function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
SurjenduSurjendu 

How to ensure that a request is coming from SalesForce?

I want to send a response to a site outside SalesForce. Is there a way to put something in the request param so that the accepting server will know that the request is a vaild request and coming from SalesForce. How do I do this?
paul-lmipaul-lmi
you could predefine a random hash of characters, and have the other end expect that hash to determine it to be a legit request, or, you could get the IP ranges SF uses and only accept connections from those on the other end.

or more so, do a reverse IP lookup on the receiving server, and only accept data if the reverse lookup goes back to a salesforce.com domain.
Benjamin_PirihBenjamin_Pirih
We use a IP filter on our external facing router along with a dns redirection..  It works like this.. apex.yourdomain.com points to your private ip address.. Your router firewall checks that the incoming traffic to apex.yourdomain.com is in the sf.com trusted ip range, and allows the packet to pass to the machine which fullfulls the service.. You will want to use a SSL if you are really interested in security..
 
You can should also match your organization id at runtime, as this should not be public information and will provide an additional layer of secuirty..
 
Best of Luck..