[SalesForce] Invoking SOAP API in old fashion

I have registered in SF connected application, let say XY. This was done to accomplish SSO scenarios.

If there is integration on Partner API level as described, is it possible then to call from XY application SF web service API without OAuth 2.0 protocol ?
I want to call SOAP API by invoking login method with user name and password and then to use obtained session id in further communication with that API.

Why ?
We are having code (XY application) that is working perfectly on that way and I want just to add for SSO scenarios OAuth 2.0 protocol over connected app trust relationship.

Is that possible, or I have to move all of the calls to SF over OAuth. This mean to use access token instead of present session id.

Thank you

Best Answer

Its really possible to make authentication through oauth and then use normal login() and get session Id and make soap API calls .But provided you have obtained access token through Oauth you can simply make soap calls without login() method too.There is not much rework if you read the below article

http://blogs.developerforce.com/developer-relations/2011/03/oauth-and-the-soap-api.html

1) Implement one of the 6 flows supported by OAuth 2.0 and receive the access token, 'id' and other parameters from Force.com.

2) Make a GET request (passing in the access token as the OAuth authorization HTTP header) to the 'id' URI.

3) Insert the access token into the 'sessionID' SOAP header and make all subsequent API calls to the enterprise or partner SOAP endpoints returned by the previous step.

Related Solutions

[SalesForce] INVALID_SESSION_ID: This session is not valid for use with the API, when calling SOAP API in old fashion

If the org has white listing turned on (e.g. only these approved apps can connect) then anything else won't be allowed to login. Is there a reason why you're not doing an oauth flow to authenticate your app, especially as you've defined a connected app for it.

Also, if you want to authenticate without using a users API security token, you'll need to do it via an interactive OAuth login flow. All the programmatic login flows require the users API security token (unless the login is from a white listed IP address).

[SalesForce] How to issue/send access token from apex page to connected app

Sometime back, I was trying to connect 2 saleforce org via Oauth/Rest API. I think I did something similar. On Salesforce org(Source) act as auth provider. I created connected app in Target org to finally get the Oauth Token. providing small code base for that:

String reqbody = 'grant_type=password&client_id='+clientId+'&client_secret='+clientSecret+'&username='+username+'&password='+password;
// All of these u'll get once you set up connected app

    Http h = new Http();
    HttpRequest req = new HttpRequest();
    req.setBody(reqbody);
    req.setMethod('POST');
    req.setEndpoint('https://login.salesforce.com/services/oauth2/token');//Note if my domain is set up use the proper domain name else use login.salesforce.com for prod or developer or test.salesforce.com for sandbox instance

    HttpResponse res = h.send(req);
    OAuth2 objAuthenticationInfo = (OAuth2)JSON.deserialize(res.getbody(), OAuth2.class);
    //RequestWrapper reqst=new RequestWrapper();

    if(objAuthenticationInfo.access_token!=null) // your check for access token

    { for any further Rest API call, I was using this, which I think you needed: 
      **req1.setHeader('Authorization','Bearer '+objAuthenticationInfo.access_token);** 
      --------your further code------ }

Let me know in case you've any doubt over this :

Best Answer

Related Solutions

[SalesForce] INVALID_SESSION_ID: This session is not valid for use with the API, when calling SOAP API in old fashion

[SalesForce] How to issue/send access token from apex page to connected app

Related Topic