function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Max PowerMax Power 

Best practices for storing 3rd party credentials?

I'm attempting to write an application that will access a 3rd party service that requires a username and password (that is different than the Salesforce credentials).  Just to give a little background, this application is essentially an Apex web service that will invoke the appropriate methods to consume the 3rd party service, and update standard tables with the results it retrieves.  Seeing as how this is my first Salesforce application, I don't know what the best practices are for this type of an application.  For testing I've simply been using hard coded credentials in an Apex class, but this is not a viable solution once this application is made available on the AppExchange.
I would like to provide the user with some flexibility on how to do this, as they may have one username and password pair that are used by all members of that company, or want to use different credentials for all of their Salesforce users.
To me it seems I have the following options:
  1. I can extend the user table to add custom fields that store the new 3rd Party credentials.  I don't particularly care for this approach, as it doesn't seem like a good idea to extend such an essential, base table.
  2. I can provide a custom table that houses this information and associates it with a particular user.  This approach would require an administrator to set up all credentials as entries in the new table.
  3. I can simply allow the user to pass the credentials as arguments to the Apex web service.  This approach, although simplest from my perspective, requires the most work on the part of the administrator deploying the application, especially if they choose to use multiple different credentials.
Based on that, I believe that #2 is the best approach, but I wanted to get some opinions on this before I chose my implementation.  It is quite possible that I'm missing the best option.  Any help that can be offered would be greatly appreciated.
Thanks in advance.
i actually use #2 myself already with my implementation of the integration I did with's API.

I created a custom object, Global__c, and each row in that object is a 2 column row.  The first column is name, the second is value.  I then do an SOQL lookup based on the name to get the value, and the value is what I pass.

This works pretty well and I don't see any performance hits with it at all.  As long as you don't give the normal users the ability to see this tab, it's also fairly safe as well.  You have to give them security permissions on the object, but not on the tab, which works well for our environment.
Max PowerMax Power


Thanks for the reply.  I will look into implementing this type of a solution.