Versions Compared

Version Old Version 1 New Version 2
Changes made by

Amit Mishra

Amit Mishra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Check Enable OAuth Settings.

  2. Callback URL: enter your Callback URL, example: https://www.yourappname.com/api/callback

This will be the URL which that Salesforce POSTs to when the user has authorised authorized your app to access their data. This will include the access and request token (we’ll explain a bit more on this below but they are essential to be able to send and receive data.) So if you don’t have one already, you’ll need to set up an endpoint who’s whose role it is to receive and handle this request.

...

To start, your user is directed to a Saleforce.com authorisation authorization endpoint, there where they log in and approve access for your app to access their data.

After a successful authorisation authorization, Salesforce sends a response with an Access token and Refresh token.

The Access token is to be passed in the header of all API requests for data. This token has an expiry date and will always expire. By default, the Connected Apps have an access token with an expiry of 15 minutes (in line with the sessions settings within your Salesforce settings).

The Refresh token is to be used to retrieve a valid access token (e.g. when the current access token expires). You can change the expiry settings on this but you can also set this never to expire, only when it is revoked.

Example API calls:

To make the initial authorisation authorization request for a user to grant your app access to their data (this is where your user is initially directed to a Saleforce.com authorisation authorization endpoint and logs in) you’d make the following request. The ClientID in the below call will be your consumer ID from the connected app. The redirect_url will be the Callback URL.

...

A successful response from this will redirect the page to a Salesforce login page where the user is able to login log in and authenticate. After Salesforce confirms that the client has authorised authorized your app to access their data, the end -user’s user's browser is redirected to the callback URL you’ve specified by the redirect_uri parameter. Salesforce then appends an authorisation authorization code to the redirect URL, their request will look similar to the below.

Code Block
 

 

You’ll use this as the value for your code parameter when you make a request to Salesforce’s token endpoint to receive your Access and Refresh Token.

...

Outside of the access and response token, the instance URL is import imported also. It’s what you’ll need to build the base of your future API calls.

Now we have the access token, we’re able to start making requests to send and receive data on our users user's behalf. Something to keep in mind though, as mentioned earlier, is that these access tokens will always expire at some point.

Due to that, you’ll want to keep your access token up to date by making a call to the token endpoint and changing the grant_type to ‘refresh_token’ along with including the refresh token you had received in the previous call.

Example call:

...

curl https://login.salesforce.com/services/oauth2/token?=YOUR_REFRESH_TOKENgrant_type=refresh_token&client_id=YOUR_CONSUMER__ID&client_secret=YOUR_CONSUMER__SECRET&refresh_token

Example response:

Code Block
 curl
{
  "access_token": "REFRESHED_ACCESS_TOKEN",
  "signature": "signature",
  "scope": "refresh_token id api",
  "instance_url": "https://INSTANCE.salesforce.com",
  "id": "https://login.salesforce.com/id/idE",
  "token_type": "Bearer",
  "issued_at": "timestamp"
}

...