You need to sign in to do that
Don't have an account?
Jason Adams
Is the only way to use the API via oauth or session?
Greetings!
I'm working on integrating a Wordpress site with Salesforce (not just leads and cases). And I'm finding (https://www.salesforce.com/us/developer/docs/api_rest/) that it seems like the only way to use the api is with either an oauth token or salesforce session id. The problem with this is that it requires the integration to work from user sessions, but I'd like it to work for non-logged in users and also forego the token redirect process.
The web-to-lead applet offers something like this, but only for leads and cases.
If I have to use OAuth, is it bad practice to have the user provide the credentials then store the token in the database for all future use? The same token would then be used for every purpose. Would the token have a lifespan by default?
Thanks for any and all input! :)
I'm working on integrating a Wordpress site with Salesforce (not just leads and cases). And I'm finding (https://www.salesforce.com/us/developer/docs/api_rest/) that it seems like the only way to use the api is with either an oauth token or salesforce session id. The problem with this is that it requires the integration to work from user sessions, but I'd like it to work for non-logged in users and also forego the token redirect process.
The web-to-lead applet offers something like this, but only for leads and cases.
If I have to use OAuth, is it bad practice to have the user provide the credentials then store the token in the database for all future use? The same token would then be used for every purpose. Would the token have a lifespan by default?
Thanks for any and all input! :)
It is generally bad practice to store the OAuth token indefinitely as you open up your users to a separate attack vector not of their choosing. If tokens must be stored they should be stored encrypted. Mobile apps are a great example here as they store OAuth tokens locally (hopefully) encrypted and the token is only accessible to that application. Where possible web systems should not in their database store tokens.