function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
BNG Holdings IncBNG Holdings Inc 

Subsequent API Calls not working

So I can get the login() API call to work and return the sessionId and whatnot. However I cannot get any subsequent calls to work.

 

I get the error:

INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session

 

However I recieved the Session ID from the return of the login method, so how can it be wrong?

 

I did notice that ever time I login() the sessionId seems to be the same. Also I noticed that it appears to be be encoded, do I need to decodebase64() the sessionId before I can use it? What should a valid sessionId look like?

 

Please Help!

Best Answer chosen by Admin (Salesforce Developers) 
SuperfellSuperfell

If you need the WSDL you should save it to a local file and load it from that. but if you can't send soap headers at all, then you won't be able to use the SOAP API. Have you looked at the REST API, that might be more amianable to your tooling.

All Answers

sfdcfoxsfdcfox

A valid session id, I believe, should be something like <org-id>!<encrypted-data>.<more-encrypted-data>. The format has changed over time, so I could be wrong, and I don't have an easy way to grab a session ID right now.

 

Usually this error is caused because the ID is inside a malformed header. Try using your programming language's SOAP tracing functions to dump a request's XML to a file so you can examine it. The request should be formatted very similar to the "Example SOAP calls" section on the documentation area of this site.

 

Generally, you use something like "setSessionHeader()" on the binding using an object typically called SessionHeader. The exact details may vary depending on your language's SOAP implementation.
BNG Holdings IncBNG Holdings Inc

The formatting for my sessionId is laid out like you said, sfdcfox.

 

Essentially my language requires me to use an HTTPSecureSocket object, then I configure parameters for a SOAPmethod object, attach the SOAPmethod to the socket and call, and then put the output in a SOAPResponse object. (For anyone curious or experience similar issues I'm using Real Studio).

 

The abridged code for a login looks like this:

sm = New SoapMethod
sm.parameter("username") = TextFieldUsername.Text
sm.parameter("password") = TextFieldPassword.Text + TextFieldToken.Text

sm.UseSocket(SFSocket)
SFSocket.Port = 443
sm.methodNamespace = "urn:enterprise.soap.sforce.com"
sm.action = "logout" //SOAP Method being called
sm.url =  "https://login.salesforce.com/services/Soap/c/22.0/"

sr = sm.invoke("login")

 

I then get the info from sr. If sr.error is true I report the error, otherwise I get the sessionId and other results.

 

But now that I have the sessionId, I make calls to other methods using the sessionId and new url and I get the sessionId error. I was originally adding the session header as a parameter on the SOAP method which I'm assuming is wrong as I discovered I can set headers on the Socket. So I do that:

SFSocket.requestHeaders.AppendHeader("SessionHeader",sr.Result("sessionId"))

 

But I still get the same invalid session id error.

 

I have two different ideas for where to go next. A lot of people have been talking about certificates and adding a certificate to the HTTPSocket. I was wondering if there were any more details as to how this works?

Am I required to use 2-way SSL?

 

My next idea was to try different connection types for the socket. My options are

SFSocket.ConnectionType = SSLSocket.<type>

TLSv1, SSLv2, SSLv3, SSLv23

 

Any other ideas?

 

Thanks for any help. I've been getting super frustrated at just trying to get over this last hurdle before its easy sailing and I do appreciate the help.

 
SuperfellSuperfell

It should be a soap header, not a socket header (which i'm guessing in reality is a http header). You need to ensure that the soap header is created with the right xml namespace. (if you can get your tool to dump what its actual soap request looks like, we can check that the header is correct).

 

You are not required to use 2-way SSL.
BNG Holdings IncBNG Holdings Inc

Simon,

 

Thanks for taking the time to reply! I dont think your method will work for me unfortunately. The problem is the SOAPmethod object doesn't have headers.

 

Properties

Action - (The SOAP action for the method being called.)
MethodNamespace
Parameter
Timeout
URL
WSDL

 Methods

ClearParameters
Invoke
LoadWSDLFromURL
UseSocket

 

I haven't been loading the WSDL from the url - but I have to be logged in to get the WSDL in the first place. Is it required that the WSDL be loaded? I figured I could just manually look at it to make sure I name parameters correctly. I'm also assuming that I either need to use parameters for the SessionHeader or use the HTTPSocket header, but neither seem to work. I'm frustrated and sad :-(
SuperfellSuperfell

If you need the WSDL you should save it to a local file and load it from that. but if you can't send soap headers at all, then you won't be able to use the SOAP API. Have you looked at the REST API, that might be more amianable to your tooling.

This was selected as the best answer