Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A SOAP client and server for node.js.
Branch: master
Pull request Compare This branch is 5 commits ahead, 357 commits behind vpulim:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.

This module lets you connect to web services using SOAP. It also provides a server that allows you to run your own SOAP services.


  • Very simple API
  • Handles both RPC and Document schema types
  • Supports multiRef SOAP messages (thanks to @kaven276)
  • Support for both synchronous and asynchronous method handlers
  • WS-Security (currently only UsernameToken and PasswordText encoding is supported)


Install with npm:

  npm install soap


soap.createClient(url, callback) - create a new SOAP client from a WSDL url. Also supports a local filesystem path.

  var soap = require('soap');
  var url = '';
  var args = {name: 'value'};
  soap.createClient(url, function(err, client) {
      client.MyFunction(args, function(err, result) {

soap.listen(server, path, services, wsdl) - create a new SOAP server that listens on path and provides services.

wsdl is an xml string that defines the service.

  var myService = {
      MyService: {
          MyPort: {
              MyFunction: function(args) {
                  return {

              // This is how to define an asynchronous function.  
              MyAsyncFunction: function(args, callback) {
                  // do some work

  var xml = require('fs').readFileSync('myservice.wsdl', 'utf8'),
      server = http.createServer(function(request,response) {
          response.end("404: Not Found: "+request.url)

  soap.listen(server, '/wsdl', myService, xml);

server logging

If the log method is defined it will be called with 'received' and 'replied' along with data.

  server = soap.listen(...)
  server.log = function(type, data) {
    // type is 'received' or 'replied'

server security example using PasswordDigest

If server.authenticate is not defined no authentation will take place.

  server = soap.listen(...)
  server.authenticate = function(security) {
    var created, nonce, password, user, token;
    token = security.UsernameToken, user = token.Username,
            password = token.Password, nonce = token.Nonce, created = token.Created;
    return user === 'user' && password === soap.passwordDigest(nonce, created, 'password');

server connection authorization

This is called prior to soap service method If the method is defined and returns false the incoming connection is terminated.

  server = soap.listen(...)
  server.authorizeConnection = function(req) {
    return true; // or false


An instance of Client is passed to the soap.createClient callback. It is used to execute methods on the soap service.

Client.describe() - description of services, ports and methods as a JavaScript object

  client.describe() // returns
      MyService: {
        MyPort: {
          MyFunction: {
            input: {
              name: 'string'

Client.setSecurity(security) - use the specified security protocol (see WSSecurity below)

  client.setSecurity(new WSSecurity('username', 'password'))

Client.method(args, callback) - call method on the SOAP service.

  client.MyFunction({name: 'value'}, function(err, result) {
      // result is a javascript object

Client.service.port.method(args, callback) - call a method using a specific service and port

  client.MyService.MyPort.MyFunction({name: 'value'}, function(err, result) {
      // result is a javascript object

Client.addSoapHeader(soapHeader[, name, namespace, xmlns]) - add soapHeader to soap:Header node


  • soapHeader Object({rootName: {name: "value"}}) or strict xml-string
Optional parameters when first arg is object :
  • name Unknown parameter (it could just a empty string)
  • namespace prefix of xml namespace
  • xmlns URI

Client.lastRequest - the property that contains last full soap request for client logging


WSSecurity implements WS-Security. UsernameToken and PasswordText/PasswordDigest is supported. An instance of WSSecurity is passed to Client.setSecurity.

  new WSSecurity(username, password, passwordType)
    //'PasswordDigest' or 'PasswordText' default is PasswordText
Something went wrong with that request. Please try again.