Find your content:

Search form

You are here

Passing Session Id using URL instead of HTTP headers

 
Share

When invoking the Tooling API, is there a way to pass the Session Id using just URL parameters?

I've seen a couple of Salesforce APIs that work when the Session Id is contained in a URL parameter:

  1. This works with the Identity URL:

    GET https://na1.salesforce.com/id/[org_id]/[user_id]?oauth_token=[session_id]

  2. This works with Frontdoor.jsp for logging into Salesforce:

    GET https://na1.salesforce.com/secur/frontdoor.jsp?sid=[session_id]

Now I'm looking at the Tooling API which contains several GET-accessible operations, including Execute Anonymous (I appreciate the risk of this) and wondering if there is a way to do:

GET https://na1.salesforce.com/services/data/v28.0/tooling/executeAnonymous/?...

There are some docs on using the access token that seem to indicate the Identity URL might be a special case where that was permitted, else it must go in an header (for REST) or body (for SOAP).

Any ideas that don't use headers? RFC 3986 https://username:password@ was a non starter ;-)


Attribution to: bigassforce

Possible Suggestion/Solution #1

No, While using rest api it is mandatory to pass the session id / token in headers as passing it in query string will be very high security risk.


Attribution to: AtulRajguru9
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/32120

My Block Status

My Block Content