Connecting to does support some ways to make an application like connection to it such that the user grants permission only to specific resources via the OAuth protocol. For this exercise I have not done that. I did it using a simpler password based authentication technique. I know customers that have done it and it could be the subject of another future article.

In order to get our hands on what calls a consumer_key and consumer_secret which are required to authenticate with the RESTful API, there are still quite a number of steps to go through.

Firstly you can go to: and sign up for a free developer account.

  1. Authenticate your email address, using the initial screen:
  2. Click the link in the confirmation email to open the Getting Started screen.
  3. Expand the Create option in the Build menu at the lower left, then click on Create>Apps:
  4. Click on the New button for Connected Apps at the bottom center of the page:
  5. Fill out the first two sections only,  Basic Information and API (Enable OAuth Settings).
    • Use similar information to that shown below.
    • Notice the dummy “Callback URL”? The screen requires it even though we are not actually using the OAuth callback URL in this adapter.
      Note: You need to use a secure URL “https://” rather than “http://”
    • I selected full access for the adapter to make development easier (you can add restrictions later).
    • When you have filled out the fields, click the Save button at the top of the form.
  6. Click on the Continue button, in the New Connected App screen:
  7. Now we need to relax the IP restrictions on who can connect to the API.
    • Click the Manage button, to manage your app:

      Tip: If you went exploring after point 6, and got lost trying to get back the page with the Manage button (like I did).

      Then do the following to manage your app: Click the Setup link (top right on all screens), choose Build>Create>Apps from the menu at the left bottom of the screen, then click on the Manage link to manage your app.

      You can can also click the Connected App Name link to get back to the exact same screen with the [Edit], [Delete] and [Manage] buttons.

      Alternatively: Go to the list in Administer>Manage Apps>Connected Apps and click on the Master Label link which takes you directly to the Manage screen for the App.

    • Click the Edit button so we can change the “IP Relaxation:” setting:
    • Select Relax IP restrictions from the drop down, then click Save:
  8. We’re almost done. The last thing to do is to get the “consumer key” and “consumer secret” – our prize!
    • Click the the Back to List: Custom Apps link:
    • Then click on the link for your App in the Connected Apps panel at the bottom of the page:

      Tip: If you get lost trying to find the above page (like I did), do the following: Click the Setup link (top right on all screens), the choose Build>Create>Apps from the menu at the left bottom of the screen.

      Note: There is a similar list in Administer>Manage Apps>Connected Apps but this link in this list takes you to the wrong place (i.e., the Manage page not the Apps page).

    • By default the consumer secret is hidden, just Click to reveal as suggested:
    • Now you can see the Consumer Key and the Consumer Secret, we will need both of these to connect to Salesforce:

So with the password authentication method I used for this article we need these two values, plus a username and password for a user. I show a very simple “Hello World” example of using the API here:Screen Shot 2015-09-17 at 10.55.46 AM

Notice a few things:

  1. We have to query the salesforce API for an “access_token”. This then needs to be passed in with subsequent calls using an HTTP “Authorization” header.
  2. The API is using a SQL like query language called SOQL – Sales Object Query Language.

The form of the JSON data which comes back from getting the access token is like this:

Screen Shot 2015-09-17 at 11.07.18 AM

And the form of the JSON data which comes back from the query is like this:

Screen Shot 2015-09-17 at 11.08.40 AM

The sales force force API makes use of these HTTP methods to do the various CRUD operations:

  1. Create – HTTP PATCH.
  2. Read – HTTP GET
  3. Update – HTTP PATCH
  4. Delete – HTTP DELETE

Because the API is very uniform it’s easy to auto-generate an entire API to all the known objects in the API. I will cover that shortly, but first let’s talk about caching.

Leave A Comment?

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.