[SalesForce] Authorization header missing from RestRequest headers map

I have a publicly exposed web service (Rest Apex) through Sites and I'd like to do basic authentication which I will manage myself. I noticed that when I specify Authorization: Basic HEREGOESBASE64ENCODEDVALUE in my HTTP request to my web service, I can't get that key-value pair in the RestRequest.headers map. All the other custom headers (if I specify any) are coming across.

Does anyone have explanation of why this specific standard header is not accessible in the RestRequest context?

I'm dealing with some legacy system and oAuth2.0 authentication is
out of the question.

@RestResource(urlMapping='/myMapping/*')
global with sharing class MyClass 
{
    @HttpPost
    global static void doPost()
    {
        RestRequest restRequest = RestContext.request;

        if (restRequest.headers.get('Authorization') == null)
        {
            // always goes here
        }
    }
}

Best Answer

Salesforce does not allow access to the Authorization header.

If you are using the a Salesforce login with OAuth use UserInfo.getSessionId() to get the Authorization data.

I created a public REST service that uses a shared key for authorization. As a workaround I added a custom header called AuthorizationToken. By checking to ensure this is present and valid I can authorize a call.

Best Answer

Related Solutions

[SalesForce] Static authorization token for REST API from external system

[SalesForce] Retrieve “Authorization” header using apex

Related Topic