+ Start a Discussion
Nithesh NNithesh N 

Connected App (vs) Remote Site (vs) Named Credential

Can anyone tell me the major difference between them and in what situations we use each of them?

NagendraNagendra (Salesforce Developers) 
Hi Nithesh,

Please find the explanation below which might help.

What is a Connected App: A "Connected App" is an application that can connect to salesforce.com over Identity and Data APIs. A connected app integrates an application with Salesforce using APIs. Connected apps use standard SAML and OAuth protocols to authenticate, provide single sign-on, and provide tokens for use with Salesforce APIs. In addition to standard OAuth capabilities, connected apps allow Salesforce admins to set various security policies and have explicit control over who can use the corresponding apps.

What is Remote Site: when you access the external site you need to add that in the remote site settings.This is one kind of security level that force.com platform is going to check.

Named Credentials: A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. To simplify the setup of authenticated callouts, specify a named credential as the callout endpoint. If you instead specify a URL as the callout endpoint, you must register that URL in your org’s remote site settings and handle the authentication yourself. For example, for an Apex callout, your code would need to handle authentication, which can be less secure and especially complicated for OAuth implementations.

Please let us know if you need any additional information.

Mark this as solved if my reply was helpful so that it gets removed from the unanswered queue which results in helping others who are encountering a similar issue.


Alex Wu 25Alex Wu 25
I have the same question. I need to make a package that requires two way communication between Salesforce an my server (Salesforce needs to reach MyServer's APIs and MyServer needs to reach Salesforce APIs).

This is my (novice) understanding between the three concepts. Please correct me if I'm wrong.

### Connected App
(I understand this the least) This is for communication from MyServer to Salesforce (maybe), If MyServer has implemented (or using a third party) Oauth Identity provider. Some companies prefer to handle auth on their own? I have seen no reference between connected apps and how they might secure callouts.

### Remote Site
If you need to make a callout, but the url here so that Salesforce knows it's safe. (it is safe right?)

### Named Credentials
If you need to make a callout and secure it, configue that here instead of using a remote site. You can secure via simple username and password (make sure it's over https, which I think Salesforce does) or with Oauth things. I have used username and password, but I guess salesforce security audit doesn't like that. I have yet tried to play with using Oauth. MyServer is not currently an Oauth Identiy Provider. I'm going to play around with using Salesforce as an `Auth Provider` and maybe I can use Salesforce as my Oauth Identity Provider. I will report back soon.
Alex Wu 25Alex Wu 25

So Using Salesforce as an Auth Provider doesn't work if it's an Auth Provider for the same org. You can't associate a User account to itself. I guess I'll have to implment Oauth token managment. Good thing things like this Ruby gem exist https://github.com/doorkeeper-gem/doorkeeper. Apparently the veterans I'm talking to think Named Credentials are a bad choice for packaging because it's less flexible than rolling your own Oauth.