function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
ricbricb 

application authentication via REST API

I am new to the Salesforce REST API, and I have a basic authentication question.

The basic structure of my solution is as follows. I am developing a web application (on .NET) that will make calls against the foce.com REST API to insert/update/delete data (leads, accounts, etc.). Our salespeople will use the normal Salesforce website to interact with this data, but our web application will also interact with it via the REST API.

So, what is the proper authentication mechanism to use for my .NET web application? The REST API calls it makes will be unattended, so there is no point in having OAuth redirect to the Salesforce login page for a person to type in credentials. (There will be no person present.)

Is it simply sufficient for me to include, with each REST API call, the "Consumer Key" and "Consumer Secret" values from the Remote Access setup page in my SF DE account?

Thanks in advance.

Best Answer chosen by Admin (Salesforce Developers) 
Pat PattersonPat Patterson

Use of the OAuth 2.0 Username-Password flow is covered in this article.

All Answers

WinningJrWinningJr

(Forgive the Progress ABL syntax in what I pasted) After searching for and answer the same thing for... forever... I ended up using:

 

vURL =   

  "https://login.salesforce.com/services/oauth2/token?" +

   "&grant_type=password" +

   "&client_id=" + consumerKey +

   "&client_secret=" + consumerSecret +

   "&username=" + apiUserName +

   "&password=" + apiUserPassword.

 

This "POST", of course, returns the instanceURL and the AccessToken to use for the API "GET" calls.  Don't forget to set the headers:



xmlhttp:setRequestHeader("Content-Type","application/xml; charset=UTF-8") /* not sure if you need this one - old habbits */

xmlHttp:setRequestHeader("Authorization", "OAuth " + accessToken)



   

 


Pat PattersonPat Patterson

Use of the OAuth 2.0 Username-Password flow is covered in this article.

This was selected as the best answer
WEN JIEWEN JIE

Hi,

 

This code is based on the OAuth2.0 Username-Password Flow.

PostMethod post = new PostMethod(environment + "/services/oauth2/token");
post.addParameter("grant_type", "password");
post.addParameter("client_id", clientId);
post.addParameter("client_secret", clientSecret);
post.addParameter("username", username);
post.addParameter("password", password+security_token);
post.addParameter("format", "json");

try {
    HttpClient httpclient = new HttpClient();

    try {
        httpclient.executeMethod(post);
        JSONObject authResponse = new JSONObject(post.getResponseBodyAsString());
        System.out.println("Auth response: "+ authResponse.toString(2));
					
        accessToken = authResponse.getString("access_token");
        instanceUrl = authResponse.getString("instance_url");
    } catch (JSONException e) {
        e.printStackTrace();
        throw new ServletException(e);
    }
} finally {
    post.releaseConnection();
}

 Hope this can help you!

 

Thanks.