Authentication

Getting Access

Accessing endpoints on the Salesforce Optimization API requires a valid API key associated with your account, and all clients must obtain authentication credentials before having access to Salesforce API's. Your API key is provided via the request header using the x-api-key parameter. Throughout the documentation, we assume this header is provided. Below is an example of a typical header JSON object:

API keys are used to track requests associated with an account for quota, billing, and analytics purposes. Please review the Terms of Service agreed to during sign-up, or contact support, if you have additional questions.

Using Access

Code snippets like those below are provided for all endpoints and methods. If you find any are missing, not working, or incomplete, please submit a support request, and we'll update the docs immediately.

To provide context, consider the below examples where you would need to replace REPLACE_KEY_VALUE with your actual API key. A simple request in a shell might look something like this:

Alternatively, if you're more comfortable reading JavaScript:

Here is a final example in Python:

Securing Access

When you receive credentials, please take steps to secure them properly. Exposing credentials can result in unauthorized access, which can lead to billable events. To help keep your credentials secure, follow these best practices:

  • Do not embed credentials in code
  • Store credentials separately from the code base, for example using Docker Secrets or git-crypt
  • Set up account restrictions
  • Delete unused credentials
  • Regenerate credentials periodically
  • Automate detection of exposed keys using native functionality in platforms like GitHub or Gitlab, or add the functionality with tools like git-secret or git-secrets

Cross-Origin Resource Sharing

The API features Cross-Origin Resource Sharing (CORS) implemented in compliance with W3C spec that allows cross-domain communication from the browser. All responses have a wildcard same-origin which makes them wholly public and accessible to everyone, including any code on any site.