function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
karnadesaikarnadesai 

Salesforce REST API invocation via Third Party App

I am currently in process of invoking Salesforce REST API from my own server.

Following are the two options I have already implemented,

  • Use OAuth 2.0 User-agent model for querying Salesforce REST API
  • User OAuth 2.0 User-password model for querying Salesforce REST API.

In both the above case, I needed to setup Remote Site in the Salesforce Org. How can I bypass this. i.e. Without setting up Remote Site, I can directly query Salesforce API. I have seen a popular app integrated with salesforce already done similar thing.

 

Also, after reviewing salesforce Authentication documentation, token used in Oauth 2.0 is same as Session Id. i.e. In theory if I have instance URL and SessionId , I can directly query API.

Thanks for your help.

Best Answer chosen by Admin (Salesforce Developers) 
ryanjuptonryanjupton

You have to setup a remote site if you want to use OAuth. Yes, you could query with just the session ID but you have to authenticate with Salesforce in order to get the session id. It's a bit of a chicken or egg problem. You could use the SOAP APi to authenticate and get the session id without having a remote site setup then switch to REST but that kind of defeats the point of using the REST API IMO.

All Answers

ryanjuptonryanjupton

You have to setup a remote site if you want to use OAuth. Yes, you could query with just the session ID but you have to authenticate with Salesforce in order to get the session id. It's a bit of a chicken or egg problem. You could use the SOAP APi to authenticate and get the session id without having a remote site setup then switch to REST but that kind of defeats the point of using the REST API IMO.

This was selected as the best answer
karnadesaikarnadesai

Through researching more I found out we need to setup Remote Site only in one ORG. i.e. Client ID and Consumer key can be used to query any ORG. That is exactly what I want, thus not requiring to setup remote site for every ORG and keeping track of Client ID and Consumer Key for each org.

MDhillonMDhillon
hi karan,

i am in kind of same situation as you. Could you please provide me sample code how you did  this?

regards,
mani