Mdthbs

I am a bit confused. The requirement is that we need to create a REST API in Salesforce that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:

1. Making a POST request first with username, password, client_id, client_secret, grant_type to receive access token.




2. Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.

However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API and submit lead request.

I am wondering how would that happen since we can't use POSTMAN for that.

Thanks

I think terminology is missing here, creating a barrier to moving forward.

Postman is just a tool that sends API requests. The first API request you are sending is authenticating via OAuth to obtain an access token. The second uses that access token to reach the Apex REST service.

Any other API client must do structurally the same thing, although they may implement a different OAuth flow.

I would recommend reading through some of the documentation on Authenticating Apps with OAuth. It is dense and sometimes challenging; as a first pointer, you are likely going to want to implement the Web Server (probably) or JWT OAuth Flow for doing a backend, server-to-server integration like this.

Your web form's server will do an initial authentication call into Salesforce to get a refresh token, which it will then be able to use to obtain valid access tokens indefinitely. It can use those access tokens to make actual API calls.

Good question

Salesforce has a native web to lead form This allows you to create leads and feed data into salesforce. it's easy to setup and doesn't require any authentication or javascript. If you have any logic that you want to apply to the lead, you'd do it in the before insert trigger... Here's some info for you. https://help.salesforce.com/articleView?id=setting_up_web-to-lead.htm&type=0

Alternatively, lets say you want to apply some logic to the user input before it hits salesforce, then you can oauth. Suppose your web application backend is in node. You would oAuth into Salesforce to get your token. Then make a http request setting your headers like this:

Authorization:Bearer PUT YOUR TOKEN HERE

Content-Type:application/json

More explicitly, here's how you do it in node. But wait, where are the headers? A wrapper exists in node ruby, and other languages to make life better:

var nforce = require('nforce');

// create the connection with the Salesforce connected app

var org = nforce.createConnection({

  clientId: process.env.CLIENT_ID,

  clientSecret: process.env.CLIENT_SECRET,

  redirectUri: process.env.CALLBACK_URL,

  mode: 'single'

});

// authenticate and return OAuth token

org.authenticate({

  username: process.env.USERNAME,

  password: process.env.PASSWORD+process.env.SECURITY_TOKEN

}, function(err, resp){

  if (!err) {

    console.log('Successfully logged in! Cached Token: ' + org.oauth.access_token);

    // execute the query

    org.query({ query: 'select id, name from account limit 5' }, function(err, resp){

      if(!err && resp.records) {

        // output the account names

        for (i=0; i<resp.records.length;i++) {

          console.log(resp.records[i].get('name'));

        }

      }

    });

  }

  if (err) console.log(err);

});

You would build your request body as you need it.

Here is some great documentation from Salesforce: https://trailhead.salesforce.com/en/content/learn/modules/api_basics/api_basics_rest