Thanks for the input Rob. It is worse than I thought... Using trace(XML(evt.result).toXMLString()); as you suggested, I see I am not getting authorisation because the setRemoteCredentials function isn't being properly received... The xml returned is:
<BitShelterAPI version="1.1"> <identity> <company>PhotoShelter, Inc.</company> <application>PhotoShelter</application> <url>http://pa.photoshelter.com</url> </identity> <response> <error> <class>FieldRequiredErr</class> <message>You are missing the required field <b>Password</b>.</message> </error> <error> <class>FieldRequiredErr</class> <message>You are missing the required field <b>Email</b>.</message> </error> </response> <usage> <name>auth</name> <desc>The authentication module returns an HTTP cookie that is required by all the other modules. This cookie is of a proprietary format and should be sent as is. Modules will return an updated HTTP cookie so that accurate idle time can be tracked. Calls to the authentication module must be made via an HTTPS connection.</desc> <input> <U_EMAIL>email address</U_EMAIL> <U_PASSWORD>password</U_PASSWORD> </input> <output> <cookie>session cookie</cookie> <org>organization array</org> <O_ID>organization ID</O_ID> <O_NAME>organization name</O_NAME> <OU_F_MEM>organization user member flag</OU_F_MEM> </output> </usage> </BitShelterAPI> I am somewhat concerned that perhaps I am not connecting via a secure connection.( "Calls to the authentication module must be made via an HTTPS connection.") And wonder whether I need to write a services-config.xml file in order to establish https?