I have an org with a bunch of custom objects. I need to sync records of these objects with data from an external system. I want to expose a JSON/REST API to the external system and have it send Salesforce JSON objects to parse and use to insert or create custom object records. The external system is the client, and Salesforce is the service.
In order to hit the REST URL, I need a token in the request. In order to get the token, I need to request it from Salesforce. In order to request it, I need to specify a client_id and client_secret in the request to /services/oauth/token. I can create both of them by creating a new app in the sandbox or prod, but I can't publish the app there. If I try to get a token using a client_id and client_secret from that app, I get this error:
{"error":"invalid_client_id","error_description":"client identifier invalid"}
This is presumably because the app hasn't been published.
Now, in order to publish an app, I need to be using a Developer Edition org. So I go and fire one up and start writing my service implementation there with the @RestResource annotation on it. At first it's just Hello World and everything's fine. I can then add that class to a package, upload the package and install it into my original sandbox or production org and now I can use the client_id and client_secret from the Developer Edition app but against the sandbox to get a token and that token is good for hitting the service. So far so good.
Now, the minute my service implementation class gets beyond Hello World it's going to start using the custom objects I want to insert and update and other classes. But they don't exist in my Developer Edition, they're in the original sandbox and prod orgs. If I copy them over, they'll be added to the package with service implementation, because they're a dependency of it. And they have dependencies too. Pretty soon my whole original org codebase has gone over to the Developer Edition org, which is NOT what I want. I want to be able to make changes to that stuff in the original org without having to think about what might be going on in some other Developer Edition org elsewhere.
Is this really how it's supposed to work? How does anyone ever publish a JSON API in real life?
Best Answer
You sometimes have to wait a few minutes for a client ID to become active. Try the original client id/secret now.