Integration to Salesforce through REST API without using consumer secret/key

accesstokenapioauth2rest-api

I am trying to connect with the Salesforce via API call. I got the access token first by providing username, password, consumer key, consumer secret, grant_type. Then I used the access token and made the second call which is the actual API call for salesforce.

My question is, Is it possible to connect the Salesforce just using access token,username and password without really providing the consumer key and consumer secret or we definitely need the consumer key and consumer secret to connect with Salesforce.

We are using REST API and I don't want to use consumer key and consumer secret. Please suggested how to achieve this.

Best Answer

If you have the access token or a session id (but preferably the access token), then you don't need anything else. It's getting the access token that requires the connected app and the user details.

There are a selection of OAuth 2.0 flows. The flow you're currently using is the username-password flow, which is only recommended for testing.

The consumer key (client id) is always required. The consumer secret (client secret) is not required in all flows.

Most of the OAuth flows are interactive, meaning that they require the user to interact with it to supply their username and password themselves (via a small, separate window that anyone who has used the Salesforce-provided DataLoader or the (third-party) Salesforce Workbench will be familiar with).

If you're working in a scenario where user interaction is not possible (e.g. you have a server that is running a shell script on a schedule via cron), then you'd need to use a non-interactive flow such as the JWT Bearer flow.

Related Solutions

[SalesForce] REST API without Connected App

Definitely doable. The admin should not have to customize anything:

create your Connected App, once, in an org with a managed package and namespace,
bake that exact client_id into the runtime code that you distribute,
use Web Server authentication flow or Username-Password flow when calling REST API,

Maybe there is a misunderstanding of how Connected App really operates here. Imagine a Salesforce Package as an analogy. You control the true source code in a Packaging / Release Org but you deploy or install a special instance of it. Similarly with a Connected App:

you control the Connected App 'definition' including client_id and secret,
a user allows (or a sysadmin can manage) the connected app 'instance' when it's used.

Does this help?

[SalesForce] Generate JWToken from salesforce using Consumer Secret

It's pretty similar with Salesforce, but your sample code has the parameters incorrect for the platform. See OAuth 2.0 JWT Bearer Token Flow from the Salesforce documentation for more details. Rather than using the JWT for authorization on REST requests, you'll exchange it for an access token, which you'll then include with a Bearer authorization header (if you're constructing your REST requests manually).

I use JWT in Python in one of my projects and have a Gist available showing how to use it with simple_salesforce. It's short, so I'll include the entirety here:

import jwt
import requests
import datetime
from simple_salesforce import Salesforce
from simple_salesforce.exceptions import SalesforceAuthenticationFailed

def jwt_login(consumer_id, username, private_key, sandbox=False):
    endpoint = 'https://test.salesforce.com' if sandbox is True else 'https://login.salesforce.com'
    jwt_payload = jwt.encode(
        { 
            'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=30),
            'iss': consumer_id,
            'aud': endpoint,
            'sub': username
        },
        private_key,
        algorithm='RS256'
    )

    result = requests.post(
        endpoint + '/services/oauth2/token',
        data={
            'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
            'assertion': jwt_payload
        }
    )
    body = result.json()

    if result.status_code != 200:
        raise SalesforceAuthenticationFailed(body['error'], body['error_description'])
    
    return Salesforce(instance_url=body['instance_url'], session_id=body['access_token'])

Call jwt_login() with the consumer Id, username, JWT signing key, and a Boolean for sandbox or production and you'll get back a simple_salesforce.Salesforce instance. If you aren't using that library and just want the access token, you could return body['access_token'] instead and modify the error handling.

N.b. as written this requires Python 3.6 for the time handling.

Best Answer

Related Solutions

[SalesForce] REST API without Connected App

[SalesForce] Generate JWToken from salesforce using Consumer Secret

Related Topic