当前位置: 文江博客 话题详情

Salesforce合并API身份验证使用携带者令牌

发布于 2025-01-26 09:24:00 字数 2597 浏览 2 评论 0 原文

我是Salesforce和API的新手。 我试图使用SOAP API进行合并记录调用。使用邮递员相同。 我已经将WSDL导入了我的本地,称为登录方法以获取ServerUrl和SessionID。 使用这些参数进行后续合并调用。 在登录过程中,我使用了用户名和密码来验证。

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <login xmlns="urn:enterprise.soap.sforce.com">
      <username>username</username>
      <password>password+auth_token</password>
    </login>
  </soap:Body>
</soap:Envelope>

并得到以下响应:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="urn:enterprise.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <loginResponse>
            <result>
                <metadataServerUrl>https://**company_name**--dev.my.salesforce.com/services/Soap/m/54.0/00D0Q0000000QP8</metadataServerUrl>
                <passwordExpired>false</passwordExpired>
                <sandbox>true</sandbox>
                <serverUrl>https://**company_name**--dev.my.salesforce.com/services/Soap/c/54.0/00D0Q0000000QP8/0DF0Q0000004Ct6</serverUrl>
                <sessionId>**masked**</sessionId>
                <userId>xxx</userId>
                <userInfo>
                    .....
                </userInfo>
            </result>
        </loginResponse>
    </soapenv:Body>
</soapenv:Envelope>

后来使用从上面返回的会话ID进行合并调用。

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:enterprise.soap.sforce.com"> xmlns:sobject="urn:sobject.enterprise.soap.sforce.com">
 <soap:Header>
  <urn:SessionHeader>
    <urn:sessionId>**masked**</urn:sessionId>
  </urn:SessionHeader>
 </soap:Header>
  <soap:Body>
    <merge xmlns="urn:enterprise.soap.sforce.com">
      <request>
        <masterRecord xsi:type="sobject:Account" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Id xmlns="urn:sobject.enterprise.soap.sforce.com">0010Q00001abcdefgh</Id>
        </masterRecord>
        <recordToMergeIds>0010Q00001ijklmnop</recordToMergeIds>
      </request>
    </merge>
  </soap:Body>
</soap:Envelope>

并能够合并记录。

我的问题是 - 如果我想使用用户名和密码,但使用携带者令牌,身体应该是什么。 我可以在不传递用户名和密码的情况下调用登录方法吗?

原文

Im completely new to Salesforce and API's.
Im trying to make a Merge record call using SOAP API . Using Postman for the same .
I have imported the WSDL to my local , Called Login method to get the serverURL and sessionId.
Using these parameters to make subsequent merge calls .
During the login , I have used username and password to authenticate .

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <login xmlns="urn:enterprise.soap.sforce.com">
      <username>username</username>
      <password>password+auth_token</password>
    </login>
  </soap:Body>
</soap:Envelope>

and getting the below response:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="urn:enterprise.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <loginResponse>
            <result>
                <metadataServerUrl>https://**company_name**--dev.my.salesforce.com/services/Soap/m/54.0/00D0Q0000000QP8</metadataServerUrl>
                <passwordExpired>false</passwordExpired>
                <sandbox>true</sandbox>
                <serverUrl>https://**company_name**--dev.my.salesforce.com/services/Soap/c/54.0/00D0Q0000000QP8/0DF0Q0000004Ct6</serverUrl>
                <sessionId>**masked**</sessionId>
                <userId>xxx</userId>
                <userInfo>
                    .....
                </userInfo>
            </result>
        </loginResponse>
    </soapenv:Body>
</soapenv:Envelope>

Later im making the Merge call using the session ID returned from the above .

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:enterprise.soap.sforce.com"> xmlns:sobject="urn:sobject.enterprise.soap.sforce.com">
 <soap:Header>
  <urn:SessionHeader>
    <urn:sessionId>**masked**</urn:sessionId>
  </urn:SessionHeader>
 </soap:Header>
  <soap:Body>
    <merge xmlns="urn:enterprise.soap.sforce.com">
      <request>
        <masterRecord xsi:type="sobject:Account" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Id xmlns="urn:sobject.enterprise.soap.sforce.com">0010Q00001abcdefgh</Id>
        </masterRecord>
        <recordToMergeIds>0010Q00001ijklmnop</recordToMergeIds>
      </request>
    </merge>
  </soap:Body>
</soap:Envelope>

and able to merge the records.

My question is - what should the body be if i donot want to use username and password but use Bearer token.
Can i call the login method without passing username and password?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

长不大的小祸害 2025-02-02 09:24:00

您可能是 xy问题的受害者。您不能在SOAP API中做到这一点,REST API是否可以选择?

soap api的

REST API还有更多的登录选项,但是如果您在潜水之前稍微阅读了有关OAuth2的阅读,这将有所帮助。您致电登录和(类似于SOAP API)从现在开始使用and Access_Token。该Access_Token的作用像SOAP APIS会话ID,您可以在下一个请求中使用它。在大多数情况下,它们应该可以互换,通过REST获得的Access_token应该在SOAP API调用中使用。

如果您已经有会话ID /访问令牌< / strong>(看起来像“ 00d ...!.... ....”,第一部分是ORG ID,您可以在设置中看到 - 例如,公司信息) - 您不需要登录电话。直接调用SOAP API合并,并以&lt; urn:sessionId&gt; 传递该值。

如果您没有会话ID,则需要登录,但没有在应用程序中登录用户名和密码...您有很多选项。选择正确的方法是一种艺术,这取决于您正在做什么。网站,移动应用程序?对于内部用户还是社区?它会持有一些凭据(例如,如果需要Sysadmin Powers,在没有人类互动的情况下工作),还是会向用户显示SF登录屏幕并将其重定向返回应用程序?甚至还有“物联网”的东西用于设备,将其状态报告给SF或在没有键盘(电视,冰箱)的设备上登录,您可以在此处启动流程并在笔记本电脑或电话上完成...

如果您从未听说过OAuth2在这是一个大主题之前,“使用Google/Facebook/Twitter/LinkedIn登录”只是其中的一部分。您最好阅读一些博客,请访问 https://trailhead.salesforce.com/en/content/learn/trails/build-integrations-using-connected-apps ,甚至可以符合身份和访问经理认证。单击 https://openidconnect.herokuapp.com/ 也可能会有所帮助。

  1. 有“用户名 - password Flow”,看起来几乎像SOAP API的登录。
  2. 网站的Web服务器流量和用户代理流程&amp;移动应用程序将用户发送到SF登录屏幕(可以是SF,可以是单个登录,没关系),然后返回应用程序。因此,您的应用程序看不到密码,看不到任何凭据,
  3. 其中某些流中有刷新令牌选项(您一次使用另一种方法登录一次,您的应用程序接收到access_token,但也refresh_token。例如,无需要求用户再次登录60天的系统。因此,您仍然可以具有初始的“人类授权在应用程序之间的联系”,但是它可以在后台起作用。
  4. 在邮递员中您会很难尝试,但是有一些示例,例如 this 这个。您可以通过将证书上传到Salesforce,在SF和您的应用程序之间建立信任,并将用户标记为使用此方法,然后该应用程序发送特殊请求,只是使用用户名,无需密码。

You might be a victim of XY problem. You can't do it in SOAP API, will REST API be an option?

SOAP API's login call demands username and password (+ optional "security token", extra thing you add to password if you log in from untrusted IP). There are no other ways around it.

REST API has more options for logging in but it'd help if you read up about OAuth2 a bit before diving in. You call login and (similar to SOAP API) get back endpoint to use from now on and access_token. That access_token acts like SOAP APIs session id, you use it in next requests. Most of the time they should be interchangeable, access_token obtained via REST should be good to use in SOAP API calls.

If you already have session id / access token (will look like "00D...!....", first part is org id which you can see in Setup -> Company information for example) - you don't need login call. Call the SOAP API's merge directly and pass that value in <urn:sessionId>.

If you don't have session id, want to log in but without hardcoding username and password in your application... You have LOTS of options. Selecting right method is an art and it depends what are you making. A website, a mobile app? For internal users or community? Will it hold some credentials (for example if it needs sysadmin powers, working in background without human interaction) or will it show users the SF login screen and redirect back to the app? There's even "Internet of Things" stuff for pieces of equipment reporting their status to SF or logging in on device without keyboard (TV, fridge) where you initiate process there and finish on laptop or phone...

If you've never heard about OAuth2 before it's a big topic, "login with Google/Facebook/Twitter/LinkedIn" is just a piece of it. You'll be better off reading some blogs, checking out https://trailhead.salesforce.com/en/content/learn/trails/build-integrations-using-connected-apps or even studying to the Identity and Access Manager certification. Clicking through https://openidconnect.herokuapp.com/ might help too.

  1. There's "username-password flow" which looks almost like SOAP API's login.
  2. There's web server flow and user-agent flow for websites & mobile apps to send user to SF login screen (can be really SF, can be some single sign-on, doesn't matter) and back to the app. So your app doesn't see the password, doesn't see any credentials
  3. There's refresh token option in some of these flows (you logged in once with another method, your app received access_token but also refresh_token. When access expires - app can use refresh_token to silently get back to the system without asking user to log in again. For 60 days for example). So you could still have initial "human authorises connection between the apps" but then it can just work in the background
  4. There's JWT flow which you'll have hard time trying in Postman but there are examples such as this and this. You establish trust between SF and your app by uploading a certificate to Salesforce, marking user as allowed to use this method and then the app sends a special request just with username, no password needed.
回复 原文
~没有更多了~

关于作者

夏见

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

佚名

文章 0 评论 0

今天

文章 0 评论 0

゛时过境迁

文章 0 评论 0

达拉崩吧

文章 0 评论 0

呆萌少年

文章 0 评论 0

孤者何惧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文