SOAP API Developer Guide

Getting Started
Reference
Using the API with Salesforce Features
Implementation Considerations
Outbound Messaging
Data Loading and Integration
Data Replication
Feature-Specific Considerations
Archived Activities
Person Account Record Types
Opportunity Forecast Override Business Rules
External Objects
Call Centers and the API
Implementing Salesforce Integrations on Lightning Platform
Articles
Data Categories
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Implementing Salesforce Integrations on Lightning Platform

You can implement your Salesforce integrations or other client applications, on the Lightning platform by creating a Salesforce AppExchange app.

  1. Create a WebLink that passes the user session ID and the API server URL to an external site:
    1https://www.your_tool.com/test.jsp?sessionid={!API_Session_ID}&url={!API_Partner_Server_URL_80}

    Use https to ensure your session ID cannot be detected.

  2. The page pointed to in the step above takes the session ID and uses it to call back to the API. Use getUserInfo() to return the userID associated with the session and related information. If needed, you can also use retrieve on the User object to retrieve any additional information you need about the user.
  3. Maintain a cross-reference between the UserId or username and the corresponding user ID in your system, which you can do using a WebLink that is executed when the user clicks on a tab, or a WebLink on the page layout.
  4. Package and upload this app using the instructions in the Salesforce online help topic “Prepare Your Apps for Distribution.”

Accessing Salesforce Data Using the API and OAuth

Salesforce supports OAuth 1.0A and 2.0 for SOAP API requests.

For OAuth version 1.0.A, after a third-party has successfully negotiated a session with Salesforce (using an already defined connected app and the OAuth protocol) and has a valid AccessToken, a client application can request to access Salesforce data using the API.

The following contains more detailed steps regarding accessing data for developers who are using a connected app to request Salesforce data.
  1. The consumer makes an HTTPS POST request to Salesforce.
    • The URL must have the following format: https://login.salesforce.com/services/OAuth/type/api-version.
      type must have one of the following values.
      • u—Partner WSDL
      • c—Enterprise WSDL

      api-version must be a valid API version.

    • The authorization header must have the following parameters.
      • oauth_consumer_key
      • oauth_token
      • oauth_signature_method
      • oauth_signature
      • oauth_timestamp
      • oauth_nonce
      • oauth_version (optional, must be “1.0” if included)
  2. Salesforce validates the request and sends a valid session ID to the consumer. The response header includes the following.
    1<response>
2    <metadataServerUrl>https://yourInstance.salesforce.com/services/Soap/m/17.0/00D300000006qjK
3    </metadataServerUrl>
4    <sandbox>false</sandbox>
5    <serverUrl>https://yourInstance.salesforce.com/services/Soap/u/17.0/00D300000006qjK
6    </serverUrl>
7    <sessionId>00D300000006qrN!AQoAQJTMzwTa67tGgQck1ng_xgMSuWVBpFwZ1xUq2kLjMYg6Zq
8       GTS8Ezu_C3w0pdT1DMyHiJgB6fbhhEPxKjGqlYnlROIUs1</sessionId>
9</response>
After an OAuth version 2.0 consumer has an access token, the method of using the token depends on the API in use.
  • For the REST API, use an HTTP authorization header with the following format: Authorization: Bearer Access_Token.
  • For the SOAP API, the access token is placed in the SessionHeader SOAP authentication header.
  • For the identity URL, use either an HTTP authorization header (as with the REST API) or an HTTP parameter oauth_token.

For more information, see Authenticating Apps with OAuth in the Salesforce online help.

Partners, who wish to get an OAuth consumer Id for authentication, can contact Salesforce