You need to sign in to do that
Don't have an account?
Frank van Meegen 13
Add and store tokens for REST Callouts
For callouts to an external app from Salesforce I need to add tokens to the REST endpoint url.
I was wondering what the best practice is to store these tokens in Salesforce. These tokens will be different for every salesforce instance that will use the code to callout to this external app. Also I am curious how I should change my code to retrieve the stored tokens.
request.setEndpoint('https://www.externalapp.com/?token=XXXXXXXX&software_token=YYYYYYYY');
I was wondering what the best practice is to store these tokens in Salesforce. These tokens will be different for every salesforce instance that will use the code to callout to this external app. Also I am curious how I should change my code to retrieve the stored tokens.
Store the base URL, token and software token in a Custom Setting
Create a list custom setting with 3 fields
1) Token 2) Software Token 3) Base URL
Create a record with name as 'dummy'
Sample code that you can use :
Map<String,Custom_Setting__c> objSetting = Custom_Setting__c.getAll();
String strToken = (String) objSetting.get('dummy').get('token__c');
String strSoftwareToken = (String) objSetting.get('dummy').get('software_token__c');
String strEndPointURL = (String) objSetting.get('dummy').get('end_point__c') + '?token='+ strToken + '&software_token=' +software_token;
All Answers
Hi Frank ,
Here are my suggestions.
Case 1: - Think Of OAuth.
If external System supports any OAuth or JWT use those options. because you no need to store any tokens
https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm
Case 2: - Store In Any Custome Object With Encrypted fields( I Still love this options if possible )
Case 3 : - Store In Custom Settings or CUstome Metadata types
If you think overall what every suite best you can pick.If you can share more details on your external systems I can help you with some more options.
Option 2 sounds very good. I can see this working in my situation. Could you share me some more details and probably also some example code for retrieving the tokens from the custom object and parse into the request endpoint?
From where the tokens are generated, is it static or dynamic?
If it is some sort of configuration than I believe the custom setting is the best bet.
Thanks
The tokens are static for each org and are generated by an external system. So using custom settings and enter the tokens once sounds like a good option. I assume I have to create a Custom Setting Hierarchy (externalapp) with 2 custom fields (Token & Software_Token). How would I change the endpoint code so it parses in the specific tokens from the custom setting?
Store the base URL, token and software token in a Custom Setting
Create a list custom setting with 3 fields
1) Token 2) Software Token 3) Base URL
Create a record with name as 'dummy'
Sample code that you can use :
Map<String,Custom_Setting__c> objSetting = Custom_Setting__c.getAll();
String strToken = (String) objSetting.get('dummy').get('token__c');
String strSoftwareToken = (String) objSetting.get('dummy').get('software_token__c');
String strEndPointURL = (String) objSetting.get('dummy').get('end_point__c') + '?token='+ strToken + '&software_token=' +software_token;
Great, thank you for the example! I have managed to use custom settings in the callout to retrieve tokens.
Regards,
Frank