Named Credential – using a merge field

apexcalloutnamedcredentials

Im facing issues trying to generate the auth header in Apex when using Named Credentials.

Unfortunately I cannot use the standard Named Credential approach (auto header generation) as I have to embed a session id in the header.

Blob authHeaderValue = Blob.valueOf('{!$Credential.Username}' + ':' + sessionId);
HttpRequest request = new HttpRequest();
request.setMethod('POST');
request.setEndpoint('callout:endpointexample');
request.setHeader('Content-Type', 'application/json');
request.setHeader('Authorization', 'Basic' + ' ' +  EncodingUtil.base64Encode(authHeaderValue));
Http http = new Http();
HTTPResponse res = http.send(request);

If I hardcode the username it works fine so assuming {!$Credential.Username} is the issue here.

Best Answer

Named Credential acts as a runtime proxy. The proxy receives your HTTP request then searches its body or headers for the merge field as a literal string. If NC doesn't find the field, it won't interpolate (merge) it:

This works: request.setHeader('X-Username', '{!$Credential.Username}');

This also works (assuming Generate Authorization Header is unchecked): request.setHeader('Authorization', 'Bearer: {!$Credential.Username}');

This does not work:

Blob authHeaderValue = Blob.valueOf('{!$Credential.Username}' + ':' + sessionId);
request.setHeader('Authorization', 'Basic ' + EncodingUtil.base64Encode(authHeaderValue));

...nor does this:

Blob authHeaderValue = Blob.valueOf('{!$Credential.Username}');
request.setHeader('Authorization', 'Basic ' + EncodingUtil.base64Encode(authHeaderValue));

...nor this:

Blob authHeaderValue = 
request.setHeader('Authorization', 'Basic ' + EncodingUtil.base64Encode(Blob.valueOf('{!$Credential.Username}')));

Related Solutions

[SalesForce] Named Credentials – Merge Fields not Resolving

I was having the same issue, but I needed the username and password in the body of the request, I solved this by assigning the merge fields to string variables, then put the variables with all the other body content. You have to be aware that when you debug the variables or the body you will see the merge field '{!$Credential.UserName}' .... and not the actual value, the value is only replaced when the request is finally sent.

        Http h = new Http();
        HttpRequest req = new HttpRequest();
        req.setHeader('Content-Type', 'application/x-www-form-urlencoded');
        req.setMethod('POST');
        req.setEndpoint('callout:ePayData/api/transact.php');

        string username = '{!$Credential.UserName}';
        string password = '{!$Credential.Password}';

        string body = CreateRequestBody(acc);

        req.setBody('username='+ username + '&password=' + password + '&' + body);

        System.debug(req.getBody());
        HttpResponse res = h.send(req);
        String responseJson = res.getBody();

        System.debug(responseJson);

[SalesForce] Named credential for gotoWebinar app (oauth v2.0)

Will Answer for anyone who is struggling with this. I could make it work but with workarounds.

First of all when creating the Auth Provider (Step 2 in my original post) Send "Client Credentials in header" should be checked too.In Default Scopes I have "openid refresh_token all" I think openid is not necessary but didn't check that yet, I also didn't check if those scopes ment to be added there or just in the named credential. The rest works as is.

Then in the GTW App (Step 1 of my original post) you should change the Application URL for the Callback URL that the Auth provider salesforce configuration gives you (at the bottom of image 2)

Last but not least, for the Authentication section fo the Named Credential you should create a Self-Signed Certificate from Setup > Security > Certificate and Key Management, then select Identity Type (Named Principal or Per User) whatever your case is. Then in scope again "openid refresh_token all" In the callout options just check Generate authorization headers and that should work BUT...

Named credentials works fine with refresh tokens when they got a 401 status response and GoToWebinar Api doesn't give you that, it gives you a 403 when the access token is expired (https://goto-developer.logmeininc.com/getgo-api-http-status-codes)

So You are pretty much done unless you change the named credential URL to just api.getgo.com and then check your calls for 403 responses, make a dummy call forcing a 401 ( any request to /oauth/v2/token with bad token will give you that status and then make the original call again because Named credential refreshed the token automatically after that forced 401.

It's hacky but it works. Hope some of you find this useful

Best Answer

Related Solutions

[SalesForce] Named Credentials – Merge Fields not Resolving

[SalesForce] Named credential for gotoWebinar app (oauth v2.0)

Related Topic