+ Start a Discussion

Possible Security Issue? (keeping SessionId alive)



our company would like to integrate with SFDC. Basically, we want to synchronize Leads/Contacts & Response data (hourly) between SFDC and our System. 

The process involves following steps in Salesforce: 
-) User selects/defines a list of contacts/leads 
-) User clicks "sync" 

-> By clicking on "sync", an asynchronous job (@future (callout=true)) will be created, which receives the User.getSessionId() as parameter 

The job would run like every hour, therefore the sessionid should be kept alive. 
-> Is this a potential security issue, or not best practice? 

Or is there a better solution for this issue? 

We also thought of using a OAuth1.0 workflow, where the user authenticates with Salesforce within our application. But there again, is the issue of keeping the sessionid alive -> we would have to make frequent calls to the SF API in order to keep the sessionid alive. 
-> Please correct me if I am wrong.


Does someone know of a better approach?





Thiis solution may fail at one point of time cause there is a • No more than 10 method calls per Apex invocation Limit.




Salesforce imposes a limit on the number of future method invocations: 200 method calls per full Salesforce user
license, Salesforce Platform user license, or Force.com - One App user license, per 24 hours. This is an organization-wide






thanks for your answer.

We already figured out another way.


- Patrick