Call APIs from JavaScript
By default, you can’t make WebSocket connections or calls to third-party APIs from JavaScript code. To do so, add a remote site as a CSP Trusted Site.
The Lightning Component framework uses Content Security Policy (CSP), which is a W3C standard, to control the source of content that can be loaded on a page. The default CSP policy doesn’t allow API calls from JavaScript code. You change the policy, and the content of the CSP header, by adding CSP Trusted Sites.
You can’t load JavaScript resources from a third-party site, even a CSP Trusted Site. To use a JavaScript library from a third-party site, add it to a static resource, and then add the static resource to your component. After the library is loaded from the static resource, you can use it as normal.
Use Lightning Data Service (LDS) to work with data and metadata for Salesforce records. Lightning Data Service is built on top of the public User Interface API, but it only supports a subset of the API. That subset covers many of the typical use cases for working with data. You can’t make calls to Salesforce APIs other than LDS from JavaScript code.
If LDS doesn’t support the object you are looking to use, or if you want to use another Salesforce API, write an Apex class.
See Also
- Content Security Policy Overview
- Salesforce Help: Create CSP Trusted Sites to Access Third-Party APIs
- Lightning Data Service
- Call APIs from Apex
- Mozilla Developer Network: The WebSocket API