You need to sign in to do that
Don't have an account?
Claiborne
API Access with Delegated Authorization on Professional Edition
Here is the problem.
We have AppExchange product that is Aloha-approved, so we have an api access token.
Up until now, we have required users to log-in to salesforce.com from our app. We apply the api token as part of the connection header. Theapi token allows users to use our app with all editions of salesforce.com, especially Professional Edition.
This is the code we use - php
And we have a client using our application who has Professional Edition, but also is using Delegated Authorization via PingIdentity.
When the user tries to log in to salesforce.com from our application, they use their SSO user name and password. This gets them a valid salesforce.com token from Ping, but no log-in to salesforce.com. This is, of course, an api-login.
If the system admin uses his salesforce.com account, it works fine.
So the question is, how do you pass an api token when a Professional Edition sso user is trying to log in as an api user?
The api token is in the header of the initial log in request to salesforce.com. What happens to it when salesforce.com forwards the request to a delegated authority? Does it go to the delegated authority? Does it come back? Does it stay with the salesforce.com login request for use the authorization is granted by the delegated authority? Or is it just lost?
We have AppExchange product that is Aloha-approved, so we have an api access token.
Up until now, we have required users to log-in to salesforce.com from our app. We apply the api token as part of the connection header. Theapi token allows users to use our app with all editions of salesforce.com, especially Professional Edition.
This is the code we use - php
function GetClient($login, $password, $token, $sandbox) {
$wsdl = "soapclient/partner.wsdl.xml";
if ($sandbox = "true") {
$wsdl = "soapclient/partnerSandbox.wsdl.xml";
}
// The List api token - required for PE and GE access
$apiToken = '<token provided by salesforce.com>';
// Establish client
$client = new SforcePartnerClient();
$client->createConnection($wsdl);
// Add api token to connection
$callOptionsHeader = new CallOptions($apiToken);
$client->setCallOptions($callOptionsHeader);
// Login to salesforce.com
try {
$loginResult = $client->login($login, $password.$token);
if ($loginResult->passwordExpired) {
$client = null;
}
}
catch (Exception $e) {
echo $e->getMessage();
$client = null;
}
}
$wsdl = "soapclient/partner.wsdl.xml";
if ($sandbox = "true") {
$wsdl = "soapclient/partnerSandbox.wsdl.xml";
}
// The List api token - required for PE and GE access
$apiToken = '<token provided by salesforce.com>';
// Establish client
$client = new SforcePartnerClient();
$client->createConnection($wsdl);
// Add api token to connection
$callOptionsHeader = new CallOptions($apiToken);
$client->setCallOptions($callOptionsHeader);
// Login to salesforce.com
try {
$loginResult = $client->login($login, $password.$token);
if ($loginResult->passwordExpired) {
$client = null;
}
}
catch (Exception $e) {
echo $e->getMessage();
$client = null;
}
}
And we have a client using our application who has Professional Edition, but also is using Delegated Authorization via PingIdentity.
When the user tries to log in to salesforce.com from our application, they use their SSO user name and password. This gets them a valid salesforce.com token from Ping, but no log-in to salesforce.com. This is, of course, an api-login.
If the system admin uses his salesforce.com account, it works fine.
So the question is, how do you pass an api token when a Professional Edition sso user is trying to log in as an api user?
The api token is in the header of the initial log in request to salesforce.com. What happens to it when salesforce.com forwards the request to a delegated authority? Does it go to the delegated authority? Does it come back? Does it stay with the salesforce.com login request for use the authorization is granted by the delegated authority? Or is it just lost?
Hi ,
API Enabled permission will be on the Users Permission Section in the Profile.
API Enabled option will be there only for Users of Profile System Administrator or Cloned profiel of System Administrator.
https://login.salesforce.com/help/doc/en/admin_userperms.htm
You need to contact Salesforce.com Support for this.
Please go through the link whcih states the following information about Enabling API in professional Edition.
If you dont see the permission, you need to contact Salesforce.com Support.
This feature is enabled by default for Unlimited, Enterprise, and Developer Editions. Some Professional Edition organizations may also have the API enabled. If you cannot access the features you see in this guide, contact salesforce.com.
http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_quickstart_intro.htm
See more in the discussion below,
https://success.salesforce.com/answers?id=90630000000gr7kAAA
Also See the links below,
http://www.salesforce.com/us/developer/docs/packagingGuide/Content/dev_packages_api_access.htm
https://developer.salesforce.com/forums/ForumsMain?id=906F00000008mh8IAA
Regards,
Ashish
But when the organization uses an OAuth provided, in this case through Ping Identity, the token is dropped somewhere between the AppExchange app and Ping and salesforce.com.