Find your content:

Search form

You are here

Webserver flow : Using apex Rest API part of a managed package installed in client orgs

 
Share

I am building a beta managed package in which I created a connected app ( which generated its own clientsecret and clientid in my dev org).

Now when someone install this package in their org they all will get a copy of my class ( having rest api) lets suppose CreateANewContact.

If any of the rest client say postman want to acces my REST API first need to get the access token and then the refresh token. To get access token following params are important ClientID,ClientSecret,UserName,Psssword.

I have only one clientid and clinetsectrect which belongs to my dev org.

Q1 Question is how the REST Client who are trying to access REST API belong to below org will be accessed.?

Org A ClientID ? Client Secret ? Org B ClientID ? Client Secret ?

Q2 : Will org A and B have their own seprate clientid and client secret or to access their api the same clientid/clientsecret which was generated in dev org can be used ( could be an exception in case of managed package) ?If yes then how can i use them.

Please correct me if I am wrong anywhere in above explaination.

Thanks in advance


Attribution to: sfdcChamp

Possible Suggestion/Solution #1

The Connected App provides a way for you, the ISV, to obtain access to a customer's org via oAuth. If you follow the flow here, the customer would click on a link/button provided by your package that would ask them to authorize your app and direct them to an endpoint where the oAuth process provides you, the ISV, with an authorization code. You then use that code along with the Client Id and Client Secret from your ConnectedApp to request an oAuth access token from Salesforce which you can then use to access to the Customer's org via REST based on the access the Connected App provides.

The key part from an ISV perspective is having an endpoint where you can retrieve the initial code and swap it for an Access Token - when I have done this, I use my Salesforce LMA org as a secure endpoint, and then execute some code there to get the access token.

Note - you don't even need to include the ConnectedApp in your package - so long as you provide the means via a link or button for a customer to initiate the oAuth flow, that is sufficient.


Attribution to: BritishBoyinDC

Possible Suggestion/Solution #2

enter image description here I got your point so for example if I have a LMA org (Assume it as Outh2.0 server) and 2 client Orgs.. I can create a button in client's org to get my client's user authenticated from LMA per steps given in webserverflow.

Now here are the actual steps. Mine is a free app and have APEX REST API build into it. Orgs installing my app will have a copy of REST API Created by me. There will be a third party web application which wants to interact with all my client orgs.. and want to consume specific APEX REST API. Where I am not clear is my packaging org has a clientid/clientsecret but my client orgs dont have ( fine as you said above there is no need to package connected app). Then can you give me steps how a thiordparty can interact with my REST api ( which is in multiple orgs)

Please have a look at the screenshot created by me.

So sorry if I am missing any basic point and asking this again.

Thanks for your previous reply and help.


Attribution to: sfdcChamp
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/33240

My Block Status

My Block Content