Our salesforce org needs to expose some functionality as a REST API class to an external app.
We created the apex class(@RestResource(urlMapping='')
), now to provide access to the external app :
- We created a new Integration User with limited access to profile and API enabled = true.
- We provided the credentials of this user to external app.
- We created a connected app and provided client_id and secret to external app.
- We provide salesforce oauth URLs to external app.
- External app uses Username Password oauth authentication flow with salesforce using these details to get access token.
We would like to explore a way without having need to create an Integration user and sharing this user's credentials.
How can this be achieved?
Best Answer
"Authentication without credentials" is fairly close to being a misnomer. By definition, if you want to authenticate a caller, you need some kind of credentials, and the best and most secure solution is to use a Salesforce user authenticated via OAuth.
There is another option that is suitable for specific situations, but is not a general-purpose replacement for credential-based authentication: a webhook. Webhooks are exposed to the open world and manually authenticate that inbound messages come from some client that knows a pre-shared secret. They do this by validating an HMAC signature (loosely, a cryptographically secure hash of the message content plus some pre-shared secret).
The webhook's Apex class is exposed to the world as an unauthenticated REST service on a Force.com Site.
Webhooks thus provide message integrity checks and a species of authentication without sharing user credentials. However, they come with some significant limitations.
In most situations, I would encourage using an integration user.
An integration user should always authenticate via OAuth and store a refresh token (unless using the JWT flow, in which case it should store a username and certificate). The remote system should not store a username and password. However, authentication to Salesforce always requires that a user exist in the target system.