+ Start a Discussion
ClaiborneClaiborne 

API Access with Delegated Authorization on Professional Edition

Here is the problem.

We have AppExchange product that is Aloha-approved, so we have an api access token.

Up until now, we have required users to log-in to salesforce.com from our app. We apply the api token as part of the connection header.  Theapi token allows users to use our app with all editions of salesforce.com, especially Professional Edition.

This is the code we use - php

function GetClient($login, $password, $token, $sandbox) {
           
             $wsdl = "soapclient/partner.wsdl.xml";
             if ($sandbox = "true") {
                 $wsdl = "soapclient/partnerSandbox.wsdl.xml";
             }
       
            // The List api token - required for PE and GE access
        $apiToken = '<token provided by salesforce.com>';
       
            // Establish client
        $client = new SforcePartnerClient();
        $client->createConnection($wsdl);
       
            // Add api token to connection
        $callOptionsHeader = new CallOptions($apiToken);
        $client->setCallOptions($callOptionsHeader);
                           
            // Login to salesforce.com          
        try {
            $loginResult = $client->login($login, $password.$token);
            if ($loginResult->passwordExpired) {
                $client = null;
            }
        }
        catch (Exception $e) {
            echo $e->getMessage();
            $client = null;
        }
}

And we have a client using our application who has Professional Edition, but also is using Delegated Authorization via PingIdentity. 

When the user tries to log in to salesforce.com from our application, they use their SSO user name and password. This gets them a valid salesforce.com token from Ping, but no log-in to salesforce.com. This is, of course, an api-login.

If the system admin uses his salesforce.com account, it works fine.

So the question is, how do you pass an api token when a Professional Edition sso user is trying to log in as an api user?

The api token is in the header of the initial log in request to salesforce.com. What happens to it when salesforce.com forwards the request to a delegated authority? Does it go to the delegated authority? Does it come back? Does it stay with the salesforce.com login request for use the authorization is granted by the delegated authority? Or is it just lost?
Ashish_SFDCAshish_SFDC

Hi , 


API Enabled permission will be on the Users Permission Section in the Profile.

API Enabled option will be there only for Users of Profile System Administrator or Cloned profiel of System Administrator.

https://login.salesforce.com/help/doc/en/admin_userperms.htm

You need to contact Salesforce.com Support for this.

Please go through the link whcih states the following information about Enabling API in professional Edition.

If you dont see the permission, you need to contact Salesforce.com Support.

This feature is enabled by default for Unlimited, Enterprise, and Developer Editions. Some Professional Edition organizations may also have the API enabled. If you cannot access the features you see in this guide, contact salesforce.com.

http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_quickstart_intro.htm


See more in the discussion below,

https://success.salesforce.com/answers?id=90630000000gr7kAAA

Also See the links below, 

http://www.salesforce.com/us/developer/docs/packagingGuide/Content/dev_packages_api_access.htm

https://developer.salesforce.com/forums/ForumsMain?id=906F00000008mh8IAA


Regards,

Ashish

ClaiborneClaiborne
This is not the answer. NONE OF THE USERS HAVE API-ENABLED. The AppExchange App, as an Aloha App, is API-enabled. This works fine with a normal log-in, as the api key specific to the app is passed as part of the header in the log-in process.

But when the organization uses an OAuth provided, in this case through Ping Identity, the token is dropped somewhere between the AppExchange app and Ping and salesforce.com.