[SalesForce] salesforce rest api invalid session id error when using access token

I am trying to retrieve data from salesforce using the REST api and CURL in PHP.

I perform the authentication request and receive an 'instance_url' and 'access_token' but after performing a query request using those, i receive an "INVALID_SESSION_ID" error.

my authentication request code:

function get_sf_auth_data() {
    $post_data = array(
        'grant_type'   => 'password',
        'client_id'    => 'xxxxxxxxxxxxxxxxxxxxxx', //My client id (xxx... for this example)
        'client_secret' => '111111111111', // My client secret (111... for this example)
        'username'     => 'my_user_name',
        'password'     => 'my_user_password'
    );

    $headers = array(
        'Content-type' => 'application/x-www-form-urlencoded;charset=UTF-8'
    );

    $curl = curl_init('https://login.salesforce.com/services/oauth2/token');

    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);

    $response = curl_exec($curl);
    curl_close($curl);

    // Retrieve and parse response body
    $sf_access_data = json_decode($response, true);

    echo '*********' . $sf_response_data['instance_url'] . '********';
    echo '*********' . $sf_response_data['access_token'] . '********';

    return $sf_access_data;
}

My query request code:

function get_user_sfid($sf_access_data, $user_id_number){
    $sql = "SELECT Id, Name
            FROM Account
            WHERE ID__c = '$user_id_number'";

    $url = $sf_access_data['instance_url'] . '/services/data/v40.0/query/?q=' . urlencode($sql);

    $headers = array(
        'Authorization' => 'OAuth ' . $sf_access_data['access_token']
    );

    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_HEADER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);

    $json_response = curl_exec($curl);
    curl_close($curl);

    var_dump($json_response); // This prints out the response where i got the error

    $response = json_decode($json_response);

    return $response['id'];
}

The response to the query request as is:

[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]

I have also tried using this guide as reference but it uses an "authorization_code" authentication flow and not a "username-password" authentication flow which i am using.

The app has full access in salesforce and both api version and authentication data are correct

Connected app settings

Best Answer

I do not know php , but essentially there are 2 parts that your program need to cater for , curl command shown below. First, get the session id, then use session id in header to preform the action you want to do.

The header you are passing need to be "Authorization: Bearer yourSessionId" preferably enclosed in double quotes . If enclosed in single quotes you would need to take care of escaping the ! character that sometimes appears in session id.

Curl Commands that needs to be created

  1. get session id : This can be obtained through SOAP API login(), or through apex current context or through curl through username-password OAuth flow Eg: 

    curl https://<instance>.salesforce.com/services/oauth2/token 
-d "grant_type=password" -d "client_id=myclientid" -d "client_secret=myclientsecret" -d "mylogin@salesforce.com" -d "password=mypassword123456"

  2. Once you have the session id you can use it as follows

    curl https://***instance_name***.salesforce.com/services/data/v40.0/ 
-H "Authorization: Bearer 00D50000000IehZ\!AQcAQH0dMHZfz972Szmpkb58urFRkgeBGsxL_QJWwYMfAbUeeG7c1E6
LYUfiDUkWe6H34r1AAwOR8B8fLEz6n04NPGRrq0FM"
Related Topic