ISVforce Guide

Introduction
ISVforce Quick Start
Designing and Building Your App
Packaging and Testing Your App
Passing the Security Review
Publish Your Offering on the AppExchange
Manage Orders
Managing Licenses
Provide a Free Trial
Supporting Your AppExchange Customers
Upgrading Your App
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Creating Proxy Signups for OAuth and API Access


User Permissions Needed
To create or view signup requests: “Signup Request API”

Using the SignupRequest object, you can programmatically create a new organization without any system-generated emails being sent to the user. You can then obtain an OAuth access token to log in to the organization and make API requests from it, without any action by the user. This is called proxy signup because it enables you to create and operate the organization on the user’s behalf, without their knowledge that you’re using Salesforce behind the scenes..

In the traditional signup process, when you create a new organization, the user receives a system-generated email containing the login URL and initial password for logging in to the organization. The user then has to log in and explicitly grant you API access to make calls into the organization on his behalf. With proxy signup, no user emails are generated and no action is required by the user to provide you API access.

The ability to create and manage organizations by proxy expands your options for integrating Salesforce with external applications on other platforms. It enables you to incorporate any feature of the Force.com platform into your own application, without exposing the Salesforce user interface (UI).  In effect, all features of Salesforce can be decoupled from the UI and are available to integrate into any other application runtime or UI in a seamless and invisible way.

For example, suppose an ISV has a web application, built on the .NET platform, that helps companies manage travel expense reporting and reimbursement for employees. The ISV might want to integrate Chatter into its application, so all employees of a company can share feedback and tips about their travel experiences with each other. The ISV can do this by using the appropriate Salesforce APIs to implement the following solution.
  1. Use proxy signup to create a Salesforce organization for each of its customers.
  2. Create users in each customer organization for all employees of that company.
  3. Set up and maintain a Chatter group for sharing travel information.
  4. Monitor each user’s Chatter feed and extract information from individual posts.
  5. Insert the information into its application, and display it in the existing UI.
This enables the ISV to provide its customers access to Chatter functionality, without having to develop it from scratch. The ISV’s customers experience Chatter as a natural extension of the existing application, in an interface they’re familiar with, and without needing to know about or log in to Salesforce. The same approach can be extended to any other feature of Salesforce, including standard and custom objects, Apex, and Visualforce. In effect, proxy signup gives ISVs the ability to consume Salesforce as a service, integrating its features into applications on any platform, without exposing the Salesforce UI. The potential applications are limited only by the ISV’s imagination.
Here are the steps for creating a proxy signup.
  1. Log in to a Developer Edition organization (which has the Connected Apps user permission enabled by default).
  2. From Setup, enter Apps in the Quick Find box, then select Apps. Then click New under Connected Apps.
  3. Enter values for the required fields. You must specify an X.509 certificate and grant full and refresh token access for the OAuth scopes in the "Selected OAuth Scopes" selector. The callback URL is required but can initially be set to any valid URL as it's not used. Click Save when you’re done.
  4. Record the value of Consumer Key on the same page. Also, click Click to reveal and record the value of Consumer Secret.
  5. Package the Connected App by adding it as a component to a new package. Record the Installation URL value for the package.
  6. Log in to your Trialforce Management Organization and create a new Trialforce Source Organization from it.
  7. Log in to your Trialforce Source Organization and install the package containing the Connected App, using the installation URL from step 5.
  8. After the Connected App is installed in the Trialforce Source Organization, you can customize it from Setup by entering Manage Applications in the Quick Find box, then selecting Manage Applications. You can see the Connected App and can edit its attributes. Specify the appropriate profiles and permission sets, and choose the option “Admin approved users are pre-authorized” in the OAuth policies section. This ensures you can authenticate into the organization on behalf of users with these criteria.
  9. Once you’ve configured the Trialforce Source Organization to your requirements, create a Trialforce template from it. Select the All Setup and Data radio button when creating the Trialforce template.
  10. File a case in the Partner Community to get approval for creating new signups using the template.
  11. Once the template is approved, you can sign up a new organization using the SignupRequest object. You will need to specify the OAuth values necessary to connect to the newly-created organization, that is: Consumer Key and Callback URL. 
    1POST https://mycompany-tmo.salesforce.com/services/data/v27.0/sobjects/SignupRequest/
2Authorization Bearer 
3  00Dxx0000001gR6!ARoAQAS3Uc6brlY8q8TWrrI_u1THuUGmSAp
4    XrksSniyjom9kXfDac4UP.m9FApjTw9ukJfKqWuD8pA9meeLaltRmNFvPqUn7
5Content-Type application/json Body:
6{    "TemplateId":"0TT000000000001",
7     "SignupEmail":"john.smith@mycompany.com",
8     "Username":"gm@trial1212.org",
9     "Country":"US"
10     "Company":"salesforce.com",
11     "LastName":"Smith",
12     "ConnectedAppConsumerKey":
13      "3MVG9AOp4kbriZOLfSVjG2Pxa3cJ_nOkwhxL1J1AuV22u8bm82FtDtWFVV__
14         Vs6mvqoVbAnwsChp9YT4bfrYu",
15     "ConnectedAppCallbackUrl":
16       "https%3A%2F%2Fwww.mysite.com%2Fcode_callback.jsp" }
When the ConnectedAppConsumerKey and ConnectedAppCallbackUrl fields are specified in the SignupRequest object, a proxy signup flow is triggered to automatically approve an existing Connected App for use in this new organization. In that flow, no signup-related emails are sent to the user. With knowledge of the admin username, consumer key and consumer secret, you now have all the information required to:
  • make API requests to the newly-created organization as an admin user of that organization.
  • request an updated access token at any time in the future.