[SalesForce] Access MetadataAPI via JavaScript

We created an 100% native Salesforce IDE as a Managed Package which is using ToolingAPI and MetadataAPI via APEX. This works fine. But there is one thing which really bothers people after the installation of the package: they are annoyed be the well know endpoint-exception:

System.CalloutException: IO Exception: Unauthorized endpoint, please check Setup->Security->Remote site settings

In my opinion it is very bad to let users run into that exception – even if you may assume that developers are the target-group and they will figure the simple steps to proceed. We want to do it better.

What we have done first, was to include the most common endpoints as Remote-Sites in the packaged – knowing that we'll never be able to cover all due to the myDomain feature. So we have done it for na0..naX, eu0..euX and csX. Now, I have developed a strong dislike to this kind of bulk-inclusion, because:

it is bad to include > 30 endpoints in a (frustrated) preemptive measure when only a single one is really required.
there is an issue in the installer, when you need to confirm the endpoints and the list is too long, the confirm-button falls out of the visible screen area…
for sure, security review will dislike that sort of misdemeanor – and I totally agree.

So what can we do? Writing an manual or display a nice list of post-install manual steps? C'mon, still not nice. One guy from Salesforce suggested a Heroku-Proxy: APEX calls Heroku (one static endpoint, passing required endpoint as parameter) and Heroku calls back MetadataAPI to configure the endpoint… hmmmm… overkill…? What else?

I just read this very cool answer from @sfdcfox here Dynamically set remote site Setting in Apex
Fast-forward discarding the options Flash, Java, Silverlight and ThirdParty as having too many tradeoffs, I really love the JavaScript idea!

Now, my draft would be to create a Post-Install page which contains the JavaScript. First thing to ask for username, password and token (or better go with OAuth?). Then to access MetadataAPI via a callout by Javascript and dynamically add the single endpoint to the org. Bottom-line: the Heroku-Pattern without Heroku 😉

And finally here is my question: does anyone of you have accessed MetadataAPI directly from JavaScript? Even if in a completely different use-case, a JS-callout-skeleton to do just "something" with the MetadataAPI would help me a lot to figure out the final solution on my own. Or are there any obvious show-stoppers which prevent JavaScript from accessing the MetadateAPI?

I think it could be worth to share a concept here, since it would be a repeatable pattern usable for many use cases.

Best Answer

You can actually call the metadata API from JavaScript exceptionally easy. I threw this together in response to this question:

var binding = new XMLHttpRequest(), payload = '<?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-Instance"> <soapenv:Header> <urn:SessionHeader xmlns:urn="http://soap.sforce.com/2006/04/metadata"> <urn:sessionId>{!$Api.Session_ID}</urn:sessionId> </urn:SessionHeader> </soapenv:Header> <soapenv:Body> <createMetadata xmlns="http://soap.sforce.com/2006/04/metadata"> <metadata xsi:type="ns2:RemoteSiteSetting" xmlns:ns2="http://soap.sforce.com/2006/04/metadata"> <fullName>This Server</fullName> <description>The API endpoint</description> <disableProtocolSecurity>false</disableProtocolSecurity> <isActive>true</isActive> <url>{0}</url> </metadata> </createMetadata> </soapenv:Body></soapenv:Envelope>'.replace('{0}',window.top.location.protocol+'//'+window.top.location.hostname+'/');
    binding.open('POST', window.top.location.protocol+'//'+window.top.location.hostname+'/services/Soap/m/31.0');
    binding.setRequestHeader('SOAPAction','""');
    binding.setRequestHeader('Content-Type', 'text/xml');
    binding.onreadystatechange = function() { if(this.readyState==4) handleResponse(); }
    binding.send(payload);

Everything appears to work (I was getting some odd Invalid Session ID when I tried to grab it from the cookie directly, so the merge field should fix that). Feedback welcome. Also, you'll want to add the "base" version as well (use getSalesforceBaseUrl() in Apex Code to discover the correct URL to use).

Related Solutions

[SalesForce] Lightning access via ToolingAPI or MetadataAPI

Both ToolingAPI and MetadataAPI are both fully functional and supported (Beta also of course). Dev Console uses the tooling api itself and sublime-lightning sits on top of the forceCLI project that uses various APIs. Packaging support is based on the MD API. At least one ISV/Partner (Squidify) has already Lightning Components enabled their own tools. Our own Salesforce Eclipse plugin will soon have LC support too.

Here is the MD API doc for AuraDefinition and AuraDefinitionBundle that should get you started:

https://www.salesforce.com/us/developer/docs/api_meta/index_Left.htm#CSHID=meta_auradefinitionbundle.htm|StartTopic=Content%2Fmeta_auradefinitionbundle.htm|SkinName=webhelp

SObject API is also a useful read:

https://www.salesforce.com/us/developer/docs/api/index_Left.htm#CSHID=sforce_api_objects_auradefinitionbundle.htm|StartTopic=Content%2Fsforce_api_objects_auradefinitionbundle.htm|SkinName=webhelp

LCs are represented by 2 new entities: AuraDefinitionBundle (the set of defs that comprise a component, app, event, etc) and AuraDefinition (and individual part of a bundle: markup (cmp, app, evt, etc), myCompinentController.js, and so on)

[SalesForce] Deleting specific picklist value by using MetadataAPI

I believe in older API versions (<38) there is no way to delete or modified any picklist value through the Metadata API.

The reason for it is because of data integrity. If the value you want to delete was used in at least one record, only from the configuration interface (point & click) you will be able to address that scenario.

When you are online (point & click), doing that type of operations, the message is something like:

"Use this page to globally replace an existing value in a picklist with a new value. Choose a replacement value in the box below to apply to any records that contain the deleted value. Choose "None" if you do not want to change the value of existing records. The picklist no longer contains the deleted value but records containing that value still display it."

One workaround might be to remove the value at the level of the RecordType(s). Try to use the API to update your RecordType(s) and remove the value.

That was happening with older API versions (cannot say which version previous to 37). With API 38.0 we have the CustomValue and using it, we can Deactivate the values:

If picklist values are missing from a component definition, they get deactivated when deployed. Deactivation occurs for picklist values of both standard and custom fields.

For instance, for this picklist (you can get the file below if you fetch the CustomField and not the CustomObject):

<CustomObject xmlns="http://soap.sforce.com/2006/04/metadata">
    <fields>
        <fullName>Picklist1__c</fullName>
        <externalId>false</externalId>
        <label>Picklist1</label>
        <required>false</required>
        <type>Picklist</type>
        <valueSet>
            <valueSetDefinition>
                <sorted>false</sorted>
                <value>
                    <fullName>a</fullName>
                    <default>false</default>
                </value>
                <value>
                    <fullName>b</fullName>
                    <default>false</default>
                </value>
                <value>
                    <fullName>c</fullName>
                    <default>false</default>
                </value>
            </valueSetDefinition>
        </valueSet>
    </fields>
</CustomObject>

If we package and deploy the file without the value "c" it will be deactivated.

Before:

After:

What I cannot see is a way (API method) to delete the value and replace existing values with other active value or "blank".

Globally replace an existing value in a picklist with a new value. Choose a replacement value below to apply to any records that contain the deleted value. If you choose not to replace the value, the picklist no longer contains the deleted value but records containing that value still display it.

Best Answer

Related Solutions

[SalesForce] Lightning access via ToolingAPI or MetadataAPI

[SalesForce] Deleting specific picklist value by using MetadataAPI

Related Topic