Salesforce Developer Community

Pratibha Sundaramoorthy
NEWBIE
9 Points
Member since 2017

Chatter

Feed
0

Best Answers
0

Likes Received
0

Likes Given
1

Questions
4

Replies

Session ID based authentication for User Interface API From Lightning Component

Hi,

I'm trying to make a call out to the User Interface API in order to get metadata information on picklist values based on record types. I'm using session ID authentication by passing in the session id in the authorization header. This is all done inside a function in a apex utility class. I have that function called by another Apex function which is @AuraEnabled. The lightning component calls this aura enabled function.
When I call both utility and aura enabled function from dev console, everything works fine and I was able to pull the metadata information that I need. But when the method is called from lightning component as I use the application, it throws the error:

{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}

I'm getting session Id using UserInfo.getSessionId() method. I'm unable to print it as it displays, SESSION_ID_REMOVED when I try. Here is the snippet of the call out:

private static HttpResponse callOut(String relativeURL) {
      Http http = new Http();
      HttpRequest request = new HttpRequest();
      HttpResponse response;
      

      String host = System.Url.getSalesforceBaseURL().toExternalForm();
      String url = host + relativeURL;
      // set the end point
      request.setEndpoint(url);
      // set GET/POST method
      request.setMethod('GET');
      String sessionId = UserInfo.getSessionId();
      system.debug('Session Id = '+sessionId);

      // set authorization header
      request.setHeader('Authorization', 'OAuth '+UserInfo.getSessionId());
      system.debug('User Id = '+UserInfo.getUserId());
      system.debug('Profile Id = '+UserInfo.getProfileId());
      system.debug('Username = '+UserInfo.getUserName()+'. '+UserInfo.getUserType());

      system.debug('request = '+request);
      try {
        response = http.send(request);
      } catch(System.Exception e) {
        System.debug('ERROR: '+e);
        throw e;
      }

      return response;
     }

Here is what all I tried:
1. Replace OAuth in request.setHeader('Authorization', 'OAuth '+UserInfo.getSessionId()); to 'Bearer'.
2. Checked the user profile which is the system administrator and have API Enabled checked.
3. Cheked the profile -> Session Settings and see if 'Session Security Level Required at Login' is set to None.

Any help on this is greatly appreciated.

Pratibha Sundaramoorthy
January 31, 2018
Like
0

SOLVED

3 replies

Session ID based authentication for User Interface API From Lightning Component

private static HttpResponse callOut(String relativeURL) {
      Http http = new Http();
      HttpRequest request = new HttpRequest();
      HttpResponse response;
      

      String host = System.Url.getSalesforceBaseURL().toExternalForm();
      String url = host + relativeURL;
      // set the end point
      request.setEndpoint(url);
      // set GET/POST method
      request.setMethod('GET');
      String sessionId = UserInfo.getSessionId();
      system.debug('Session Id = '+sessionId);

      // set authorization header
      request.setHeader('Authorization', 'OAuth '+UserInfo.getSessionId());
      system.debug('User Id = '+UserInfo.getUserId());
      system.debug('Profile Id = '+UserInfo.getProfileId());
      system.debug('Username = '+UserInfo.getUserName()+'. '+UserInfo.getUserType());

      system.debug('request = '+request);
      try {
        response = http.send(request);
      } catch(System.Exception e) {
        System.debug('ERROR: '+e);
        throw e;
      }

      return response;
     }

Pratibha Sundaramoorthy
January 31, 2018
Like
0

7 replies

INVALID SESSION ID - This session is not valid for use with the REST API

Hello,

I've obtained an access token via OAuth. When I use that access token to make a call to a custom Apex REST class I receive the error below:

[{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}]

The strange thing is if I try to get a session ID using an username/password with SOAP API, I receive a valiad session ID and I am able to use it in my application. For security reasons, I don´t wat to store username and password in my app, so I am going to the OAuth Authentication.

Below are the steps that I am following to authorize the access: (I have omitted the last characters of the tokens and codes.)

1) Get the authorization code:

https://na15.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9A2kN3Bn17htJ...

&redirect_uri=https://www.exior.com.br

2) Get the session ID and refresh token: (Method POST)

Request:

Endpoint:

https://na15.salesforce.com/services/oauth2/token

Header:

Content-type: application/x-www-form-urlencoded

Body:

grant_type=authorization_code&code=aPrxMZkm7lCkgfTjSLFeTxyHVa55QG9Gpj8v6YpU6QMRHwCgwpcOuVi5feu66Rcn4IDpaXXXXX%3D%3D&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX &client_secret=77219427916XXXXXXXX&redirect_uri=https://www.exior.com.br

Response:

<access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token> <id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id>

<instance_url>https://na15.salesforce.com</instance_url>

<issued_at>1373031879062</issued_at> <refresh_token>5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX</refresh_token> <scope>refresh_token</scope>

<signature>FRS81Y6zTT5kMinx0SZugV18POV4VwQOg1KgXTyXXXXX</signature> </Response>

3) Use the refresh token to get a new session ID: (Method POST)

Request:

Endpoint:

https://na15.salesforce.com/services/oauth2/token

Header:

Content-type: application/x-www-form-urlencoded

Body:

grant_type=refresh_token&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX&client_secret=77219427916XXXXXXXX&refresh_token=5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX

Response:

<Response xmlns="https://na15.salesforce.com/services/oauth2/token"> <access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token> <id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id> <instance_url>https://na15.salesforce.com</instance_url> <issued_at>1373031978095</issued_at> <scope>refresh_token</scope> <signature>Nf210fXLTsUkWAaE3ACeo8KprYaEFOHs3psVgLyXXXXX</signature> </Response>

When I try to use the session ID received with the "authorization_code call" or"refresh_token call" I receive the error [{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}].

Below is how I am using this session id in my application:

public String ValidaCredenciais(String Usuario, String Senha, String SessionId) {

HttpRequest req = new HttpRequest();

Http http = new Http();

req.setMethod('POST');

req.setEndpoint('https://na15.salesforce.com/services/apexrest/validalogin');

req.setBody('{"usuario": "' + Usuario + '", "senha": "' + Senha + '", "orgId": "' + System.Userinfo.getOrganizationId() + '"}');

req.setHeader('Content-Type', 'application/json');

req.setHeader('Authorization', 'OAuth ' + SessionId);

HTTPResponse resp = http.send(req);

String RetornoValida = resp.getBody();

return RetornoValida;

}

rafaferrer
July 05, 2013
Like
1