Bulk API Developer Guide

Introduction to Bulk API
Use CORS to Access Salesforce Resources from Web Browsers
Quick Start
Plan Bulk Data Loads
Prepare Data Files
Load Binary Attachments
Request Basics
Work with Jobs
Work with Batches
Bulk Query
Reference
Sample Client Application Using Java
Map Data Fields
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Use CORS to Access Salesforce Resources from Web Browsers

Cross-Origin Resource Sharing (CORS) enables web browsers to request resources from origins other than their own (cross-origin). For example, using CORS, JavaScript code at https://www.example.com could request a resource from https://www.salesforce.com. To access supported Salesforce APIs, Apex REST resources, and Lightning Out from JavaScript code in a web browser, add the origin serving the code to a Salesforce CORS whitelist.
Available in: Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Developer, Enterprise, Performance, and Unlimited

User Permissions Needed
To create, read, update, and delete: Modify All Data
These Salesforce technologies support CORS.
  • Analytics REST API
  • Bulk API
  • Chatter REST API
  • Salesforce IoT REST API
  • Lightning Out
  • REST API
  • User Interface API
  • Apex REST

In Salesforce, add the origin serving the code to a CORS whitelist. If a browser that supports CORS makes a request to an origin in the whitelist, Salesforce returns the origin in the Access-Control-Allow-Origin HTTP header, along with any additional CORS HTTP headers. If the origin is not included in the whitelist, Salesforce returns HTTP status code 403.

  1. From Setup, enter CORS in the Quick Find box, then select CORS.
  2. Select New.
  3. Enter an origin URL pattern.
    The origin URL pattern must include the HTTPS protocol (unless you’re using your localhost) and a domain name and can include a port. The wildcard character (*) is supported and must be in front of a second-level domain name. For example, https://*.example.com adds all subdomains of example.com to the whitelist.
    The origin URL pattern can be an IP address. However, an IP address and a domain that resolve to the same address are not the same origin, and you must add them to the CORS whitelist as separate entries.
    The origin URL pattern might not match the URL that appears in the address bar in your browser. Make sure that you’re whitelisting the origin in the request header.

CORS does not support requests for unauthenticated resources, including OAuth endpoints. The one exception is the OpenID Connect discovery endpoint. You can access the OpenID Connect discovery endpoint when CORS is enabled. For all other OAuth endpoints, you must pass an OAuth token with requests that require it.

Important