Call APIs from Apex
To call an API from Apex, use a named credential, which specifies the URL of a callout endpoint and its required authentication parameters.
By security policy, sessions created by Lightning components aren’t enabled for API access. This restriction prevents even your Apex code from making API calls to Salesforce. Using a named credential for specific API calls allows you to carefully and selectively bypass this security restriction.
The restrictions on API-enabled sessions aren’t accidental. Carefully review any code that uses a named credential to ensure you’re not creating a vulnerability.
If Lightning Data Service doesn’t support the entity you are looking to use, or if you want to use another Salesforce API, call the API from an Apex class.
- Apex Developer Guide: Named Credentials as Callout Endpoints
- Apex Developer Guide: Invoking Callouts Using Apex