+ Start a Discussion

Additional security steps

You need to pass both the SessionId and API_Url to your component.
The component must verify that the Url is an https  to a *.salesforce.com domain.

Make sure that the underlying HTTPS aborts if the server certificate is not valid.  You don't want to be sending data to an imposter.

As Benji remarked, you can use GetUserInfo to perform the SessionId validation.