SOAP API uses WSDL to inform the external system about how it can connect to it and perform operations.
WSDL is often used in combination with SOAP and an XML Schema to provide Web services over the Internet. A client program connecting to a Web service can read the WSDL file to determine what operations are available on the server. Any special datatypes used are embedded in the WSDL file in the form of XML Schema. The client can then use SOAP to actually call one of the operations listed in the WSDL file using for example XML over HTTP.
Since WSDL files are an XML-based specification for describing a web service, WSDL files are susceptible to attack. To mitigate vulnerability of these files, limiting access to generated WSDL files, setting proper access restrictions on WSDL definitions, and avoiding unnecessary definitions in web services is encouraged.