+ Start a Discussion
Zach CoffinZach Coffin 

API without OAuth?

We're trying to import information from Salesforce into our Grails3 system and don't really need to authenticate every user since we can control user access at our system login. Can we use something a bit more permanent to send API requests to our my.salesforce.com instance at a system level without having to prompt our already locally logged-in authorized users to authenticate with SF every time we want to import another record from SF to our system?
Naval Sharma4Naval Sharma4
I think you can go with Refresh Token flow where you will have to authenticate your SF user only once and then can consume the API calls using the access token. There should be a process which needs to be run in background to keep the latest access token using the "Refresh Token".

More details are here -
https://help.salesforce.com/articleView?id=remoteaccess_oauth_refresh_token_flow.htm&type=5
Zach CoffinZach Coffin
That would still require every user to also authenticate with Salesforce. I'm looking for a way to never have to prompt our users to login to SF - our server would have everything it needs to be able to request things from the SF API without prompting our users to login, maybe something like Google Maps' API Key https://developers.google.com/maps/documentation/javascript/get-api-key
Naval Sharma4Naval Sharma4
Then you can create a web-service and expose that on force.com sites. Steps are following.
  1. Create a unique secret key and store it in SF ( Could be a custom setting field )
  2. Call the web-service with that secret key and match the key which is stored in SF to athenticate the call form a valid source.
  3. Process the logic in apex class (web-service).


 
Zach CoffinZach Coffin
For the record, this is what I needed: https://developer.salesforce.com/docs/atlas.en-us.salesforce_developer_environment_tipsheet.meta/salesforce_developer_environment_tipsheet/salesforce_developer_environment_verify_rest.htm