OAuth and Connect REST API
Connect REST API uses OAuth to securely identify your application before connecting to Salesforce. To use Connect REST API, create a REST entry point in your org. Salesforce defines this entry point as an external client app. See Step Two: Set Up Authorization to create your external client app.
A user must be authenticated before accessing Salesforce. OAuth has multiple authentication flows. There are several steps in each authentication flow, as dictated by the OAuth standard and the type of application trying to access Salesforce. On successful authorization, the client application receives access and refresh tokens.
For more information about setting up external client app OAuth flows, see Set Up OAuth Flows in Salesforce Help.
- Request Static Assets and Post Forms Directly from HTML
HTML pages that aren’t hosted on Salesforce have had difficulty displaying user and group images and posting file attachments in forms. The reason is that URLs for these assets require authentication, which is provided with a session cookie when pages are hosted on Salesforce. Pages not hosted on Salesforce don’t have access to the session cookie. Also, it isn’t possible to pass an OAuth token from the HTML contexts<img>,<a>, and<form>.