+ Start a Discussion
Nicolás KacowiczNicolás Kacowicz 

How to have authentication

Hello guys, let's say I have the following code:
global with sharing class MyRestResource {
    global static String doPost(String name,
        String phone, String website) {
        Account account = new Account();
        account.Name = name;
        account.phone = phone;
        account.website = website;
        insert account;
        return account.Id;

I'm testing it through https://www.hurl.it/ and there is an authentication section with username and password. My question is how can I check if it is the right combination?

And what would happen if they send me the information through a webservice that's not like that website but just an endpoint to my website? 
v varaprasadv varaprasad
Hi Nicolas,

Please check once following URL : 


Hope this helps you!

@For Support: varaprasad4sfdc@gmail.com
srlawr uksrlawr uk
To access a Salesforce end point you will have to do an authentication cycle, you can't make unauthorised calls.

The easiest way to test Rest end points is with 


IF you want to use hurl.it - you will have to learn to aquire a session token using your username/password/security token, and then include the bearer token in your call to /Account/*

This is the same for any other website that wants to access that end point, they will have to have a set of user credentials and make an authorisation exchange first.
Amit Chaudhary 8Amit Chaudhary 8
You can test same API buy below two way
1) Workbench http://amitsalesforce.blogspot.com/2016/04/rest-api-in-salesforce-execute-rest-api.html
2) PostMan http://amitsalesforce.blogspot.com/2017/06/test-salesforce-api-by-postman-rest.html
Please check above post with step by step process and screen shot.

Execute your Apex REST class in workbench
Step 1:- Open https://workbench.developerforce.com/
Step 2:- Select Environment as Production and select the checkbox to agree the terms and condition then select Login with Salesforce.
NOTE:- If you are already login then only above step will work other wise you need to enter user name and password.
Step 3:- In the Workbench tool select Utilities > REST Explorer
Step 4:- In the REST Explorer window paste your URL and body in the box

Nicolás KacowiczNicolás Kacowicz
Guys, I have a public site so everyone can insert data if they know my URL. What I need is to only be able to insert data if they have a combination of username and password. For example the user created automatically is called Guest Test User and doesn't need a password.

Right now we are testing the class through https://www.hurl.it/ but in the future the data will be inserted from another app so they'll need as the endpoint the URL I'm putting on the hurl web, set the content type.

My question would be how do they send their password?
First I need it to test it on hurl.it and then on the other app that will insert data into salesforce (this app is not salesforce)
srlawr uksrlawr uk
From your website you are going to have to make an OAuth login to Salesforce, and then send that access token with your request to your webservice. You can't make calls into Salesforce from anywhere without authorisation, there is no such thing as a "public endpoint" like you might be able to make on a general webserver. A password is going to be required!

If you make a Guest user (though I'd call the user "API User" rather than "Guest User" .. its a little more precise and clearer) on Salesforce (thus setting it's password, and paying for a licence) with the "Use API" permission (And a handful of others) you then need to follow an OAuth flow (documented all over the web... https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_authentication.htm

Even on hurl.it you will need to first make a request to login.salesforce.com with the right headers, which will get you an access token. Copy that to your clipboard, and then you can make your 

request and you add a header for the bearer token and put the clipboard value into there.

Have you considered using Web-To-Lead? This lets you create public forms that will pump name/phone/website etc. into the lead object without having to authenticate - as it's a special function provided by Salesforce (there is no way to do this to Accounts via the API)
Nicolás KacowiczNicolás Kacowicz
So I was able to do what I wanted.

I created a Connected app, put https://test.salesforce.com/services/oauth2/token as the Callback URL.
Then I went to hurl.it and put that URL, POST as the Method, on the Header name: Content-Type and value: application/x-www-form-urlencoded 
For the body I put:

I got it from http://salesforceprasad.blogspot.com.br/2017/04/how-to-test-salesforce-rest-api.html

@srlawr uk: It is possible to insert data into salesforce without requiring any credentials. I created a Site, I've given permission to create a custom object and its fields and I'm able to do it. In the Site created, you go to Public Access Settings and give permission to the Apex Class and Visualforce page plus the Objects and fields you are going to insert data.