How to expose REST API to external users — how do they authenticate and authorize to create lead in...

Why do the lights go out when someone enters the dining room on this ship?

How might a landlocked lake become a complete ecosystem?

Polynomial division: Is this trick obvious?

Can I say: "When was your train leaving?" if the train leaves in the future?

Would life always name the light from their sun "white"

Filter a data-frame and add a new column according to the given condition

Did galley captains put corks in the mouths of slave rowers to keep them quiet?

How does this Martian habitat 3D printer built for NASA work?

Why weren't the bells paid heed to in S8E5?

Holding rent money for my friend which amounts to over $10k?

Why did the metro bus stop at each railway crossing, despite no warning indicating a train was coming?

Chinese words with non-Chinese letters / characters?

Generate ladder of integers using the least number of unique characters (in C++)

Problem in downloading videos using youtube-dl from unsupported sites

"The van's really booking"

Why can't I share a one use code with anyone else?

Mark command as obsolete

The meaning of the Middle English word “king”

Show solution to recurrence is never a square

Why are solar panels kept tilted?

How to continually let my readers know what time it is in my story, in an organic way?

Are there any sonatas with only two sections?

How to describe a building set which is like LEGO without using the "LEGO" word?

What information exactly does an instruction cache store?



How to expose REST API to external users — how do they authenticate and authorize to create lead in Salesforce


Salesforce Lead not created and Lead Id not returned when using Rest API?unsupported grant_type?salesforce integration with java using REST APIStatic authorization token for REST API from external systemGet Instance Url with valid OAuth Access TokenPossible Username-Password OAuth Authentication Flow security issues?Implementing Web Server OAuth Authentication FlowRest API Login - Customer Portal UserREST API and Manage Packagefacing error as “This session is not valid for use with the REST API” while integration with PHP platform






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:




  1. Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.


  2. Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.



However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.



I am wondering how would that happen since we can't use POSTMAN for that.



Thanks










share|improve this question































    1















    I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:




    1. Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.


    2. Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.



    However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.



    I am wondering how would that happen since we can't use POSTMAN for that.



    Thanks










    share|improve this question



























      1












      1








      1








      I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:




      1. Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.


      2. Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.



      However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.



      I am wondering how would that happen since we can't use POSTMAN for that.



      Thanks










      share|improve this question
















      I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:




      1. Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.


      2. Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.



      However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.



      I am wondering how would that happen since we can't use POSTMAN for that.



      Thanks







      rest-api httppost






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 5 hours ago







      Student

















      asked 6 hours ago









      StudentStudent

      1348




      1348






















          2 Answers
          2






          active

          oldest

          votes


















          1














          I think terminology is missing here, creating a barrier to moving forward.



          Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.



          Any other API client must do structurally the same thing, although they may implement a different OAuth flow.



          I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.



          Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.






          share|improve this answer
























          • Comments are not for extended discussion; this conversation has been moved to chat.

            – David Reed
            4 hours ago



















          1














          Good question



          Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0



          Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:



          Authorization:Bearer PUT YOUR TOKEN HERE



          Content-Type:application/json



          More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:



          var nforce = require('nforce');
          // create the connection with the Salesforce connected app
          var org = nforce.createConnection({
          clientId: process.env.CLIENT_ID,
          clientSecret: process.env.CLIENT_SECRET,
          redirectUri: process.env.CALLBACK_URL,
          mode: 'single'
          });
          // authenticate and return OAuth token
          org.authenticate({
          username: process.env.USERNAME,
          password: process.env.PASSWORD+process.env.SECURITY_TOKEN
          }, function(err, resp){
          if (!err) {
          console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
          // execute the query
          org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
          if(!err && resp.records) {
          // output the account names
          for (i=0; i<resp.records.length;i++) {
          console.log(resp.records[i].get('name'));
          }
          }
          });
          }
          if (err) console.log(err);
          });


          You would build your request body as you need it.



          Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest






          share|improve this answer


























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "459"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f262238%2fhow-to-expose-rest-api-to-external-users-how-do-they-authenticate-and-authori%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            I think terminology is missing here, creating a barrier to moving forward.



            Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.



            Any other API client must do structurally the same thing, although they may implement a different OAuth flow.



            I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.



            Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.






            share|improve this answer
























            • Comments are not for extended discussion; this conversation has been moved to chat.

              – David Reed
              4 hours ago
















            1














            I think terminology is missing here, creating a barrier to moving forward.



            Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.



            Any other API client must do structurally the same thing, although they may implement a different OAuth flow.



            I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.



            Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.






            share|improve this answer
























            • Comments are not for extended discussion; this conversation has been moved to chat.

              – David Reed
              4 hours ago














            1












            1








            1







            I think terminology is missing here, creating a barrier to moving forward.



            Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.



            Any other API client must do structurally the same thing, although they may implement a different OAuth flow.



            I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.



            Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.






            share|improve this answer













            I think terminology is missing here, creating a barrier to moving forward.



            Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.



            Any other API client must do structurally the same thing, although they may implement a different OAuth flow.



            I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.



            Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 5 hours ago









            David ReedDavid Reed

            42k82463




            42k82463













            • Comments are not for extended discussion; this conversation has been moved to chat.

              – David Reed
              4 hours ago



















            • Comments are not for extended discussion; this conversation has been moved to chat.

              – David Reed
              4 hours ago

















            Comments are not for extended discussion; this conversation has been moved to chat.

            – David Reed
            4 hours ago





            Comments are not for extended discussion; this conversation has been moved to chat.

            – David Reed
            4 hours ago













            1














            Good question



            Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0



            Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:



            Authorization:Bearer PUT YOUR TOKEN HERE



            Content-Type:application/json



            More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:



            var nforce = require('nforce');
            // create the connection with the Salesforce connected app
            var org = nforce.createConnection({
            clientId: process.env.CLIENT_ID,
            clientSecret: process.env.CLIENT_SECRET,
            redirectUri: process.env.CALLBACK_URL,
            mode: 'single'
            });
            // authenticate and return OAuth token
            org.authenticate({
            username: process.env.USERNAME,
            password: process.env.PASSWORD+process.env.SECURITY_TOKEN
            }, function(err, resp){
            if (!err) {
            console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
            // execute the query
            org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
            if(!err && resp.records) {
            // output the account names
            for (i=0; i<resp.records.length;i++) {
            console.log(resp.records[i].get('name'));
            }
            }
            });
            }
            if (err) console.log(err);
            });


            You would build your request body as you need it.



            Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest






            share|improve this answer






























              1














              Good question



              Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0



              Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:



              Authorization:Bearer PUT YOUR TOKEN HERE



              Content-Type:application/json



              More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:



              var nforce = require('nforce');
              // create the connection with the Salesforce connected app
              var org = nforce.createConnection({
              clientId: process.env.CLIENT_ID,
              clientSecret: process.env.CLIENT_SECRET,
              redirectUri: process.env.CALLBACK_URL,
              mode: 'single'
              });
              // authenticate and return OAuth token
              org.authenticate({
              username: process.env.USERNAME,
              password: process.env.PASSWORD+process.env.SECURITY_TOKEN
              }, function(err, resp){
              if (!err) {
              console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
              // execute the query
              org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
              if(!err && resp.records) {
              // output the account names
              for (i=0; i<resp.records.length;i++) {
              console.log(resp.records[i].get('name'));
              }
              }
              });
              }
              if (err) console.log(err);
              });


              You would build your request body as you need it.



              Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest






              share|improve this answer




























                1












                1








                1







                Good question



                Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0



                Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:



                Authorization:Bearer PUT YOUR TOKEN HERE



                Content-Type:application/json



                More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:



                var nforce = require('nforce');
                // create the connection with the Salesforce connected app
                var org = nforce.createConnection({
                clientId: process.env.CLIENT_ID,
                clientSecret: process.env.CLIENT_SECRET,
                redirectUri: process.env.CALLBACK_URL,
                mode: 'single'
                });
                // authenticate and return OAuth token
                org.authenticate({
                username: process.env.USERNAME,
                password: process.env.PASSWORD+process.env.SECURITY_TOKEN
                }, function(err, resp){
                if (!err) {
                console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
                // execute the query
                org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
                if(!err && resp.records) {
                // output the account names
                for (i=0; i<resp.records.length;i++) {
                console.log(resp.records[i].get('name'));
                }
                }
                });
                }
                if (err) console.log(err);
                });


                You would build your request body as you need it.



                Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest






                share|improve this answer















                Good question



                Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0



                Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:



                Authorization:Bearer PUT YOUR TOKEN HERE



                Content-Type:application/json



                More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:



                var nforce = require('nforce');
                // create the connection with the Salesforce connected app
                var org = nforce.createConnection({
                clientId: process.env.CLIENT_ID,
                clientSecret: process.env.CLIENT_SECRET,
                redirectUri: process.env.CALLBACK_URL,
                mode: 'single'
                });
                // authenticate and return OAuth token
                org.authenticate({
                username: process.env.USERNAME,
                password: process.env.PASSWORD+process.env.SECURITY_TOKEN
                }, function(err, resp){
                if (!err) {
                console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
                // execute the query
                org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
                if(!err && resp.records) {
                // output the account names
                for (i=0; i<resp.records.length;i++) {
                console.log(resp.records[i].get('name'));
                }
                }
                });
                }
                if (err) console.log(err);
                });


                You would build your request body as you need it.



                Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 5 hours ago

























                answered 5 hours ago









                OhanaOhana

                4,605752132




                4,605752132






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Salesforce Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f262238%2fhow-to-expose-rest-api-to-external-users-how-do-they-authenticate-and-authori%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Taj Mahal Inhaltsverzeichnis Aufbau | Geschichte | 350-Jahr-Feier | Heutige Bedeutung | Siehe auch |...

                    Baia Sprie Cuprins Etimologie | Istorie | Demografie | Politică și administrație | Arii naturale...

                    Nicolae Petrescu-Găină Cuprins Biografie | Opera | In memoriam | Varia | Controverse, incertitudini...