How to Build a Basic Salesforce REST API Integration
Being within the package as a Service house, you have got to admire what Salesforce has managed to accomplish. It might be exhausting to argue their success, notably at the enterprise client level.
While they need one in all the foremost tuned and well-known sales approaches in the package, there's nearly a sense that once an organization gets to a precise size, they solely decide it’s time to use Salesforce. It’s because of this that if you have got a product that operates within the Sales and selling a house, there's an immense chance of sound into the Salesforce community and system.
Salesforce API Integration vs Salesforce App
It’s necessary to spotlight the distinction between a Salesforce API Integration and a Salesforce App that you’d realize on their AppExchange (essentially the Salesforce App Store.)
Listing an app inside the Salesforce AppExchange can offer you the flexibility to create your product directly into the Salesforce platform. for instance, visualizing your product’s information directly inside an element in Salesforce. whereas their area unit clear edges in having a presence inside this system it’s necessary to notice that their area unit those prices related to doing so.
A Rest API integration could be a heap less complicated and is primarily centred around causing information from your application and attractive information from Salesforce. Presently there's no price related to this sort of integration but its price notes that REST integrations area units are solely accessible to Salesforce users on their enterprise plans (there is scope to induce REST API access on skilled and cluster editions however involve obtaining your app whitelisted.)
For the needs of this post, our example REST API integration goes to be super basic. Our app goes to possess client information that we wish to send to Salesforce and there'll be client information in Salesforce that we wish to retrieve.
Essentially then, our REST API integration goes to wish to try to three vital things:
- Allow a User of our application to authorize us to access and transfer their Salesforce information on their behalf.
- Allow a user to push information from our application to Salesforce.
- Allow a user to retrieve Salesforce information to be used inside our app.
Getting Wind of with Salesforce
Create a free developer account
Start by obtaining yourself a free Salesforce Developer account.
The Salesforce developer accounts area unit awing and just about offer you an operating Salesforce organization (an organization is Salesforce’s word for an account) thus you'll get a pity the interface and even add and manage users.
Don't forget to check out: Salesforce REST API | HTTP and Callout Basics | All You Need to Know
Set up a Connected App
Once you have gotten your developer account got wind, you’ll need to line up a Connected App. Connected Apps have the flexibility to supply tons of practicality and typically that may create it a small amount tough to induce your head around them.
For the needs of this and the way we’re progressing to use it, it’s best to consider a connected app as a little app that sits on Salesforce’s infrastructure that you simply purpose your integration to. It's chargeable for managing the authentication and additionally the routing of requests to the relevant shopper instances.
Once you’ve got wind of your Salesforce developer account, you'll get wind of a connected app by clicking the Setup icon within the top-right navigation menu and choosing Setup.
Enter App Manager within the Quick find box so choose App Manager.
- Click New Connected App.
- In the New Connected App form, fill in:
In the basic information section:
- Connect App Name: YourAppName.
- API Name: this will automatically become ‘YourAppName’.
- Contact Email: enter your email address.
In the API (Enable OAuth Settings) section:
- Check Enable OAuth Settings.
- Callback URL: enter your callback URL, example: https://www.yourappname.com/api/callback
This will be the URL that Salesforce POSTs to when the user has authorised your app to access their data. This will include the access and request token (we’ll explain a bit more on this below but they are essential to be able to send and receive data.) So if you don’t have one already, you’ll need to set up an endpoint whose role it is to receive and handle this request.
Under Selected OAuth Scopes:
- Select Access and manage your data (API).
- Click Add.
Once you’ve set up your app, you’ll be given a Consumer Key and a Consumer Secret for your app.
The basic Salesforce Oauth data flow
With the connected app set up, it's handy to get an idea of how the data flow works.
To start, your user is directed to a Saleforce.com authorization endpoint, where they log in and approve access for your app to access their data.
After successful authorization, Salesforce sends a response with an Access token and Refresh token.
The Access token is to be passed in the header of all API requests for data. This token has an expiry date and will always expire. By default, the Connected Apps have an access token with an expiry of 15 minutes (in line with the sessions settings within your Salesforce settings).
The Refresh token is to be used to retrieve a valid access token (e.g., when the current access token expires). You can change the expiry settings on this but you can also set this never to expire, only when it is revoked.
Check out another amazing blog by Shreya Yadav here: How to Setup Email Relay in Salesforce - Learn Here
Example API calls:
To make the initial authorisation request for a user to grant your app access to their information (this is wherever your user is ab initio directed to a Saleforce.com authorisation terminus and logs in) you’d create the subsequent request. The client_id within the below decision are going to be your client ID from the connected app. The redirect_uri are going to be the recall universal resource locator.
curl https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=YOURCONSUMERID&redirect_uri=https://www.yourappname.com/api/callback
A prospering response from this may direct the page to a Salesforce login page wherever the user is in a position to login and demonstrate. once Salesforce confirms that the consumer has authorised your app to access their information, the end user's browser is redirected to the recall universal resource locator you’ve such as by the redirect_uri parameter. Salesforce then appends the Associate in Nursing authorisation code to the direct universal resource locator, their request can look like the below.
https://www.yourappname.com/api/callback?code=aWekysIEeqM9PiThEfm0Cnr6MoLIfwWyRJcqOqHdF8f9INokharAS09ia7UNP6RiVScerfhc4w%3D%3D
You’ll use this because the price for your code parameter once you create an invitation to Salesforce’s token terminus to receive your Access and Refresh Token.
Example request:
Curl
Login.salesforce.com/services/oauth2/token?grant_type=authorization_code&redirect_uri=https://www.yourappname.com/api/callback&client_id=YOUR_CONSUMER_ID&client_secret=YOUR_CONSUMER_SECRET&code=aWekysIEeqM9PiThEfm0Cnr6MoLIfwWyRJcqOqHdF8f9INokharAS09ia7UNP6RiVScerfhc4w%3D%3D
Example Response:
{ "access_token": "REFRESHED_ACCESS_TOKEN", "signature": "signature", "scope": "refresh_token id API", "instance_url": "https://INSTANCE.salesforce.com", "id": "https://login.salesforce.com/id/idE", "token_type": "Bearer", "issued_at": "timestamp" }
Now we have a way to keep our access tokens valid and up to date, we’re set up and ready to start working with Salesforce objects.
Responses