Background:

We are developing an application, where we need to make HTTP Callouts to our external web services. Few of our web services require encrypting request content using Secret Key issued by our servers. We need to store and use this SecretKey from APEX code of our SF app. As per Salesforce security recommendation here we plan to use CustomSettings in APEX to store this SecretKey. However, Salesforce documentation says that only CustomSettings Definitions are included in the package and not data.

Question:

When and how should I initialize the CustomSettings to store this SecretKey. I investigated around this and came to know that we should do initialization in the Post Install script. Should I create a post install script and hardcode the secret key there and initialize the customsettings using that ? Salesforce documentation also says that never hard code sensitive information in the APEX code. So, I am not able to figure out a better way to initialize the custom settings. 

Hi 

I am creating an application, where I need to use Metadata API from APEX code running in an org. to fetch and update objects within the same org (kind of loopback). Through my investigations, I came to know that it is possible to achieve this by using APEX SOAP Stubs generated from MetadataAPI WSDL. This WSDL is generated with instance URL specific to my organization.  e.g <soap:address location="https://na15-api.salesforce.com/services/Soap/m/27.0"/>

In order to use APEX SOAP stubs on my org, my application need to create Remote Site Setting for above *na15* url instance in WSDL. Correct ?. Next lets say I publish this app, then:

1. How will my application behave on a different organization which is running on a differnt instance url(e.g *na1*) than *na15*. It will receive unauthorized end point exception. So definitely hardcoding *na15* was never a right choice. 

2. Is there any generic instance URL for the Metadata API I can specify and bundle Remote Site Setting for that URL in my application, which can work seamlessly in any organization to connect to itself or some other org. 

One thing I am sure, using URL.getSalesforceBaseUrl would not do much help, since it would return Organization specific URLs.

Background:

We are developing an application, where we need to make HTTP Callouts to our external web services. Few of our web services require encrypting request content using Secret Key issued by our servers. We need to store and use this SecretKey from APEX code of our SF app. As per Salesforce security recommendation here we plan to use CustomSettings in APEX to store this SecretKey. However, Salesforce documentation says that only CustomSettings Definitions are included in the package and not data.

Question:

When and how should I initialize the CustomSettings to store this SecretKey. I investigated around this and came to know that we should do initialization in the Post Install script. Should I create a post install script and hardcode the secret key there and initialize the customsettings using that ? Salesforce documentation also says that never hard code sensitive information in the APEX code. So, I am not able to figure out a better way to initialize the custom settings. 

Hi 

I am creating an application, where I need to use Metadata API from APEX code running in an org. to fetch and update objects within the same org (kind of loopback). Through my investigations, I came to know that it is possible to achieve this by using APEX SOAP Stubs generated from MetadataAPI WSDL. This WSDL is generated with instance URL specific to my organization.  e.g <soap:address location="https://na15-api.salesforce.com/services/Soap/m/27.0"/>

In order to use APEX SOAP stubs on my org, my application need to create Remote Site Setting for above *na15* url instance in WSDL. Correct ?. Next lets say I publish this app, then:

1. How will my application behave on a different organization which is running on a differnt instance url(e.g *na1*) than *na15*. It will receive unauthorized end point exception. So definitely hardcoding *na15* was never a right choice. 

2. Is there any generic instance URL for the Metadata API I can specify and bundle Remote Site Setting for that URL in my application, which can work seamlessly in any organization to connect to itself or some other org. 

One thing I am sure, using URL.getSalesforceBaseUrl would not do much help, since it would return Organization specific URLs.

Hello.

I have created an Apex class that I want to access some Salesforce metadata from.  I thought the easiest way would be to call the REST metadata service, thus:

PageReference ref = new PageReference ('/services/data/v20.0/Account/describe/');
ref.getHeaders().put('Authorization', 'Bearer ' + UserInfo.getSessionId());
System.debug('CONTENTS: ' + ref.getContent().toString());		

 However, when I try to run this, I get "401 status code return from request to http://na6.salesforce.com/services/data/v20.0/Account/describe/?inline=1"

Any ideas?

Thanks,

Carl