+ Start a Discussion
Jim GerrardJim Gerrard 

API key - SOAP whitelisting inconsistency

Hi everyone and thanks in advance for reading.

We provide a managed package that needs access to the SOAP API from our server to perform CRUD operations on objects. We use the Salesforce user's session ID to authenticate, and our package is whitelisted through an API key so that everything works automatically in Group- and Professional-Edition orgs.

Our problem is that this approach doesn't work in other org types: a user lacking the explicit "API Enabled" setting cannot use our product in spite of the same API key that works just fine in Group/Professional.

This is a potential problem in a couple of our customers' community implementations, because our current best option (asking the customer to set "API Enabled" for the users concerned) would be bad practice. Can anyone advise on alternative approaches to support these users?

regards,
Jim
Forix ForenForix Foren
Consuming SOAP Web Services .... HTML Injection Warning · Incompatible Consumer Warning · Inconsistent Dependency Warning ... You can whitelist the domains that your mobile app can access to improve your mobile app's security. ... This will effectively block connections to all unknown (non-whitelisted) domains when ...
visit: reviews & ratings of mowers (https://wowconsumers.com/best-riding-lawn-mower/)