+ Start a Discussion
Anthony RoblesAnthony Robles 

Connect App vs. Integration User


There is no clear and simple explanation of what a connected app can be used for - if I want to query Salesforce through the REST API (for any reasons, from any external point), why would I need a "Connected App"? What's the difference with creating a Salesforce "Integration" User with an "Integration" Profile that restricts exactly what you want/need for that specific integration?

Thanks for anyone's help.

Darley Stephen PMDarley Stephen PM
Connected App is a way for salesforce to authenticate and authorize the - External App to User relationship, In this case the code that consumes salesforce is an external App and obviously, you need to inform salesforce about the attributes of this App via the connected App configuration. Salesforce uses OAuth to deal with this and pretty much you have develop your api (external app) to first authenticate and retrieve an Access Token in order for it to access Salesforce objects and data. The external app also should be able to do a Retoken (remember to add "Preform requests on your behalf at any time" in the OAuth scope to allow retoken to happen) to always maintain session with Salesforce. Since there is no way for Salesforce to identify your external point it does that via connected app. 

User with an Integration Profile is just another user who is meant to do only api integration support within your organization. Connected App can be authenticated and authorized for any users even for Admins but its good practice to Authenticate and Authorize your connected app (external app) for this Integration User to be at the safer side. 
Anthony RoblesAnthony Robles
Thanks Darley.

So in that case, is it correct to say that a Connected App does not need to use any Salesforce User to perform actions within the Salesforce Database?

And in that case, let's say that my Connected App edits a record - what would be displayed in the "Last Modified By" in that case?
Darley Stephen PMDarley Stephen PM
Connected App is a way for salesforce to authenticate and authorize the - External App to User relationship,
Which implies that the connected app is basically authenticated to an user within your organization. Once authenticated and authorized using OAuth the connected app receives an Access token which it uses to read / upsert data inside salesforce which again implies that each Access Token given to you by Salesforce for that connected app is an encrypted session that refers to the actual user who originally authenticated / authorized that connected app. 

So In that case, Tthe LastModifiedBy will show that name of the user which is used by the connected app to gain access into salesforce. 
Darley Stephen PMDarley Stephen PM
Please refer to https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com and my suggestion is to use Web Server Flow for the OAuth session if you have any dramas I can upload the sample code which you can use to test em!
S i dS i d
@Darley Stephen - Thanks ! So creating a valid Integration user is a combination of :
  1. Creating a Salesforce API only profile, and then creating an Integration user with this profile who is an API only user.
  2. Creating a connected app, with Oauth 2.0 and necessary parameters for web server flow. (Client ID and client secret)
How does the Integration user get connected/related to the connected App ?