function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Best practice for obtaining the consumer key for native mobile apps



We have a native iOS mobile application that uses the Salesforce mobile sdk -- specifically to use OAuth 2.0 authentication (user-agent) and the REST API to manipulate salesforce objects.  We have no Apex or other code that needs to be hosted on  This application will be used by different companies (i.e., it is not an internal application).


My understanding is that in order to get the consumer key required for use by OAuth, we need to create a managed Package for AppXChange and define our appication as a "Remote Access Application".  Per Salesforce packaging guide "Designing Packages for Remote Access Using OAuth". Since this application will be used by many different customers, my understanding is to get a single consumer key for my iOS app, I need to create this managed package that customers will then install on their salesforce orgs to allow my app to talk to their org.


The question is, what is the best practice for what else needs to be added to this package?  If I only define the remote access application, I cannot upload the package.  However, I don't think it's correct to create some random custom object that I'll never use.  


I have not been able to find any directions on enabling a "native client only" application to get the consumer key and would appreciate any pointers to more information.






You don't need to create a managed package. the consumer keys you create in your dev org are automatically shared with all other orgs.


So a single consumer key can be used for multiple salesforce orgs? If I create a single app with a consumer key I generate on my own org, I could then distribute that app within the appstore and anyone with an org could login via OAuth using my consumer key?