+ Start a Discussion
CloudConversionCloudConversion 

Authenticating WebService Methods?

Does Salesforce provide any way to authenticate apex WebService methods in Sites?  If not, are there any feasible ways to self-authenticate these types of requests?

 

Thanks,
Jon 

Best Answer chosen by Admin (Salesforce Developers) 
David VPDavid VP
You've probably figured this out by now but yes : that's exactly how you would do it.

All Answers

paul-lmipaul-lmi
in regards to anonymous Sites browsing, or for scenarios where you're using Customer Portal auth in a Site?  WebService methods always require standard API auth unless there's an existing authenticated session ID being passed in, which you wouldn't have at all when browsing Sites anonymously.  Salesforce doesn't support traditional web sessions with anonymous Sites usage yet, so the only way to add auth info to a session is via the portal licensing/auth system.
CloudConversionCloudConversion

Thanks Paul, but I'm not quite following you.  We want our partners to be able to leverage our WebService enabled Apex classes to make authenticated API calls without having to provide a Salesforce username, password and security token.  All the examples that I've seen of Sites-enabled WebService methods are all unauthenticated (i.e. -- RSS feeds).  Customer portal may be an option, but is it possible to authenticate via an API call?  If so, any examples?

 

Thanks,

Jon 

 

p.s. - we could always create our own authentication scheme in Apex, but I doubt that is the correct solution here.

paul-lmipaul-lmi
i follow now.  yeah, they don't let you call those webservice methods without auth, period.  i wanted to do the same thing.
CloudConversionCloudConversion

Paul, you can definitely do unauthenticated WebService calls.  Check out PublicWebService.cls in http://wiki.developerforce.com/index.php/Big_Cloud_Sample_Package for a good example.

 

So, back to authenticating WebService methods.  Anyone know the best way?

paul-lmipaul-lmi
sorry.  the premier dev support we're overpaying for told me otherwise.  i'll keep watching this thread to see how it transpired.
BulentBulent

you can have a public apex webservices via sites.

For authenticated webservices you would need to use the traditional way not via sites. 

CloudConversionCloudConversion

Ok, thanks Bulent.  So is there no way to expose our apex methods then?  We've built complex logic around several inter-related custom objects and we'd like our partners to be able to make one web service call to upsert records.  Would doing our own authentication in apex be an acceptable solution?

 

Thanks,

Jon 

BulentBulent

this is similar to "authenticating user via portal or some other way on sites".

 

If the web service is a public one then there is no issue exposing via sites. If it needs to be called on;y by known authenticated party then you need to follow the standard apex web services best practices.  Any other way would be still public web service without the required security.

paul-lmipaul-lmi
how would you expose a webservice via site?  is it as simple as adding the apex class to the site and changing the URL endpoint in the WSDL?
BulentBulent
Correct. You need to enable your class for your site (public access settings) and set the necessary permissions on the public access settings for your class to work. Again this is only recommended for public access
CloudConversionCloudConversion

Thanks for your help Bulent.  I realize now that what we're trying to do isn't at all related to Sites, but do you know if we can use the standard Force.com API, make the login() call to get a Session ID and then hit our WebService-enabled apex endpoint: https://na6-api.salesforce.com/services/Soap/class/CloudConversion/CreateOrders ?

 

Thanks,

Jon 

David VPDavid VP
You've probably figured this out by now but yes : that's exactly how you would do it.
This was selected as the best answer