A client application can access the XIMSS interface via HTTP connections. A client application should start by sending an HTTP Login request to create a new XIMSS session.
When a XIMSS session is created, the client application can send XIMSS protocol requests to it and receive XIMSS protocol responses from the session using HTTP requests.
Client applications can use GET and POST HTTP requests. If a request contains a body, it is assumed to be an XML text, unrelated to the actual value of the Content-Type header field. The XML text must be a <XIMSS/> element. If a request produces a non-empty response body, the body is always an XML text containing one <XIMSS/> element, and the response Content-Type header field is text/xml.
Open the HTTP User Module settings, and find the Sub-Protocols panel:
The Access setting specifies who can create XIMSS sessions using HTTP Binding.