Apex Code Development You need to sign in to do that
Don't have an account?
Gerry Winning username-password OAuth flow - why dev only?
Why does the documentation indicate that you shoudl not use this in production?
"If you need a session ID just for testing purposes during development, you can use the username-password OAuth flow"
It then says you can use SOAP for to get the token back to use with the REST API. The SOAP login is just a username and password, just like the username-password OAuth flow..... I'm currently loggin in with SOAP then callin the REST API for our back office integration only becuase of the documentation that seems to imply that death and destruction awaits those who use the REST login without dancing with OAUTH2. Is this just poor documentation, or is there some real problem here?
"If you need a session ID just for testing purposes during development, you can use the username-password OAuth flow"
It then says you can use SOAP for to get the token back to use with the REST API. The SOAP login is just a username and password, just like the username-password OAuth flow..... I'm currently loggin in with SOAP then callin the REST API for our back office integration only becuase of the documentation that seems to imply that death and destruction awaits those who use the REST login without dancing with OAUTH2. Is this just poor documentation, or is there some real problem here?
From your post, sounds like there's no reason to use SOAP just for login -- best practice is REST and OAuth2 user-agent flow.
If you want to avoid re-entering the username & password (i.e. the login part of the OAuth2 dance) then securely store the refresh token obtained on the first authentication, use it to get a new access token automatically when the session expires, and then you won't have to re-enter credentials in the Salesforce login form.