GetRetentionSourceAuthorities API

Returns a list of all retention source authorities defined in the system. Retention source authorities are used to specify the governing body or regulation that mandates retention requirements for records and documents.

Endpoint

/srv.asmx/GetRetentionSourceAuthorities

Methods

GET /srv.asmx/GetRetentionSourceAuthorities?authenticationTicket=...
POST /srv.asmx/GetRetentionSourceAuthorities (form data)
SOAP Action: http://tempuri.org/GetRetentionSourceAuthorities

Parameters

Parameter	Type	Required	Description
`authenticationTicket`	string	Yes	Authentication ticket obtained from `AuthenticateUser`

Response

Success Response

<root success="true">
  <RetentionSourceAuthorities>
    <Authority Name="SEC - Securities and Exchange Commission" />
    <Authority Name="HIPAA - Health Insurance Portability and Accountability Act" />
    <Authority Name="SOX - Sarbanes-Oxley Act" />
    <Authority Name="GDPR - General Data Protection Regulation" />
  </RetentionSourceAuthorities>
</root>

Response Structure

Element	Description
`RetentionSourceAuthorities`	Container element for all authorities
`Authority`	Individual authority entry with Name attribute

Error Response

<root success="false" error="[ErrorCode] Error message" />

Required Permissions

User must be authenticated (anonymous users cannot access this API)
No specific administrative permissions required - all authenticated users can view retention source authorities

Use Cases

R&D Schedule Configuration
- When creating or editing retention and disposition schedules
- Select appropriate source authority that mandates the retention requirements
Compliance Documentation
- Document which regulations govern record retention
- Maintain audit trail of compliance requirements
Dropdown Population
- Populate UI dropdowns for source authority selection
- Standardize authority references across the system
Reporting and Analytics
- Generate compliance reports showing retention requirements by authority
- Analyze retention policies grouped by governing regulation

Example

Request (GET)

GET /srv.asmx/GetRetentionSourceAuthorities?authenticationTicket=abc123-def456 HTTP/1.1
Host: server.example.com

Request (POST)

POST /srv.asmx/GetRetentionSourceAuthorities HTTP/1.1
Content-Type: application/x-www-form-urlencoded

authenticationTicket=abc123-def456

Request (SOAP 1.1)

POST /srv.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/GetRetentionSourceAuthorities"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <GetRetentionSourceAuthorities xmlns="http://tempuri.org/">
      <authenticationTicket>abc123-def456</authenticationTicket>
    </GetRetentionSourceAuthorities>
  </soap:Body>
</soap:Envelope>

Success Response Example

<?xml version="1.0" encoding="utf-8"?>
<root success="true">
  <RetentionSourceAuthorities>
    <Authority Name="FDA - Food and Drug Administration" />
    <Authority Name="IRS - Internal Revenue Service" />
    <Authority Name="OSHA - Occupational Safety and Health Administration" />
    <Authority Name="ISO 15489 - Records Management Standard" />
    <Authority Name="DoD 5015.2 - Department of Defense Records Management" />
  </RetentionSourceAuthorities>
</root>

Empty List Response

If no retention source authorities are defined:

<?xml version="1.0" encoding="utf-8"?>
<root success="true">
  <RetentionSourceAuthorities />
</root>

Retention & Disposition Schedule Management

GetRandDSchedules - Get all R&D schedules
GetRandDScheduleInfo - Get detailed info for a specific schedule
CreateRandDSchedule - Create a new R&D schedule
UpdateRandDSchedule - Update an existing R&D schedule
DeleteRandDSchedule - Delete an R&D schedule

Document Retention

GetDocumentRandDSchedule - Get R&D schedule applied to a document
SetDocumentRandDSchedule - Apply R&D schedule to a document
RemoveDocumentRandDSchedule - Remove R&D schedule from document

Folder Retention

GetFolderRandDSchedule - Get R&D schedule applied to a folder
SetFolderRandDSchedule - Apply R&D schedule to a folder
RemoveFolderRandDSchedule - Remove R&D schedule from folder

Notes

Source authorities are system-wide settings managed by administrators
Authority names are free-form text and can be customized per organization
The list is typically small (5-20 entries) representing key regulations
Source authorities are referenced when creating R&D schedules
This API is read-only - authorities are managed through the Control Panel UI or separate administrative APIs
Authority names should follow a consistent naming convention (e.g., "Acronym - Full Name")
Common authorities include: SEC, HIPAA, SOX, GDPR, FDA, IRS, OSHA, ISO standards, DoD regulations

Common Source Authorities

Organizations typically define authorities based on their industry and jurisdiction:

Financial Services:

SEC (Securities and Exchange Commission)
SOX (Sarbanes-Oxley Act)
FINRA (Financial Industry Regulatory Authority)
GLBA (Gramm-Leach-Bliley Act)

Healthcare:

HIPAA (Health Insurance Portability and Accountability Act)
FDA (Food and Drug Administration)
HITECH (Health Information Technology for Economic and Clinical Health Act)

Government:

FOIA (Freedom of Information Act)
NARA (National Archives and Records Administration)
DoD 5015.2 (Department of Defense Records Management)

International:

GDPR (General Data Protection Regulation - EU)
ISO 15489 (International Records Management Standard)

General Business:

IRS (Internal Revenue Service)
OSHA (Occupational Safety and Health Administration)
State-specific regulations

Error Codes

Common error responses:

Error	Description
`[901]Session expired or Invalid ticket`	Invalid authentication ticket
`[2730]Insufficient rights. Anonymous users cannot perform this action`	User is not authenticated
`System error accessing retention settings`	Database or configuration access error

Integration Example

JavaScript/Client-Side Usage

async function loadRetentionAuthorities() {
    const ticket = getUserAuthTicket();
    const response = await fetch(
        `/srv.asmx/GetRetentionSourceAuthorities?authenticationTicket=${ticket}`
    );
    
    const xmlText = await response.text();
    const parser = new DOMParser();
    const xmlDoc = parser.parseFromString(xmlText, "text/xml");
    
    const authorities = xmlDoc.querySelectorAll("Authority");
    const dropdown = document.getElementById("authoritySelect");
    
    authorities.forEach(auth => {
        const option = document.createElement("option");
        option.value = auth.getAttribute("Name");
        option.text = auth.getAttribute("Name");
        dropdown.appendChild(option);
    });
}

C# Client Usage

using (var client = new SrvSoapClient())
{
    var response = await client.GetRetentionSourceAuthoritiesAsync(authTicket);
    var authorities = response.Descendants("Authority")
        .Select(a => a.Attribute("Name")?.Value)
        .Where(n => n != null)
        .ToList();
    
    // Populate dropdown or process authorities
    authorityDropDown.DataSource = authorities;
}

Best Practices

Cache Results: Authority lists change infrequently - cache for improved performance
Display Format: Present full authority names in UI for clarity
Validation: Validate selected authority against current list before saving
Documentation: Maintain documentation of what each authority represents
Naming Convention: Use consistent format (e.g., "CODE - Full Name")
Regular Review: Periodically review and update authority list as regulations change

Version History

Compatible with infoRouter 8.7 and later
Supports both synchronous SOAP and REST access patterns
Authority management features may require Records Management license