function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Can a trigger determine whether it's invoked from API or browser?

I'm working with a standard object that's used by a managed package. The managed package includes some software that runs on the package author's own server and that calls into Salesforce using the web services API, to create records for that standard object. Other Salesforce apps also create records for that standard object. I need to write a trigger that can detect if a record is being added by the managed package's code (i.e., as a result of an API call) or by some other means.


I have no control over the way the external server calls into Salesforce to create records for this object. I can't modify that software.


I have no control over the UI. Because it's a standard object, many apps can create records for it. I can't change all of those apps to make them set some kind of flag that says "I'm not creating this record through the API."


Given those limitations, is there any way a trigger can determine whether it's being called as a result of an API call?


I've tried various UserInfo methods, without much luck. I thought if I called UserInfo.getUiThemeDisplayed() from a trigger invoked as a result of an API call, it might tell me that there's no UI Theme being displayed, but it doesn't.  

UserInfo.getUserId() doesn't help me because the external server logs into Salesforce using the same login credentials that a browser user would.


Is there anything in UserInfo.getSessionId() that might be useful? 


Thanks for your help!




   There is no way to determine whether the records are getting created through the API or from the UI, but as a workaround you could create a field on the object (Not to expose the field on the layout) and populate the value whenever record is getting created through API, this way u can identify the records created through API


Thank you for your reply!


As I mentioned in my earlier post, I have no control over the software that calls the API. It resides on someone else's server, and I can't change that code.


Is there anything encoded into the Session ID that might help me?


Hi, I got the same issue.


In 2013, Is there any solution to this requirement?





CXDev EnvironmentCXDev Environment
Hi , I would like know if you have found any solution for this issue, regards, Hari
Never found a solution.
Nader Hadji GhanbariNader Hadji Ghanbari
This would be extremely useful, we desperately need this for our integration with Salesforce. Almost all descent cloud systems with webhooks/triggers have a way of figuring out who is behind the creation/update/deletion (given that it's 2016 now).
Santosh Sriram 2310Santosh Sriram 2310
Hi everyone. 

When an API call is made, the difference is in the URL and not on values.
See if we can use the currentRequestURL to determine if its API call or not. In most cases, we will have services in URL with respect to API calls

Hope this helps.
If it does, kindly mark as this as the solution.

Santosh Kumar Sriram
Santosh, your solution works well for me.Thanks.
System.URL.getCurrentRequestUrl().getPath()  retuns somethin like '/services/data/v....' when the trigger is invoked from the REST api; I can filter for that.