This tutorial will show you how you can authenticate to Salesforce using RESTful services.
Configure remote access in Salesforce
The first thing to do is to allow external applications to connect to Salesforce. External applications will be recognized by two values - client_id and client_secret. In order to generate them, go to Setup | Develop | Remote Access. On the list of Remote Access Applications, click New to create an entry for your external app.
Fill in the form with proper values - they can be whatever you like. We will be using a username and password scenario in OAuth, so the Callback URL field can also have any value whatsoever.
Once you're done filling the form, click "Save". A screen will show up with details of your application. On the bottom of the page there is a section called "Authentication", and there you can find the values of client_id and client_secret which will be of interest to us in the later part of the tutorial.
Calling the login service with REST
In order to obtain an access token, we will send an HTTP POST request to the authentication endpoint exposed by Salesforce. If you are using your production organization, the endpoint's address will be:
https://login.salesforce.com/services/oauth2/token
If you are connecting to a developer sandbox, use:
https://test.salesforce.com/services/oauth2/token
The complete code to send to request is:
PostMethod method = new PostMethod("https://login.salesforce.com/services/oauth2/token");
HttpMethodParams params = new HttpMethodParams();
StringBuilder content = new StringBuilder();
content.append("grant_type=password");
content.append("&client_id=3MVG9Oe4hdf8GWcfWYDdPoXK9xISTe9ncGDrqkQSLfUqYfnAOnpeAoxXBub8Fn0hH_ZEBo5bwXXy");
content.append("&client_secret=24953483493483500");
content.append("&username=user@domain.com");
content.append("&password=<password><security-token>");
method.setRequestEntity(new StringRequestEntity(content.toString(), "text/plain", "UTF-8"));
method.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
HttpClient client = new HttpClient();
client.executeMethod(method);
One thing to remember is that the parameter password is in fact a concatenated value of your password and your security token. It is also essential to set the Content-Type of the request to application/x-www-form-urlencoded.
As a result of this call you should obtain the following response:
{
"id":"https://login.salesforce.com/id/00D50000000IZ32WKW/00550000001fjHSwW",
"issued_at":"1296458209517",
"refresh_token":"5Aep862eWO5D.7wJBuW5aaARbbxsdjU3qi59o1du7ob.lp23ba_3jMRnbFNT5R8X2GUKNA==",
"instance_url":"https://na5.salesforce.com",
"signature":"0/1Ldval/TIPf2tTdJsjkksdkI3899G",
"access_token":"00D50000000IZ3Z!AQ0AQtusBGG9eRLza8jXWoW7uA9dEi8eRiuitljncKYsn7ioKug2aSmgCjgrPj1QdDpED0V39rvQaIy1FGxjFHN1ZQ1Z2KSV"
}
You are authenticated. To authorize your calls, use the access_token value received in the response.
http://wordgraphs.com/post/853