REST API and OAuth2 implementation in Salesforce
Force.com platform support powerful and convenient web services API for excellent interaction with external app and salesforce. Rest API also uses same underlying datamodel as those in SOAP API. For secured interaction with third party app, Salesforce enforces authentication process. As the part of authentication process users need to store or cache their username or password, instead the mechanism introduces where access is granted via tokens. To authenticate a user, either of these three approaches can be considered based on the type of application being designed and the level of user interactivity
- Webserver Flow : Consumer key is protected by server
- User-Agent Flow: It is utilized by apps, they will not store consumer secret securely.
- Username-password Flow: App has right to access credentials directly.
After successful authentication process user application will be granted an access token, with which that can perform REST API functions.
Connected App for OAuth
To perform OAuth in salesforce, you must create Connected App in salesforce. A Connected App can be visualized as an intermediate authentication layer between Salesforce data model and the client application. Steps for creating sample Connected App in salesforce is available in following link https://www.salesforce.com/us/developer/docs/api_rest/. Once a Connected App is configured in Salesforce, we will get a consumer key and a consumer secret for OAuth implementation in the client application.
OAuth Endpoints in Salesforce
These are URLs used to make OAuth authentication request
Shown below is the web server OAuth Authentication Flow
From the figure steps 1-3 can be implemented in c# program as shown below
Gain authorize code by passing Consumer key and consumer secret
After execution of this code you will get Authorization code, now by using this authorization code, consumer key and consumer secret you will be able to get the Access Token. With the aid Access token you can perform REST API functions.
Access Data from salesforce using REST API with Access Token
The above shown codebase can be used to get Account details from your Salesforce Account.
Note: You do not need to store or cache your credentials, instead of that you just need to pass the consumer secret and consumer key of Connected app. Make sure that these are not hardcoded in your website/app’s source code or config file. Also please make sure not to encrypt and store your access token for improved security.