[SalesForce] Use a Named Credential with API key

I want to be able to make callouts to JotForm, but they do not support OAuth and username/password is insufficient for their API. Here are their docs; for reference, here are the 3 auth options:

Authenticate with Query Parameters

Authenticate with HTTP Headers

Authenticate with Javascript SDK

Basically, they provide an API Key and want me to include an apikey parameter in the header. I don't want to hard code it, I don't want to store it as plain text in custom settings/metadata, and this isn't a managed package. Is there any way to securely store/authenticate from Salesforce, ideally using a Named Credential?

I'd love to be able to just have a Named Credential that is just a securely stored, obscured API Key…

Best Answer

Well... sort of. The only two officially supported methods are by Basic Authentication and OAuth tokens. That site uses a non-standard API design, so it can't directly benefit from using a Named Credential. "But wait," I hear you say, "you didn't say it wasn't possible." And for that, you'd be correct. Here's what we can do to work within this system's design.

First, go to the New Named Credential screen. Specify the base endpoint ("http://api.jotform.com/"), set the Identity Type to "Named Principle," choose Authentication Protocol "Password Authentication," specify any random user name ("anonymous" should work), and type in the API key as your password. Uncheck "Generate Authorization Header" and check "Allow Merge Fields in HTTP Header", then save this Named Credential.

Now, in your code, you can specify the API key using a merge field:

HttpRequest req = new HttpRequest();
req.setMethod('GET');
req.setEndpoint('callout:jotform/user');
req.setHeader('APIKEY', '{!$Credential.Password}');
HttpResponse res = new Http().send(req);

Related Solutions

[SalesForce] use Named Credential merge fields as URL parameters on the endpoint

You can only use merge fields within setHeader and setBody, as the options specify. This may mean that you need to use POST with application/x-www-form-urlencoded, or arrange for a specific header to be understood by the server. Your server should NOT be accepting usernames and passwords in the query string, as this is a major security risk.

[SalesForce] Named Credentials: How to Start OAuth flow

Once you are authenticated you don't need to re-authenticate with external service again.

Every external system provide refresh token with access token and using that refresh token you need to refresh the access token.

You can use batch which will run in backend and refresh your access token. Schedule this batch to run in 7 hours.

To refresh the access token using refresh token you can follow these links.

OAuth 2.0 Refresh Token Flow

Although this is link for SF token but the basic idea will remain same here.

Sample code.

POST /services/oauth2/token HTTP/1.1
Host: https://login.salesforce.com/ 
grant_type=refresh_token&client_id=Your client id here&client_secret=Your client secert here
&refresh_token=your token here

For the second point where you need to re-authentication you can do one thing. Create a checkbox and if checkbox is true then update record type with a button for re-authentication and once user click on this button and re-authenticate you can again change the pagelayout and hide the button.

In your batch if you get time 0 then update the record with checkbox true.so user can see the button for re-authenticate.

And as you are system admin so you need to store their access token and refresh token in some place and your code can access it from there.

Best Answer

Related Solutions

[SalesForce] use Named Credential merge fields as URL parameters on the endpoint

[SalesForce] Named Credentials: How to Start OAuth flow

Related Topic