+ Start a Discussion
bdardinbdardin 

Receiving XML data from webservice without logging in?

I'm very new to working with webservices in Salesforce, though I'm experienced with using Apex for triggers and Visualforce. We are trying to create a webservice that receives XML data as a string from an external application - and that's all it does. I keep trying to research how to set this up, but all the documentation I've found seems to be based on a user actually logging into an external application with OAuth. No users are going to be logging into an external application, and we really don't want to give the external application a username and password to use. What other options can be used to authenticate?

We will be using the REST API. This is the webservice class that I wrote:

@RestResource(urlMapping='/servicechannel/*')
global class ServiceChannelWS {
    @HttpPost
    global static void doPost(String xml) {
        //insert logic to parse the XML and do things with it
    }
}

If anyone could please just point me in the right direction, I would greatly appreciate it!
Best Answer chosen by bdardin
pbattissonpbattisson
You are 90% of the way there. What you need to do is create a Force.com public site that exposes the API to enable it to be hit without authentication. Pat's post here (https://developer.salesforce.com/blogs/developer-relations/2012/02/quick-tip-public-restful-web-services-on-force-com-sites.html) goes through in more detail but essentially you just create a Force.com site and assign this class as accessible to the public profile. 

All Answers

pbattissonpbattisson
You are 90% of the way there. What you need to do is create a Force.com public site that exposes the API to enable it to be hit without authentication. Pat's post here (https://developer.salesforce.com/blogs/developer-relations/2012/02/quick-tip-public-restful-web-services-on-force-com-sites.html) goes through in more detail but essentially you just create a Force.com site and assign this class as accessible to the public profile. 
This was selected as the best answer
bdardinbdardin
Thank you so much! This was incredibly helpful!

Now I have another question to ask - we also want to restrict the IP ranges that have access to this service (because otherwise anyone in the world could send us data through it). When I try to set an IP range in the Public Access Settings and then try the webservice however, it comes back with an error requiring a session ID. With this method, is there anyway we can bypass login authentication but still restrict access by IP address?