function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Chris Berg 6Chris Berg 6 

REST Calls from within my (org/domain) failing

I have created an Apex REST service following an example from SalesForce.  I created a custom button on my Case page.  This button contains all the code I need to POST to my REST service.  Both my Case page and the URL I am calling share the same domain:

https://na16.salesforce.com/500j0000000zfug
https://na16.salesforce.com/services/apexrest/decision

I am getting a 401 (Unauthorized).  Is there something simple I can do whereby this REST call is trusted?  Should I attempt to use some existing headers from the case page to make this work?  I wanted to avoid a lot of heavy security steps for making calls inside the platform.
 
Chris Berg 6Chris Berg 6
As a follow-up, my guess is that I would have to authenticate with my JS against a login URL, cache a token, then attempt the Apex REST call because the Case page is not trusted.  In effect, even thought its on the Force site and same domain, it's really not.  Feels like this is a federated security model between all the parts and pieces.  Not finding any examples of folks doing this so I must be off the happy path here.
James LoghryJames Loghry
Chris, it sounds like you'll need to add the domain (http://na16.salesforce.com) to your Remote Site Settings (Setup->Security->Remote Site Settings)

That should fix your 401 Unauthorized exception.  Depending on how your rest service is authenticated, you may need to look into either the username / password or oauth token flow for authenticating with the service as well.