Activity Forums Salesforce® Discussions How is Access Token used with REST API in Salesforce ?

  • sushant

    Member
    December 12, 2016 at 2:11 pm

    Hi All,

    How is Access Token used In REST API ?

    Please give suggestions

    Thanks

     

  • Vikas Kumar

    Member
    January 9, 2017 at 12:30 pm

    Hi sushant,

    Access token is used for authorization purpose.

    Once authenticated, every request must pass in the access_token value in the header. It cannot be passed as a request parameter.

    go through https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/quickstart_oauth.htm for detail option

    Hope it may help

  • shariq

    Member
    September 19, 2018 at 11:54 am

    Hi,

    The first step in any API-based integration is getting an OAuth access token to authenticate your calls.

    Using the client ID and secret  call the REST Auth service to obtain an OAuth access token for authenticating your API calls. This sample call demonstrates how to POST to that resource to acquire an access token.

    POST https://auth.exacttargetapis.com/v1/requestToken
    Content-Type: application/json
    {
    "clientId": "YOUR_CLIENT_ID",
    "clientSecret": "YOUR_CLIENT_SECRET"
    }

    200 OK
    {
    "accessToken": "YOUR_ACCESS_TOKEN"
    "expiresIn": 3600
    }

    The access token is returned in the accessToken property. Specify this access token to authenticate all other REST API calls via the Authorization header field with the Bearer HTTP authorization scheme.

    Refresh an Access Token
    Note the expiresIn property in the HTTP response to the requestToken API call. Access tokens expire one hour after they are issued. If you attempt to use an expired token, you receive a 401 Unauthorized HTTP response. If this happens, refresh your access token by calling requestToken again.

    Follow these considerations when using the API directly and doing your own OAuth token management.

    Do not request a new access token for every API call you make—-each access token is good for an hour and is reusable. Making two API calls for every one operation is inefficient and causes throttling.
    Be careful where you store your client ID and secret. Never expose this information on the client side via JavaScript or store it in a mobile application. Ensure that these credentials are stored securely in your application.

    Hope this helps!

  • Parul

    Member
    September 22, 2018 at 5:32 am

    Adding some points:

    Once access token is used for authorization purpose and authenticated, every request must pass in the access_token value in the header. It cannot be passed as a request parameter.

    go through https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/quickstart_oauth.htm for detail option

    Hope it may helps

Viewing 1 - 4 of 4 posts

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos