I am trying to get Auth to work for a webservice on a website which needs to read / update Salesforce data without the need for a website user to log into Salesforce.

I'm trying to use the token model for OAUTH2 as suggested in http://www.mstsolutions.com/blog/content/testing-salesforce-web-service-using-postman-rest-client - I have set up a connected app and created a new username and password specifically for it, in my Salesforce playground.

Here's the raw data that gets posted to Salesforce (captured using Fiddler). I tried to post the simplest thing I could. Please can you tell me whether there's anything you see that's obviously wrong:

========================================

POST https://login.salesforce.com/services/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: login.salesforce.com
Content-Length: 216
Expect: 100-continue
Connection: Keep-Alive

grant_type=password&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&username=<USERNAME@PLAYGROUND>&password=<PASSWORD>

========================================

The response I get is a 500 internal server error.

"Error ID: 1820186503-109722 (215530434)"

I went to https://help.salesforce.com/apex/hthome to try and raise a support ticket, but when I try to log in, after it appears to succeed, it redirects me to https://help.salesforce.com/apex/Help_Home?err=1 and kicks me out (not logged in).

If I try the same thing with charset set to UTF-8 in the headers, I get a 400 Bad Request reponse:

"You have sent us an Illegal URL or an improperly formatted request."

I don't know what to try next, I am not getting much out info of this Auth API at all. All suggestions welcome!

Hello,

I'm a beginner with Salesforce development, apologies for asking something that should be quite basic, but I just can't find this in the docs.

I build and maintain a website for an organisation. The organisation store their data in Salesforce (Classic).

What I'm trying to achieve is - I need the website to contact Salesforce at certain points to read and update data within Salesforce.
(Also, the website is written in C# ASP.NET, if that's relevant info)

So the model I need is - server to server communication, the website user needs to remain completely unaware of the presence of Salesforce.

Now, I was thinking - this should be achievable by using the REST API and client key / client secret... but the examples I've gone through either return a web page which requires the end user to log into Salesforce, or return JSON which just says "client identifier invalid".

Can someone please point me in the right direction? Thanks in advance!