There are 2 levels of security as it applies to securing web services with the document management software API.
Level 1 Web Service Security Token for Authentication - Security tokens are used by all publicly available web services to provide for secure authentication to all web methods it contains. A unique security token is provided to the client for each web service it requires to access. The token is provided to the user only on successful authentication to the document management server.
Level 2 Web Method Authorization - All web methods are also subject to user role based security. A user's credentials must be authorized against the FileHold server before the operation can be completed. This provides security in the case where a user that does have access to a valid system user account and, therefore, security token is restricted to only impacting documents they are authorized to access in the library.