function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
WorksForME?????WorksForME????? 

Passwords and Storage.

I have a JavaScript package that will have a need to make 1 external API call by sending data to our servers with the users User name, password and security token.  My question is how should we go about transmitting the password(plain-text vs. base64) and what about storing it in a salesforce custom object?  what are the security implications / rules for this?  Does anybody know?
werewolfwerewolf
So are you saying that you actually want to send the users' Salesforce.com credentials and security token to this external API?  That is not at all a good idea.  Why would you want to do that?  Can you just send the API session?
WorksForME?????WorksForME?????
This external API is running on our servers, we need to access the users objects and retrieve information.  Can we login to the API with just the API session?  Let me run you through this process.

User clicks a button in our javascript Custom SControl in salesforce.com and it sends a webrequest to our external servers to access the API of that user and pull down informaion.
SuperfellSuperfell
use the serverUrl & sessionId merge fields, no need to store credentials or call login. There's an article on wiki somewhere with more details on this.
WorksForME?????WorksForME?????
It works like a charm, now I don't need the users Password and Token, thanks guys.  If anyone else is looking here is my C# sample code.

                    //Just take the URL and SessionID passed to the webservice.

                    binding.Url = SFUrl;     //Merge field {!$Api.Enterprise_Server_URL_130}
                    binding.SessionHeaderValue = new salesforce.na5.SessionHeader();
                    binding.SessionHeaderValue.sessionId = SFSessionID;    //Merge field {!User.Session_ID}

                    //Then make your API calls here.            
MunnaMunna

Hi,

here is the code..

sfdc.Url = lr.serverUrl;

binding.Url = lr.serverUrl;

binding.SessionHeaderValue = new SessionHeader();

binding.SessionHeaderValue.sessionId = lr.sessionId;

// Create a new session header object

// Add the session ID returned from the login

sfdc.SessionHeaderValue = new SessionHeader();

sfdc.SessionHeaderValue.sessionId = lr.sessionId;

sforce.GetUserInfoResult userInfo = lr.userInfo;

how can i get the session from url ?
as used merge field and passing API seesionID
how can i get it on my application?
WorksForME?????WorksForME?????
You could use a query string ie.. site.aspx?api=[MergeField]&sessionID=[MergeField] or you could create a webservice and use the salesforce proxy to pass xml or other data.