[SalesForce] REST API without Connected App

I have to design an external app which will retrieve information from Salesforce. Any user can install this app and use it. This app will use rest API to access information from Salesforce. I cannot force the users belonging to multiple orgs to create a connected app in their instance to generate consumer key and consumer secret. Ideally users must be able to enter username and password+security token to access the data. Is there a way to achieve this or any other way without much customization by the admin.

Best Answer

Definitely doable. The admin should not have to customize anything:

create your Connected App, once, in an org with a managed package and namespace,
bake that exact client_id into the runtime code that you distribute,
use Web Server authentication flow or Username-Password flow when calling REST API,

Maybe there is a misunderstanding of how Connected App really operates here. Imagine a Salesforce Package as an analogy. You control the true source code in a Packaging / Release Org but you deploy or install a special instance of it. Similarly with a Connected App:

you control the Connected App 'definition' including client_id and secret,
a user allows (or a sysadmin can manage) the connected app 'instance' when it's used.

Does this help?

Related Solutions

[SalesForce] How to connect to Salesforce REST API without OAuth? How does Jitterbit do it

You can use any login call, and you'll be able to use that session ID with REST. This probably isn't clearly documented, but there are similar questions on here (and other forums) that do explain this.

For example, I use this code to get my browser session:

document.cookie.match(/sid=(.+?);/)[1]

...which I can then throw directly into the Authorization header (Bearer SID). I use this method when I'm testing our code in POSTMAN (custom REST calls).

You can also use any valid SOAP session, etc. Note that if you do use OAuth, the "scope" of that token must include API access, or it will be blocked.

[SalesForce] Rest API Login – Customer Portal User

I worked through a similar situation. I'm assuming that you are using OAuth, and in a nutshell it boils down the login URL. Internal Users are naturally going to login.salesforce.com, but your portal User are going to have to go to the Site Login URL. Here's the link to the article from that got me going, and here's the excerpt that's at the heart of it.

The first step in enabling OAuth for your Portal users is to associate a Force.com Site with your Portal, if you have not already done so. The Site provides your Portal with a unique URL and allows you to create a custom login page. Apps that wish to login users for the Portal must use the hostname from the Site’s secure URL when redirecting users to the OAuth 2.0 authorization service. For example, rather than redirecting to

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=your_client_id&redirect_uri=your_redirect_uri

instead use

https://mysite.secure.force.com/services/oauth2/authorize?response_type=code&client_id=your_client_id&redirect_uri=your_redirect_uri

Best Answer

Related Solutions

[SalesForce] How to connect to Salesforce REST API without OAuth? How does Jitterbit do it

[SalesForce] Rest API Login – Customer Portal User

Related Topic