SOAP API Developer's Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Implementing Salesforce Integrations on Force.com

You can implement your Salesforce integrations or other client applications, on the Force.com platform by creating a Force.com AppExchange app.

  1. Create a WebLink that passes the user session ID and the API server URL to an external site:
    1https://www.your_tool.com/test.jsp?sessionid={!API_Session_ID}&url={!API_Partner_Server_URL_80}

    Use https to ensure your session ID cannot be detected.

  2. The page pointed to in the step above takes the session ID and uses it to call back to the API. Use getUserInfo() to return the userID associated with the session and related information. If needed, you can also use retrieve on the User object to retrieve any additional information you need about the user.
  3. Maintain a cross-reference between the UserId or username and the corresponding user ID in your system, which you can do using a WebLink that is executed when the user clicks on a tab, or a WebLink on the page layout.
  4. Package and upload this app using the instructions in the Salesforce online help topic “Preparing Your Apps for Distribution.”

Accessing Salesforce Data Using the API and OAuth

A remote access application is an application external to Salesforce that uses the OAuth protocol to verify both the Salesforce user and the external application. A remote access application is implemented as a connected app. OAuth is an open protocol that allows secure authentication for access to a user’s data, without handing out the user’s username and password. It is often described as the valet key of software access: a valet key only allows access to certain features of your car: you cannot open the trunk or glove compartment using a valet key.

Remote Access applications have been replaced by Connected Apps. Use connected apps for any application that needs to integrate with salesforce.com to verify users and control security policies for external applications. Any existing Remote Access applications were automatically migrated to connected apps with the Summer ’13 release.

Note

Salesforce currently supports OAuth versions 1.0.A and 2.0.

For OAuth version 1.0.A, after a third-party has successfully negotiated a session with Salesforce (using an already defined remote access application and the OAuth protocol) and has a valid AccessToken, a remote access application can request to access Salesforce data using the API. For more information, see “Remote Access Application Overview” and “OAuth 1.0.A Authentication Flow” in the Salesforce online help.

The following contains more detailed steps regarding accessing data for developers who are using a remote access application to request Salesforce data.
  1. The consumer makes an HTTPS POST request to Salesforce.
    • The URL must have the following format: https://login.salesforce.com/services/OAuth/type/api-version.
      type must have one of the following values.
      • u—Partner WSDL
      • c—Enterprise WSDL

      api-version must be a valid API version.

    • The authorization header must have the following parameters.
      • oauth_consumer_key
      • oauth_token
      • oauth_signature_method
      • oauth_signature
      • oauth_timestamp
      • oauth_nonce
      • oauth_version (optional, must be “1.0” if included)
  2. Salesforce validates the request and sends a valid session ID to the consumer. The response header includes the following.
    1<response>
2    <metadataServerUrl>https://na1.salesforce.com/services/Soap/m/17.0/00D300000006qjK
3    </metadataServerUrl>
4    <sandbox>false</sandbox>
5    <serverUrl>https://na1.salesforce.com/services/Soap/u/17.0/00D300000006qjK
6    </serverUrl>
7    <sessionId>00D300000006qrN!AQoAQJTMzwTa67tGgQck1ng_xgMSuWVBpFwZ1xUq2kLjMYg6Zq
8       GTS8Ezu_C3w0pdT1DMyHiJgB6fbhhEPxKjGqlYnlROIUs1</sessionId>
9</response>
After a consumer using OAuth version 2.0 has an access token, the method of using the token depends on the API being used.
  • For the REST API, use an HTTP authorization header with the following format Authorization: Bearer Access_Token.
  • For the SOAP API, the access token is placed in the SessionHeader SOAP authentication header.
  • For the identity URL, use either an HTTP authorization header (as with the REST API) or use as an HTTP parameter oauth_token.

For more information, see “Authenticating Remote Access Application OAuth” in the Salesforce online help.

Partners, who wish to get an OAuth consumer Id for authentication, can contact salesforce.com