You need to sign in to do that
Don't have an account?
CloudConversion
Authenticating WebService Methods?
Does Salesforce provide any way to authenticate apex WebService methods in Sites? If not, are there any feasible ways to self-authenticate these types of requests?
Thanks,
Jon
All Answers
Thanks Paul, but I'm not quite following you. We want our partners to be able to leverage our WebService enabled Apex classes to make authenticated API calls without having to provide a Salesforce username, password and security token. All the examples that I've seen of Sites-enabled WebService methods are all unauthenticated (i.e. -- RSS feeds). Customer portal may be an option, but is it possible to authenticate via an API call? If so, any examples?
Thanks,
Jon
p.s. - we could always create our own authentication scheme in Apex, but I doubt that is the correct solution here.
Paul, you can definitely do unauthenticated WebService calls. Check out PublicWebService.cls in http://wiki.developerforce.com/index.php/Big_Cloud_Sample_Package for a good example.
So, back to authenticating WebService methods. Anyone know the best way?
you can have a public apex webservices via sites.
For authenticated webservices you would need to use the traditional way not via sites.
Ok, thanks Bulent. So is there no way to expose our apex methods then? We've built complex logic around several inter-related custom objects and we'd like our partners to be able to make one web service call to upsert records. Would doing our own authentication in apex be an acceptable solution?
Thanks,
Jon
this is similar to "authenticating user via portal or some other way on sites".
If the web service is a public one then there is no issue exposing via sites. If it needs to be called on;y by known authenticated party then you need to follow the standard apex web services best practices. Any other way would be still public web service without the required security.
Thanks for your help Bulent. I realize now that what we're trying to do isn't at all related to Sites, but do you know if we can use the standard Force.com API, make the login() call to get a Session ID and then hit our WebService-enabled apex endpoint: https://na6-api.salesforce.com/services/Soap/class/CloudConversion/CreateOrders ?
Thanks,
Jon