function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Ken KoellnerKen Koellner 

Passing Session ID for calling REST Service written in APEX.

I'm developing a new service and thinking of using REST instead of SOAP.  This service will be called internally by another application that runs in the background, i.e., no human user, no web browser.

 

I'm trying to figure out the best what for the client application to authenticate.  The client application already knows how to connect via the regular login() API and get a session ID.  I'm thinking the easiest thing to do would be to just use that Session ID.


What I don't know is how the client should pass the Session ID to a REST service.

 

When calling a SOAP Web Service, it goes in the  <cus:sessionId> tag in the <soapenv:Header>.  That wouldn't exist in REST.  I guess it isn't passed as a parameter and has to go in some sort of authentication header.  Can anyone point me to documentation on how to compose that header?

 

Right now, I just want to test a call from SoapUI.  Then I'll have to tell the people that write the client app what to do.

 

-Ken

 

Sonam_SFDCSonam_SFDC

When using REST API, one should use OAuth(Open Authorization) to authenticate a user - OAuth gives in return a auth toekn which can be used for further transactions between salesforce and third party application:

 

Process described in the following doc : http://www.salesforce.com/us/developer/docs/api_rest/api_rest.pdf

 

 

SaraagSaraag

If you want to use sessionid, you'll have to set it in the header.

 

req.setHeader('Authorization',  'Bearer sessionid_here');

 

Note: "Bearer" and space and then you session Id.

Ken KoellnerKen Koellner

I'm testing using curl and got the following to work--

 

curl -1 --insecure --cookie-jar cookies --cookie cookies -e ";auto" --location-trusted -L 'https://mydomain.sb99.cs86.force.com/services/apexrest/KKRestExper?param=foo' -H 'Authorization: Bearer 00Df0000003IvyN\!BQcAQOVzejR0bFw1AghYGNsnCJx1Z8BZzY9TJirlVERKBwLOwYxGApfAddKxyp8nuXXCjiAiUO2_.VlY.jZ7jIc0GuQZ9EIM'

 (some of the identifying info in the command above including the domainname, sb#, cs#, org Id, and session Id have been corrupted to security purposes.)

SaraagSaraag

Not sure I follow, do you still have an issue or did that solve your question?

Ken KoellnerKen Koellner

I got it to work using curl as my test driver.

 

There is a more elegant way to do it with curl if you use a script and save cookies but I didn't bother.

 

-K