? Not at v1.0. The product requires outbound HTTPS to the Specaria platform for license verification and update notification. A 14-day offline grace period covers transient connectivity loss, after which the product enters degraded (read-only) mode until it can re-verify. Fully air-gapped operation is a post-GA bespoke engagement. See Licensing → Offline grace & degraded mode.

What does the product send to Specaria? Only licensing/heartbeat signals: numeric counts, versions, a hashed host fingerprint, an installation ID, a customer label, and a contact email — never payloads, hostnames, or PII. Telemetry fails open (an outage never disrupts traffic); entitlement fails closed (an invalid/expired license disables licensed writes only after the grace period). See Licensing and Licensing → Egress allow-list.

Troubleshooting

A call failed — where do I start?

Read the error code in the error-codes reference.
Find the call by correlation ID in Observability → Logs & tracing.
Inspect the request/response in the live traffic log.

My request returns S2R-RUN-0405. The direction segment is missing from the path. Runtime paths are /<direction>/<env>/<serviceKey>/... where direction is publish or consume. A path that omits it returns this code (HTTP 400). See Error codes.

The converted output looks wrong but the call succeeded. The backend response may have changed shape — check contract drift. Response-side validation can run in off / monitor / enforce; in enforce mode a violating backend response is rejected as S2R-VAL-0430 (HTTP 502, an upstream problem, not a client error). See Conversion → Validation modes.

Services won't start with S2R-ADM-0419 / S2R-RUN-0419. S2R_CREDENTIAL_KEY is unset or blank. Set a valid 32-byte base64 key and redeploy. See System requirements and Security → Backend credential encryption.

Credential operations fail with S2R-ADM-0421. The pgcrypto extension is missing on the database. A privileged Postgres user must run CREATE EXTENSION pgcrypto; once on the target database.

Which version am I running? Each service records deploy provenance (commit, branch, timestamp, image tag) at startup and emits it in the boot logs — use that to confirm exactly which code is running before opening a ticket.

Still stuck?

See Getting support for how to reach support and what to include, and Support tiers for what your tier covers.

All Specaria SOAP to REST docs

Loading…