Hello,

In order to grab custom field IDs, I added a tooling API query. Any profile without "View All Data" gets the following response for HTTP Request.
The standard profile does have API enabled permission and full CRED access on any involved object. The Apex class has "Without Sharing" tag as well.

CALLOUT_RESPONSE|[58]|System.HttpResponse[Status=Bad Request, StatusCode=400]

Sample Code:
 

String query = 'SELECT Id From CustomObject Where DeveloperName = \'' + objectName + '\'';
        String endpoint = Url.getSalesforceBaseUrl().toExternalForm();
        endpoint += '/services/data/v29.0/tooling/query/?q=';
        endpoint += EncodingUtil.urlEncode(query, 'UTF-8');
        
        HttpRequest request = new HttpRequest();
        request.setMethod('GET');
        request.setHeader('Authorization', 'Bearer ' + UserInfo.getSessionId());

I need to either:

1. Adjust the non-system admin profile, so that its SessionId gets a proper response like a profile with "View All Data" e.g system admin.
2. Somehow use a sessionId that doesnt belong to current session's profile holder. Use a system admin's sessionid WITHOUT embedding their username and password anywhere.
3. Get further debugging information from the HTTP response. I am not really sure about the specifics of why its a "bad request".


Any guidance would be appreciated. Thanks