Apex Developer Guide

Apex Developer Guide
Release Notes
Getting Started with Apex
Writing Apex
Running Apex
Invoking Apex
Apex Transactions and Governor Limits
Using Salesforce Features with Apex
Integration and Apex Utilities
Invoking Callouts Using Apex
Adding Remote Site Settings
Named Credentials as Callout Endpoints
Custom Headers and Bodies of Apex Callouts That Use Named Credentials
Merge Fields for Apex Callouts That Use Named Credentials
SOAP Services: Defining a Class from a WSDL Document
Invoking HTTP Callouts
Using Certificates
Callout Limits and Limitations
Make Long-Running Callouts with Continuations
JSON Support
XML Support
ZIP Support
Securing Your Data
Encoding Your Data
Using Patterns and Matchers
Debugging, Testing, and Deploying Apex
Apex Reference
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Custom Headers and Bodies of Apex Callouts That Use Named Credentials

Salesforce generates a standard authorization header for each callout to a named-credential-defined endpoint, but you can disable this option. Your Apex code can also use merge fields to construct each callout’s HTTP header and body.

This flexibility enables you to use named credentials in special situations. For example, some remote endpoints require security tokens or encrypted credentials in request headers. Some remote endpoints expect usernames and passwords in XML or JSON message bodies. Customize the callout headers and bodies as needed.

The Salesforce admin must set up the named credential to allow Apex code to construct headers or use merge fields in HTTP headers or bodies. The following table describes these callout options for the named credential.

Field Description
Generate Authorization Header By default, Salesforce generates an authorization header and applies it to each callout that references the named credential.
Deselect this option only if one of the following statements applies.
  • The remote endpoint doesn’t support authorization headers.
  • The authorization headers are provided by other means. For example, in Apex callouts, the developer can have the code construct a custom authorization header for each callout.

This option is required if you reference the named credential from an external data source.
Allow Merge Fields in HTTP Header

Allow Merge Fields in HTTP Body

 In each Apex callout, the code specifies how the HTTP header and request body are constructed. For example, the Apex code can set the value of a cookie in an authorization header.

These options enable the Apex code to use merge fields to populate the HTTP header and request body with org data when the callout is made.

These options aren’t available if you reference the named credential from an external data source.