Error 400 while accessing authentication VIP Service WSDL for third party application integration
search cancel

Error 400 while accessing authentication VIP Service WSDL for third party application integration


Article ID: 273769


Updated On:


VIP Service


The necessary WSDL files for authentication are available from VIP Manager. Code sample: 

await using var client = new AuthenticationServicePortClient();

             using var cert = new X509Certificate2("vip_cert.p12", "**Password**");

            client.ClientCredentials.ClientCertificate.Certificate = cert;

             await client.OpenAsync();



                var response = await client.authenticateUserWithPushAsync(new AuthenticateUserWithPushRequestType


                    userId = "********",

                    requestId = Guid.NewGuid().ToString()



            catch (Exception e)





Error 400 typically indicates a bad request. By systematically checking below points, your partner should be able to narrow down the cause of the 400 error and take appropriate action to resolve it:

  • Check the absolute\relative certificate path.
  • The VIP certificate is valid (not expired)
  • The VIP certificate isn't cached. 
  • Ensure that the SOAP request being sent to Symantec VIP follows the correct format as defined in the WSDL file.
  • Verify that the authentication credentials (username, password, API keys, tokens, etc.) are correctly configured and provided in the request. 
  • Ensure that the partner's system is configured to trust Symantec VIP's SSL/TLS certificates.
  • Check if there are any proxy servers or firewalls between the partner's system and Symantec VIP that might be blocking or altering the requests.
  • Encourage your partner to enable detailed error logging on their end. This can help capture additional information about the 400 error, such as response messages from Symantec VIP, which may provide more context.
  • Utilize SOAP testing tools or libraries that allow for testing SOAP requests and responses.
  • Ensure that the data being sent in the request, such as user credentials or authentication tokens, are accurate and valid.