Call APIs from Apex
To call an API from Apex, use a named credential, which specifies the URL of a callout endpoint and its required authentication parameters.
By security policy, sessions created by Lightning components aren’t enabled for API access. This restriction prevents even your Apex code from making API calls to Salesforce. Using a named credential for specific API calls allows you to carefully and selectively bypass this security restriction.
The restrictions on API-enabled sessions aren’t accidental. Carefully review any code that uses a named credential to ensure you’re not creating a vulnerability.
Before using Apex to make an API call, see if you can make the API call from JavaScript. You can use Lightning Data Service (LDS) in JavaScript to work with data and metadata for Salesforce records. Lightning Data Service is built on top of the public User Interface API, but it only supports a subset of the API. That subset covers many of the typical use cases for working with data. You can’t make calls to Salesforce APIs other than LDS from JavaScript code.
If Lightning Data Service doesn’t support the entity you are looking to use, or if you want to use another Salesforce API, call the API from an Apex class.
See Also
- Call APIs from JavaScript
- Apex Developer Guide: Named Credentials as Callout Endpoints
- Apex Developer Guide: Invoking Callouts Using Apex