+ Start a Discussion
VintaraVintara 

SOAP request to APEX webservice without requiring authentication?

Is there a way to setup an APEX class that can be called from a webservice without authentication? Specifically trying to setup a SOAP to Lead processing system. But from what I'm seeing, the session ID is a required parameter in the SOAP request.

Best Answer chosen by Admin (Salesforce Developers) 
paul-lmipaul-lmi

 

go into the site detail page in setup, click Public Access Settings, and then add the Apex Class there.  This is effectively granting your anonymous running user account (guest license) the ability to directly access this class.

 

Provided this user profile also has the ability to edit/create records  on the object you want (lead), and read access to any related records it needs to link to (contact, I think), you shouldn't need to pass the auth bits at all.

 

once you've added the class to the site, grab the wsdl for it.

 

at the very bottom, change the address location from https://<instance>.salesforce.com/services/Soap/class/<classname>

 

to https://<sitenamespace>.secure.force.com/services/Soap/class/<classname>

 

You will then be able to submit your webservice calls to this endpoint.  I'm not 100% sure of the auth piece, but this is definitely how you expose a class via sites.

 

As far as the auth, Bulent said in the other thread that it was possible to expose anonymous webservices, and it's definitely possible, somehow.  I'm wondering if that AppExchange package they linked to is an unmanaged one, so you could see the setup.

 

 

All Answers

paul-lmipaul-lmi

you can do it with a Force.com Site.

 

You add your Apex Class to the site, and set the appropriate security on it.  Note, Salesforce does not recommend this, as it's obviously less security than something behind auth, but in this case, it'd be safe.

VintaraVintara

How is the WSDL export changed by adding the class to the site? Will exporting it after its been added result in a different WSDL format? Currently, the sessionID and client properties are inherent in the WSDL generated by the class.

paul-lmipaul-lmi

nothing major.  you just need to modify the WSDL XML to point to the Force.com Site URL instead of the authed instance URL.

 

I believe that auth support would still be there as well, but with Sites, you'd be able to skip it as long as the user you're running the Force.com Site as has permission to do whatever DML operations your code is doing.

VintaraVintara

Currently, I am unable to process the WSDL without providing a value for the sessionId element. Even before I try to open the session the WSDL invalidates my SOAP request. Can I simply trim that element out of the XML, or will re-exporting it once the class is in the site remove the requirement?

paul-lmipaul-lmi

I knew this was familiar.  I apparently already discussed it with SF and another dev.

 

http://community.salesforce.com/t5/Force-com-Sites/Authenticating-WebService-Methods/m-p/173107#M2488

VintaraVintara

That thread seems to say that I need to use the Force.com API, which would kind of defeat the idea of using a SOAP responder. Once I've logged in with the API I may as well just create the records etc there rather then use SOAP.

paul-lmipaul-lmi

I'm confused here.  When I export a WSDL for an Apex class in my org, it's just the class, not anything to do with auth.  Are you exporting the WSDL for the class itself, or the enterprise/partner WSDL?

VintaraVintara

I'm exporting from the class (Setup | App Setup | Develop | Apex Classes | Export WSDL for the selected class). In the exported WSDL there is an xsd:element called SessionHeader. Within the SessionHeader element is a sub element called sessionId of type xsd:string. This element, along with the CallOptions, AllowFieldTrunactionHeader, DebuggingHeader, and DebuggingInfo element are packed up into the message header. They would seem to all be required. I can not use a non-null value and any non-valid session id results in an error being returned from the server.

VintaraVintara

Lets try approaching this from another angle. How do I add a webservice class to a site? Only option I see is to add pages.

paul-lmipaul-lmi

 

go into the site detail page in setup, click Public Access Settings, and then add the Apex Class there.  This is effectively granting your anonymous running user account (guest license) the ability to directly access this class.

 

Provided this user profile also has the ability to edit/create records  on the object you want (lead), and read access to any related records it needs to link to (contact, I think), you shouldn't need to pass the auth bits at all.

 

once you've added the class to the site, grab the wsdl for it.

 

at the very bottom, change the address location from https://<instance>.salesforce.com/services/Soap/class/<classname>

 

to https://<sitenamespace>.secure.force.com/services/Soap/class/<classname>

 

You will then be able to submit your webservice calls to this endpoint.  I'm not 100% sure of the auth piece, but this is definitely how you expose a class via sites.

 

As far as the auth, Bulent said in the other thread that it was possible to expose anonymous webservices, and it's definitely possible, somehow.  I'm wondering if that AppExchange package they linked to is an unmanaged one, so you could see the setup.

 

 

This was selected as the best answer
VintaraVintara

Having a hard time constructing the SOAP service URL. This is currently in a sandbox enviornment, using the URL http://[site prefix].dev1.cs2.force.com/services/Soap/class/ClassName returns <faultstring>UNKNOWN_EXCEPTION: Site under construction</faultstring>, any attempt at using a HTTS address results in a SSL certificate error.

paul-lmipaul-lmi

sandbox doesn't support valid SSL (lame, I know, been there, done that).

 

For the other part, I think you're just missing some part of the Force.com Sites config.  We've been in Prod on Sites for so long, I don't think I could help with that part.  It's not the greatest or easiest thing to get going (properly and securely anyways).

 

Wish I could be more helpful...

VintaraVintara

Well, main problem was I forgot to activate the site. So lets see how that changes things.

VintaraVintara

Yay, seems to be working. So at least I have a place to move forward from.

paul-lmipaul-lmi

excellent!  if this works out, just mark one of the replies on this thread as the solution so other people can find it easier.

 

cheers,

/p

michaelforcemichaelforce

I just got this to work as well, but the endpoint was a little different than what was stated above... perhaps because I am working in a dev org right now?

 

https://<sitedomain including server>.force.com/services/Soap/class/<classname>