function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Baptiste AUGRAINBaptiste AUGRAIN 

Metadata API on server side (cron)

Hello,

I'm able to query the Metadata API with JSforce and my credentials.

I would like to run it in a cron on a web server.
Is there a way to generate a access key (like on aws) so that I don't need to put my username/password on the server?

Thx
Baptiste
Best Answer chosen by Baptiste AUGRAIN
Alain CabonAlain Cabon
Hello Baptiste,

1) Did you install Salesforce CLI ?     https://developer.salesforce.com/tools/sfdxcli

Salesforce provide a connected app that is used by default (named: PlatformCLI) when you use this CLI.

With the CLI (sfdx commands), you can authorize an org using the Web-Based Flow (locally where the cli is installed):
https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm

(Optional) Create a connected app if you require more security and control than offered by the provided connected app. Enable OAuth settings for the new connected app. Make note of the consumer key because you need it later.

2) As soon as you have authorized an org using the web-based flow (by using user/password, only one time), you can reuse this authorization afterwards many times (this technique is used by many tools on VS Code).

The command is then just: sfdx force:org:display -u myalias  ( with myalias, the alias of the authorized org ) to get an access token as a result.
 
=== Org Description
KEY               VALUE
────────────────  ──────────────────────────────────────────
Access Token      00D0Y00000.......
Alias             myalias
Client Id         PlatformCLI
Connected Status  Connected
Id                00D0Y0000.......
Instance Url      https://mydomain.my.salesforce.com
Username          johnny.best@france.fr

sfdx force:org:display -u myalias --json    ( for a more easy result to parse in code ) 

The problem is the refreshing of this access token regurlarly afterwards if you use a long session.

3) But it is not the best option compared with "authorize an org Using the JWT-Based Flow" (better for the security but more complicated)

https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_jwt_flow.htm


 

All Answers

Alain CabonAlain Cabon
Hello Baptiste,

1) Did you install Salesforce CLI ?     https://developer.salesforce.com/tools/sfdxcli

Salesforce provide a connected app that is used by default (named: PlatformCLI) when you use this CLI.

With the CLI (sfdx commands), you can authorize an org using the Web-Based Flow (locally where the cli is installed):
https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm

(Optional) Create a connected app if you require more security and control than offered by the provided connected app. Enable OAuth settings for the new connected app. Make note of the consumer key because you need it later.

2) As soon as you have authorized an org using the web-based flow (by using user/password, only one time), you can reuse this authorization afterwards many times (this technique is used by many tools on VS Code).

The command is then just: sfdx force:org:display -u myalias  ( with myalias, the alias of the authorized org ) to get an access token as a result.
 
=== Org Description
KEY               VALUE
────────────────  ──────────────────────────────────────────
Access Token      00D0Y00000.......
Alias             myalias
Client Id         PlatformCLI
Connected Status  Connected
Id                00D0Y0000.......
Instance Url      https://mydomain.my.salesforce.com
Username          johnny.best@france.fr

sfdx force:org:display -u myalias --json    ( for a more easy result to parse in code ) 

The problem is the refreshing of this access token regurlarly afterwards if you use a long session.

3) But it is not the best option compared with "authorize an org Using the JWT-Based Flow" (better for the security but more complicated)

https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_jwt_flow.htm


 
This was selected as the best answer
Baptiste AUGRAINBaptiste AUGRAIN
Thanks you Alain! I was able to find the right solution for me from your reply.
I went with JWT by following https://trailhead.salesforce.com/en/content/learn/modules/sfdx_travis_ci/sfdx_travis_ci_connected_app

Thx
Alain CabonAlain Cabon
Ok, good.   You are free to close the question if it is solved.

https://developer.salesforce.com/forums/ForumsMain?id=906F00000008uPkIAI

(beaucoup n'aident plus ici à cause du message précédent, c'est dommage)