[SalesForce] Static authorization token for REST API from external system

I am integrating an external system and they gave me an authorization token. I set the authorization token and it is working fine. I used SetHeader in HttpRequest.

Now they want to send a REST request to SFDC for another integration. I have created a connected app and ask them to hit the URL and get the access token.

https://login.salesforce.com/services/oauth2/token -d "grant_type=password" 
-d "client_id=********************OhAdICPQdnHyQqIRRoxxyMLaggiJOF_.l.HgS" 
-d "client_secret=***************" 
-d "username=****************" -d "password=********"

A series of questions have been raised:

  1. Do I need to create a connected app for the REST API? Is there any other way to authorize the external system REST request?
  2. Why do they need to make a call every time and get the access token? Can't I set a static authorization token in a header? They said, "We provided a token to you to set in header; you need to provide us the same. We can't make a call every time to get the access token."

Best Answer

Answering your questions in turn:

  1. You could use the SOAP login() call to get a session ID and use that in place of the access token, but then you have to create an XML request and parse the XML response.
  2. No. Access tokens/session IDs are time limited, and you have to authenticate to get one. There is no static token with Salesforce.
Related Topic