Starting November 20, the site will be set to read-only.
On December 4, 2023,
Apex Code Development (90768)
General Development (55146)
Visualforce Development (37251)
Lightning (18265)
APIs and Integration (17146)
Trailhead (11680)
Formulas & Validation Rules Discussion (11337)
Other Salesforce Applications (8116)
Jobs Board (6655)
Force.com Sites & Site.com (4842)
Mobile (2694)
You need to sign in to do that
Don't have an account?
kirkevonphilly I'm working on creating a Managed Package that will be installed into our client's customers' orgs. In that package are classes that perform callouts back to our client's org. Do you have any recommendations on how to secure this web-service based communication between our client and our client's customers' orgs?
Thanks in advance!
Hello,
I had a similar requirement once. And after some research, I drilled into this solution : Creating a custom REST API class which has the core logic in the Main Org and accessing it using callouts from the client orgs using OAuth.
More information here : http://wiki.developerforce.com/page/Creating_REST_APIs_using_Apex_REST
Thanks for the response Vishal.
I have a custom Rest API class in the main org as you suggested.
Can you elaborate on the second part where the client orgs use OAuth and callouts to access it?
Here's what I'm thinking from what you posted (correct me where I'm wrong):
1) Create a Connected App to get a Consumer Key and Consumer Secret
2) Include a mechanism to the client to get them to go through the OAuth process, using the Consumer Secret and Key to get an Access Token/Session ID
3) Once they have a Token/Session ID, do I point them to /services/apexrest/myNameSpace/myServiceName?
Yup, that's exactly what I had done. Created a App that would help the external user to connect to Salesforce using the consumer key and secret. Once he is through, he can then send requests to the custom REST methods.
This is an excellent link to get started with OAuth
http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com
Thanks again Vishal,
When I create an Access Token using credentials from the org where my Connected App resides all works fine. However, when I try create an Access Token using credentials from an external org (like what the customers would be doing), I receive the following:
[ {
"message" : "Session expired or invalid",
"errorCode" : "INVALID_SESSION_ID"
} ]
Any ideas?