Apex Developer Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Apex Developer Guide
Release Notes
Getting Started with Apex
Writing Apex
Running Apex
Invoking Apex
Anonymous Blocks
Triggers
Asynchronous Apex
Exposing Apex Methods as SOAP Web Services
Webservice Methods
Exposing Data with Webservice Methods
Considerations for Using the webservice Keyword
Overloading Web Service Methods
Exposing Apex Classes as REST Web Services
Apex Email Service
Using the InboundEmail Object
Visualforce Classes
JavaScript Remoting
Apex in AJAX
Apex Transactions and Governor Limits
Using Salesforce Features with Apex
Integration and Apex Utilities
Debugging, Testing, and Deploying Apex
Apex Reference
Appendices
PDF

Exposing Data with Webservice Methods

Invoking a custom webservice method always uses system context. Consequently, the current user's credentials are not used, and any user who has access to these methods can use their full power, regardless of permissions, field-level security, or sharing rules. Developers who expose methods with the webservice keyword should therefore take care that they are not inadvertently exposing any sensitive data.

Apex class methods that are exposed through the API with the webservice keyword don't enforce object permissions and field-level security by default. We recommend that you make use of the appropriate object or field describe result methods to check the current user’s access level on the objects and fields that the webservice method is accessing. See DescribeSObjectResult Class and DescribeFieldResult Class.

Also, sharing rules (record-level access) are enforced only when declaring a class with the with sharing keyword. This requirement applies to all Apex classes, including to classes that contain webservice methods. To enforce sharing rules for webservice methods, declare the class that contains these methods with the with sharing keyword. See Use the with sharing, without sharing, and inherited sharing Keywords.

Warning