I need to make  REST API calls to Salesforce from an external web server. I'm new to OAuth (and REST). There are three OAuth flows (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_authentication.htm), which one is suitable for this typical scenario, system to system integration (external web server to Salesforce). The first two flows seem to have user to provide user (human) name and password, on the other hand, the third flow (user name and password) not really a good fit, because I cannot expose user account's credential. Thanks in advance.

Hello,

I need to build a contact view that also includes the ability to enter a note directly on the view screen.  I am not talking about clicking a button or link to bring up the note edit screen but rather having the noted edit screen functionality embedded into the contact view page.

Thanks for any assistance!

Hi,

I was able to connect to Salesforce using REST API and make calls. But ever since Salesforce has implemented the new certificates with SHA-256, I a getting error ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-28857: Unknown SSL error. This of course is an Oracle Error since I am connecting from Oracle using UTL_HTTP method.

I have imported the new certificates into Oracle Wallet Manager following the URL https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1-to-SHA-256-hash-algorithms&language=en_US (https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1-to-SHA-256-hash-algorithms&language=en_US) but it hasn't helped. I know that the problem is more on the Oracle side but just wanted to ping this group and see if anyone has faced the same problem and was able to resolve it. Any pointers will be appreciated

Thanks,
Ashish

Dear all,

Want to pick your brain on how the authentication should be setup to create a case in Salesforce from a public mobile app?

One method is to use the method of web-to-case which does not need any authentication for Salesforce, however this does not support uploading attachments. In my case I need to log a case with attachments from a public mobile app.

Second method is to use a dedicated user with very limited privileges to connect from mobile apps and create a case in Salesforce. However any change in that user's username or password or security token will need to be updated on the mobile app and publish again through Google Play or App Store (assuming the app is on Android/iOS platform). This will take a couple of days (at least) which will be unacceptable.

Anyone got any better idea? Please do note that this is going to be a public mobile app so any community portal license won't work.

Thanks & Regards,
Ashish

Dear all,

Want to pick your brain on how the authentication should be setup to create a case in Salesforce from a public mobile app?

One method is to use the method of web-to-case which does not need any authentication for Salesforce, however this does not support uploading attachments. In my case I need to log a case with attachments from a public mobile app.

Second method is to use a dedicated user with very limited privileges to connect from mobile apps and create a case in Salesforce. However any change in that user's username or password or security token will need to be updated on the mobile app and publish again through Google Play or App Store (assuming the app is on Android/iOS platform). This will take a couple of days (at least) which will be unacceptable.

Anyone got any better idea? Please do note that this is going to be a public mobile app so any community portal license won't work.

Thanks & Regards,
Ashish

We developed a custom app in SF that does employee reviews.  An employee completes an extensive self-review, hands it of to their manager, who edits it for a final review, then it gets shared with HR.  The security is such that the employee can only see their own review, the manager can see any of their suborninates reiews, and HR can see them all.  Security is mainly handled through profiles and permission sets.

the problem arises in that we are using a 3rd party ODBC emulator that uses API calls (CDATA - and its a great product), so we can get accees to the tables for various reporting and data updates.  All is fine considering that only an admin would be running the reports and updates.  

But if i was a disgruntled hacker type employee, and i knew i could simply download the CDATA ODBC connector, create a DSN to salesforce, get my security token, and then login, it turns out that the entire employee review table is visible to me - i can see everyone's record.  You can see how this presents a problem?

I found that i could disable API access on certain profiles, which keeps them from being able to connect, but what if in some other area i had an application that required API access for my general users? I dont, but im just trying to envision how this is a secrity hole in general, or might be if we do end up having such an app.

I know that within SF I can lock down specific tables and fields to any degree desired, and ODBC via API will not even see those fields, not to mention the data behind them, but this disgruntiled employee already has full access to all fields for his own review (maybe thats why hes disgruntled?).  What about other kinds of sensitive information that might be in other tables...seems like it would be pretty easy to breach security that everyone thought was locked down via the SF UI.

Am i missing something?  Did anyone else see this and have a problem with it? Is there any other way of locking this down and still having API open for other apps?  Maybe disabling a security token generation which the ODBC config needs?  Do i need some kind of OAuth server (one suggestion so far), of which I dont know anything about yet.

We are trying to get an Outbound Message to an SAP Endpoint URL.

So after double checking the Certificates. It seems that the Root Certificate on the Endpoint is a valid Salesforce.com CA:
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="V eriSign, Inc.", C=US

There is an Intermediary Certificate that does have the Root CA Authority (ISSUER) and the OWNER in this cert is on the SSL Certificate

Owner: CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

And the SSL Certificate for the Endpoint (OWNER) does point to the Intermediate Certificate (ISSUER) CA Authority

Owner: CN=hds-solmandev.hdsmith.com, OU=solman, O="H.D Smith, LLC", L=Springfiel
d, ST=Illinois, C=US
Issuer: CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=
Symantec Corporation, C=US

Will this be enough to send an outbound message to the Endpoint URL? It keeps failing with the error: javax.net.ssl.SSLPeerUnverifiedException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The port is also open from Salesforce to the Endpoint URL

Hello,

I have a need to integrate salesforce with a desktop based application. Basically, I need to load data from this application into SFDC.

What options/tools we have for this? Please advise. How can I achieve this?

I need to make  REST API calls to Salesforce from an external web server. I'm new to OAuth (and REST). There are three OAuth flows (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_authentication.htm), which one is suitable for this typical scenario, system to system integration (external web server to Salesforce). The first two flows seem to have user to provide user (human) name and password, on the other hand, the third flow (user name and password) not really a good fit, because I cannot expose user account's credential. Thanks in advance.

Hi,

I was able to connect to Salesforce using REST API and make calls. But ever since Salesforce has implemented the new certificates with SHA-256, I a getting error ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-28857: Unknown SSL error. This of course is an Oracle Error since I am connecting from Oracle using UTL_HTTP method.

I have imported the new certificates into Oracle Wallet Manager following the URL https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1-to-SHA-256-hash-algorithms&language=en_US (https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1-to-SHA-256-hash-algorithms&language=en_US) but it hasn't helped. I know that the problem is more on the Oracle side but just wanted to ping this group and see if anyone has faced the same problem and was able to resolve it. Any pointers will be appreciated

Thanks,
Ashish

Hi,

I'm looking for a step by step instructions for integrating Salesforce with external Applications. Can anyone help me with that.

Thanks,
Avantik.

Hi 
Scenario: i have two groups with multiple users each,now when a record is created by any user from that group,only all the users among that group should have access to each others records but not to the other group of users, as a solution i have created two groups US team UK team and tried by creating a sharing rule based on criteria that best suits and based on owner,they are successfully created but none of them are working.
any suggestions or ideas will be highly appreciated.

My scenario is that i have to build a page on Contact and have the following features.
1. one text box with contact lookup
2. After selecting one contact click go button
3. Fetch 5 fields of that contact in text box
4. User should be able to edit any data there and can save.
5. Saved data should be reflected in object record.
Kindly let me know how to do this as I am new to SFDC coding.
Thanks.

Hello,

We have no reason to believe but are acting as if the consumer_key and secret to our app have been compromised.  Is there any way we can rotate these values to get new credentials?  I am assuming that if we could get a new secret the secret + a user's current refresh_token would be capable of acquiring a new access token.  Finally is the risk of impersonation mitigated by the callback URLs being set in Salesforce itself?

Thanks!

My parent company is sharing a single Salesforce.com organization amongst a large number of smaller sub-companies. Most of what they are using is straight out of the box. When modest changes are proposed, for example to add a new field to the Opprtunities application, that proposal is reviewed and approved by a "Salesforce Administrator" within each of the sub companies. This makes sense since the transparency that sharing accounts, leads and opportunites across the entire larger organization brings is desirable. However, some of the smaller sub-companies now wish to begin developing custom applications, and it would not be desirable to share those applications across the entire larger organization. Each sub company has concerns with having their own development, test and UAT sandboxes as well. Is there a model for this type of situation?

Dear Salesforce Specialists,

You guys are doing awesome Job in providing the best knowledge for almost all the questions posted on forums,

I do have a request :

I am very new to the Webservices & Integration

1) How to learn Web services - Integration & Where to start ( Step - By Step Resources : Documentation , PDF's , VIdeo;s , Usefull Blogs ? )

2) Salesforce Rest & Soap - Where to start ( Step - By Step Resources : Documentation , PDF's , VIdeo;s , Usefull Blogs ? )

3) Any Real-time impmemention's ( With : Oracle, SAP, SQL,JAVA) for references ?

4) Does big Clients use Third-Party tools for automating Integration ( Ex: Jitterbit , Boomi , Informatica ) , If so which one is best tool to use ?

One of our client project is about to start and I am involved in that and I am in real confusion from where to start learning and reach the stage of implementing?

I hope some of you guys helps me ,

Thanks,
Janardhan
 

In Salesforce we have different domain names like
ap1.Salesforce.com
cs1.salesforce.com
na1.salesforce
Why they need to provide different URL ? Any special purpose for each domain or Is there any Security reasons?

Thanks in advance my Friends

 

Hello,

I need to build a contact view that also includes the ability to enter a note directly on the view screen.  I am not talking about clicking a button or link to bring up the note edit screen but rather having the noted edit screen functionality embedded into the contact view page.

Thanks for any assistance!

Hello,

I have added a VF page to my site but each time I try to create my custom object through the VF page I get this error.

'Authorization Required 

You must first log in or register before accessing this page. 
If you have forgotten your password, click Forgot Password to reset it.'

I have done my research and know that this usually has to do with field level security. I have given access to every field and object for the profile associated with my site. We are using the guest profile licence. I really am lost and have spent the last 2 days trying to debug this.

Any help would be nice. Thanks

Customer is trying to rationalize all the fields with in their prod ORG. Is there a qucik and dirty way to see, where a field is used across all objects with in the ORG? thank you

I know I can access the object labels like {!$ObjectType.Case.LabelPlural}  However, I want to also access the standard translations for the actions such as List, New, Edit. The output should be "Cases List" or "New Case" like you would see in the standard pages. Right now I have the label and just hardcoded the words "New" or "List" on the output. 

The purpose of this is custom visualforce pages in a community where I need to use translations.  I would rather not use custom labels for these because I know the standard translations have to be in there somewhere.  Any idea where I can access these?

So what stops someone from creating a Developer account and just adding users etc.,?

Assuming the company is small, couldn't they just do that?

I'm writing middleware in WCF and trying to obtain an authorization token from salesforce for OAuth.

I'm posting to https://login.salesforce.com/services/oauth2/token with the following data:

 

string postData = "client_id=" + key + "&client_secret=" + secret + "&redirect_url=http://localhost:1670/myservice.svc/callback" + "&grant_type=authorization_code";

 

SF keeps telling me "400 Bad Request"

 

Does anyone have any experience with this?

Hi,

I've implemented OAuth for our Salesforce integration over the last couple of years.  During that time we've been supporting over 100 different Salesforce orgs.  However, even though all of them are authenticating using the same OAuth flow, I've noticed that some orgs have expired token errors from time to time.  However, this seems inconsistent.  Some orgs have never needed to reauthenticate, while some need to reauthenticate every few months.
Recently we had a new org that seems to need to reauthenticate every few days, which obviously isn't going to work.  Are there additional settings at the org level (security perhaps?) that would cause this inconsistency?  Has anyone else experienced this?  What methods could be used to troubleshoot?

Thanks,
tim