Tuesday, April 28, 2015


REST API provides a powerful, convenient, and simple Web services API for interacting with Force.com. Its advantages include ease of integration and development, and it’s an excellent choice of technology for use with mobile applications and Web 2.0 projects.

A REST resource is an abstraction of a piece of information, such as a single data record, a collection of records, or even dynamic real-time information. Each resource in the Force.com REST API is identified by a named URI, and is accessed using standard HTTP methods (HEAD, GET, POST, PATCH, DELETE). The Force.com REST API is based on the usage of resources, their URIs, and the links between them. You use a resource to interact with your Salesforce or Force.com organization. For example, you can:
  •  Retrieve summary information about the API versions available to you.
  • Obtain detailed information about a Salesforce object such as an Account or a custom object.
  • Obtain detailed information about Force.com objects, such as User or a custom object.
  • Perform a query or search.
  • Update or delete records.

In this blog, I will be explaining how to interact with Salesforce using REST API.  I will be creating a VF page named as “RESTAPIPlayground”. On this page you can specify different parameters which is required to send HTTPRequest like Access token, end point URL (URI), HTTP method etc. VF page will display the response from Salesforce and will also display the Apex code to send HTTPRequest.

Here I assume that you are aware of how to generate access token from salesforce using oAuth2.0. If you want to learn this first then refer to my earlier blog:

Once you have access token of salesforce with which you want to interact then you can use this playground (VF Page) to play with different options available under REST API.

Create a Apex class "RESTAPIPlaygroundController" and VF Page "RESTAPIPlayground". Below is code for Apex Class and VF page.

Below is snapshot of REST API Playground. You can specify the Access_Token, REST API service URI (endpoint URL), HTTP method and content type (json or xml), request body (in case of patch and post method). Once you click on send request, system will display the HTTP response.

Note: Add the REST API service URI (end point URL) to remote site settings before sending HTTPRequest.

Friday, April 24, 2015


OAuth (Open Authorization) is an open protocol to allow secure API authorization in a simple and standardized way from desktop and web applications. The Force.com platform implements the OAuth 2.0 Authorization Framework, so users can authorize applications to access Force.com resources (via the Force.com REST and SOAP Web Service APIs) or Chatter resources (via the Chatter REST API) on their behalf without revealing their passwords or other credentials to those applications. Alternatively, applications can directly authenticate to access the same resources without the presence of an end user.

In this blog, I will be specifying different steps which we need to perform in order to generate Access token for Salesforce org. We will be using 2 different developer org. In org 1, we will be writing all code to generate access token for another org.

In order to access token from different org and storing different required information, we will create custom object (External_Application__c) and create different fields mentioned below:

Field Label
Field Name
Data Type
Access Token
Text Area(255)
Application Name
Text(255) (Unique Case Insensitive)
Authorization Server Response
Long Text Area(32768)
Callback URL
Text Area(255)
Client ID
Text Area(255)
Consumer secret
Text Area(255)
Text Area(255)
Instance URL
Text Area(255)
Issued at
Text Area(255)
Outh Code
Text Area(255)
Text Area(255)
Salesforce Domain
Text Area(255)

Different steps involved in order to get access token:

Login to developer organization (org 2) for which you want to generate access token.
  1. Navigate to Setup Create Apps, and in the Connected Apps section, click New to create a new connected app and click Enable OAuth Settings to open the API section.
  2. Specify name (here I am specifying "Rest Playground"), check enable OAuth settings checkbox and specify callback URL (in my case- https://xxx.salesforce.com/apex/WebServerAuthentication?AppName=SunilKumar04). here xxx refer to domain name for example ap1,ap2 etc.
  3. You may leave “Selected OAuth Scopes” blank.
  4. Click on Save. You will get consumer key and consumer secret key. Copy these 2 keys values and store it in notepad.

Now login to developer organization (org 1) where you will be writing whole logic to find access
token for org 2.
  • Create a custom button "Refresh Access Token" in External Application object. 

  • Create a VF page “WebServerAuthentication” and apex class “WebServerAuthenticationController”.

  • Add custom button "Refresh Access Token"  to External Application page layout.
  • Create Remote Site Settings records. Specify domain name of org 2 for which you want to fetch access token.

  • Now create a External Application records. Specify consumer key (generated while creatin connected app in org 2) in client id field. Enter consumer secret and callback URL as present in connect app record in org 2.

Now we ready to generate access token which for org 2. Go to detail page of  record which you created. I have created record with name as "SunilKumar04".  Click on Refresh Access Token.
System will redirect you to salesforce login page. Enter the credential of org 2 for which you want access token. After logging, if system ask any permission then click on Allow button. After that you will be redirected to org 1 and you can see the response details on External Application record detail page.


  • If you are integrating 2 developer org, then create domain in your developer org and use domain URL  as endpoint URL in Httprequest.
  • You can connect to different org. Create different records in External Application object for different org.
  • For more detailed information on obtaing access token, please refere below URL  https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com