Salesforce generates a standard authorization header for each callout to a
named-credential-defined endpoint, but you can disable this option. Your Apex code can also use
merge fields to construct each callout’s HTTP header and body.
This flexibility enables you to use named credentials in special situations. For example, some
remote endpoints require security tokens or encrypted credentials in request headers. Some remote
endpoints expect usernames and passwords in XML or JSON message bodies. Customize the callout
headers and bodies as needed.
The Salesforce admin must set up the named credential to allow Apex code to construct headers
or use merge fields in HTTP headers or bodies. The following table describes these callout
options for the named credential.
|
By default, Salesforce generates an authorization header and applies it to each callout
that references the named credential.Deselect this option only if one of the following
statements applies.
- The remote endpoint doesn’t support authorization headers.
- The authorization headers are provided by other means. For example, in Apex callouts,
the developer can have the code construct a custom authorization header for each
callout.
This option is required if you reference the named credential from an external
data source.
|
|
Allow Merge
Fields in HTTP Body
|
In each Apex callout, the code specifies how the HTTP header and request body are
constructed. For example, the Apex code can set the value of a cookie in an authorization
header. These options enable the Apex code to use merge fields to populate the HTTP header
and request body with org data when the callout is made.
These options aren’t
available if you reference the named credential from an external data source.
|