How to expose REST API to external users — how do they authenticate and authorize to create lead in...
Why do the lights go out when someone enters the dining room on this ship?
How might a landlocked lake become a complete ecosystem?
Polynomial division: Is this trick obvious?
Can I say: "When was your train leaving?" if the train leaves in the future?
Would life always name the light from their sun "white"
Filter a data-frame and add a new column according to the given condition
Did galley captains put corks in the mouths of slave rowers to keep them quiet?
How does this Martian habitat 3D printer built for NASA work?
Why weren't the bells paid heed to in S8E5?
Holding rent money for my friend which amounts to over $10k?
Why did the metro bus stop at each railway crossing, despite no warning indicating a train was coming?
Chinese words with non-Chinese letters / characters?
Generate ladder of integers using the least number of unique characters (in C++)
Problem in downloading videos using youtube-dl from unsupported sites
"The van's really booking"
Why can't I share a one use code with anyone else?
Mark command as obsolete
The meaning of the Middle English word “king”
Show solution to recurrence is never a square
Why are solar panels kept tilted?
How to continually let my readers know what time it is in my story, in an organic way?
Are there any sonatas with only two sections?
How to describe a building set which is like LEGO without using the "LEGO" word?
What information exactly does an instruction cache store?
How to expose REST API to external users — how do they authenticate and authorize to create lead in Salesforce
Salesforce Lead not created and Lead Id not returned when using Rest API?unsupported grant_type?salesforce integration with java using REST APIStatic authorization token for REST API from external systemGet Instance Url with valid OAuth Access TokenPossible Username-Password OAuth Authentication Flow security issues?Implementing Web Server OAuth Authentication FlowRest API Login - Customer Portal UserREST API and Manage Packagefacing error as “This session is not valid for use with the REST API” while integration with PHP platform
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
rest-api httppost
add a comment |
I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
rest-api httppost
add a comment |
I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
rest-api httppost
I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
rest-api httppost
rest-api httppost
edited 5 hours ago
Student
asked 6 hours ago
StudentStudent
1348
1348
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
I think terminology is missing here, creating a barrier to moving forward.
Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.
Any other API client must do structurally the same thing, although they may implement a different OAuth flow.
I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.
Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
add a comment |
Good question
Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0
Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:
Authorization:Bearer PUT YOUR TOKEN HERE
Content-Type:application/json
More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:
var nforce = require('nforce');
// create the connection with the Salesforce connected app
var org = nforce.createConnection({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
redirectUri: process.env.CALLBACK_URL,
mode: 'single'
});
// authenticate and return OAuth token
org.authenticate({
username: process.env.USERNAME,
password: process.env.PASSWORD+process.env.SECURITY_TOKEN
}, function(err, resp){
if (!err) {
console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
// execute the query
org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
if(!err && resp.records) {
// output the account names
for (i=0; i<resp.records.length;i++) {
console.log(resp.records[i].get('name'));
}
}
});
}
if (err) console.log(err);
});
You would build your request body as you need it.
Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "459"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f262238%2fhow-to-expose-rest-api-to-external-users-how-do-they-authenticate-and-authori%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think terminology is missing here, creating a barrier to moving forward.
Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.
Any other API client must do structurally the same thing, although they may implement a different OAuth flow.
I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.
Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
add a comment |
I think terminology is missing here, creating a barrier to moving forward.
Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.
Any other API client must do structurally the same thing, although they may implement a different OAuth flow.
I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.
Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
add a comment |
I think terminology is missing here, creating a barrier to moving forward.
Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.
Any other API client must do structurally the same thing, although they may implement a different OAuth flow.
I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.
Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.
I think terminology is missing here, creating a barrier to moving forward.
Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.
Any other API client must do structurally the same thing, although they may implement a different OAuth flow.
I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.
Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.
answered 5 hours ago
David Reed♦David Reed
42k82463
42k82463
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
add a comment |
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
Comments are not for extended discussion; this conversation has been moved to chat.
– David Reed♦
4 hours ago
add a comment |
Good question
Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0
Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:
Authorization:Bearer PUT YOUR TOKEN HERE
Content-Type:application/json
More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:
var nforce = require('nforce');
// create the connection with the Salesforce connected app
var org = nforce.createConnection({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
redirectUri: process.env.CALLBACK_URL,
mode: 'single'
});
// authenticate and return OAuth token
org.authenticate({
username: process.env.USERNAME,
password: process.env.PASSWORD+process.env.SECURITY_TOKEN
}, function(err, resp){
if (!err) {
console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
// execute the query
org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
if(!err && resp.records) {
// output the account names
for (i=0; i<resp.records.length;i++) {
console.log(resp.records[i].get('name'));
}
}
});
}
if (err) console.log(err);
});
You would build your request body as you need it.
Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest
add a comment |
Good question
Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0
Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:
Authorization:Bearer PUT YOUR TOKEN HERE
Content-Type:application/json
More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:
var nforce = require('nforce');
// create the connection with the Salesforce connected app
var org = nforce.createConnection({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
redirectUri: process.env.CALLBACK_URL,
mode: 'single'
});
// authenticate and return OAuth token
org.authenticate({
username: process.env.USERNAME,
password: process.env.PASSWORD+process.env.SECURITY_TOKEN
}, function(err, resp){
if (!err) {
console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
// execute the query
org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
if(!err && resp.records) {
// output the account names
for (i=0; i<resp.records.length;i++) {
console.log(resp.records[i].get('name'));
}
}
});
}
if (err) console.log(err);
});
You would build your request body as you need it.
Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest
add a comment |
Good question
Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0
Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:
Authorization:Bearer PUT YOUR TOKEN HERE
Content-Type:application/json
More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:
var nforce = require('nforce');
// create the connection with the Salesforce connected app
var org = nforce.createConnection({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
redirectUri: process.env.CALLBACK_URL,
mode: 'single'
});
// authenticate and return OAuth token
org.authenticate({
username: process.env.USERNAME,
password: process.env.PASSWORD+process.env.SECURITY_TOKEN
}, function(err, resp){
if (!err) {
console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
// execute the query
org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
if(!err && resp.records) {
// output the account names
for (i=0; i<resp.records.length;i++) {
console.log(resp.records[i].get('name'));
}
}
});
}
if (err) console.log(err);
});
You would build your request body as you need it.
Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest
Good question
Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0
Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:
Authorization:Bearer PUT YOUR TOKEN HERE
Content-Type:application/json
More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:
var nforce = require('nforce');
// create the connection with the Salesforce connected app
var org = nforce.createConnection({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
redirectUri: process.env.CALLBACK_URL,
mode: 'single'
});
// authenticate and return OAuth token
org.authenticate({
username: process.env.USERNAME,
password: process.env.PASSWORD+process.env.SECURITY_TOKEN
}, function(err, resp){
if (!err) {
console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);
// execute the query
org.query({ query: 'select id, name from account limit 5' }, function(err, resp){
if(!err && resp.records) {
// output the account names
for (i=0; i<resp.records.length;i++) {
console.log(resp.records[i].get('name'));
}
}
});
}
if (err) console.log(err);
});
You would build your request body as you need it.
Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest
edited 5 hours ago
answered 5 hours ago
OhanaOhana
4,605752132
4,605752132
add a comment |
add a comment |
Thanks for contributing an answer to Salesforce Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f262238%2fhow-to-expose-rest-api-to-external-users-how-do-they-authenticate-and-authori%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown