0

I wanted to get some insight on best practices for Salesforce application development. Basically I am developing an on premise Windows service that will push data to Salesforce, using either the REST or SOAP API (probably not relevant at this point). Saying this, I had a few questions:

  1. I believe that I need to create an Application (via Remote Access) that will generate a Consumer Key and Consumer Secret that will allow me to call into the Salesforce API, is this accurate?
  2. If I create an application, it requires a Callback URL, what exactly is this?
  3. Is there any other recommended way of doing this, if so, any links or help would be appreciated!

TIA!

Jonathan Nazario
  • 133
  • 3
  • 13

1 Answers1

1

I got two applications which are now both using the REST approach. I find the Salesforce documentation very useful.

Remote Access

Create the consumer key, secret and set the callback under Setup -> App Setup -> Develop -> Remote Access

Callback

The callback handling is part of OAuth protocol - find an explanation here: OAuth Callback Domains explained It simply needs to return a valid page - it is a security feature validating the domain

More on OAuth Authorisation

See OAuth Quickstart

Alternative: Session ID Authorization for SOAP

Explained at the bottom of the page OAuth Quickstart

Using higher level libs

It is worth investigating if your chosen target environment has a higher level library available that covers some of the lower level aspects of communicating with the API. I am for example using a Ruby gem on top of the API - less work handling some of the API aspects.

Also useful

Salesforce APIs – What They Are & When to Use Them

SOAP

I got an older application running on SOAP - does only require password and security token. No need to create a Remote Application if you are going to use that approach.

REST

Does require OAuth authentication "Before making REST API calls, you must authenticate the user using OAuth 2.0" ... hence you need to create a Remote Application to generate consumer key and secret

Enjoy your adventure with the Salesforce API - Eugen

smile2day
  • 1,585
  • 1
  • 24
  • 34
  • Thanks @smile2day! I was more interested as in what are the recommended methods, for example, should I create an app in salesforce and then use the application key provided by that, instead of using a username/password to authenticate my service with salesforce? – Jonathan Nazario May 23 '13 at 08:14
  • Hi Jonathan, expanded the answer further. I believe the bottom line is that REST is only possible via OAuth which requires a Remote Application. There may may more to it but this is what I found so far. Eugen – smile2day May 23 '13 at 13:13
  • Thanks! I tried creating a remote application and thought I could have the remote application interact with the SF API without using an actual account, unfortunately this is not possible. You need to create or use an existing account to access the APIs. – Jonathan Nazario Jun 13 '13 at 04:20
  • I typically set up a restricted account if the organisation got a spare license, otherwise I piggybag on an existing account. Would avoid to use admin account if possible. There is also the issue of password expiry depeding on the policy in place - needs to be in sync with your backend app. You can also setup a profile which doesn't force password updating for your dedicated API account. – smile2day Jun 13 '13 at 10:20