function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Chatter REST API Client

Has anybody develoeped Chatter REST API client?

I am actually trying to understand how to get OAuth access token.


Do I need to have an HTTPS website in order to specify a redirect URL where I can get access token?


I am developing a client application that may be used by many different SFDC orgs, in that case I have to manually generate OAuth for every SFDC org and setup the access token in the application?


How can I automate the process of getting OAuth token?

My client applicaiton is headless (no GUI).





I have a similar problem. By now what I see is that to get the access_token, the client app needs to exchange several http messages with the login and token servers of Salesforce. There should be a way to do it inside a piece of code (assume the user name and password is known to the code). But I am rather new to HTTP so I am having a hard to to figure it out.


That's true. We have to send a reques to Salesforce server with specific URL.

In reply to that URL, it redirects to "redirect_url" ( with access token in request URL) value we provide when sending request.



You don't need a "real" redirect URL if you are using the User Agent flow ( (which is the flow you should be using on mobile devices). You can use the built-in salesforce "success" URL, or a custom URL with a custom protocol like "myApp://". In fact, if you don't use the success URL or a custom protocol, then you will not even get a refresh token.


In a situation where a safe web server is authenticating the user against Salesforce instead of an unsafe client device, you can use the Web Server flow (, where the redirect URI should be an actual URL, which leads the client back to your web server after Salesforce is done authenticating them.


My iPhone sample app shows how to use the User Agent flow, it's found here: in particular the guts of the OAuth implementation are found here: