Workbench is one of widely used tool in Salesforce when it comes to exploring REST API of Salesforce. However I wanted to export REST API response in Binary format and therefore used cURL. cURL is open source command line library mostly used to test http request. It can be downloaded from here and official documentation about how to use cURL can be referred from here.
To use cURL with Salesforce REST API, we will need to use username – password flow of OAuth2. To use OAuth2, we need to create connected App. You can check “Create Connected app” section of this post. You can enter any URL for callback or if you have already created any connected app in past, then it can be used. After creating connected app, note “Consumer key” and “Consumer Secret” somewhere.
create file “LoginInfo.txt” file which will have all required login information in URL encoded format
grant_type=password& client_id= 3MVG9iTxZANhwsdsdsdsdspr0Lu3QNRNKk4c2FejzTys5Mlp43UeSHBuhWWgRjEUyV6xE7N0GostjR3sRat & client_secret=21961212323233121943 & username=jitendra.zaa@demo.com & password=myPWDAndSecurityToken
make sure there is no space in above file. I have added some space for sake of readability.
grant_type=password informs Salesforce to use “Username and password” flow of OAuth2, We are also passing client_id, client_secret, username and password.
1. Login to Salsforce using cURL
Run below command to login into Salesforce
curl -X POST -d @LoginInfo.txt https://login.salesforce.com/services/oauth2/token
Output :
{"id":"https://login.salesforce.com/id/00D90000000YnViEAK/00590000000Gl5VAAS", "issued_at":"1437005678627", "token_type":"Bearer", "instance_url":"https://shivasoftdemo-dev-ed.my.salesforce.com", "signature":"RlUOj40dyd0bhSZPNIKqE7Jp7DpyXSKULEFaYolW/3I=", "access_token":"00D90000000YnVi!ARIAQB0fu5fjPy_ JClQ7B343ffdfRcPv0toe7QcotaZu1aWJnVmN2enCLAeUKBQVcnSvR3JjDz20 2LfRpGTRzaCdsds6lUBnaQ"}
Above output returned in JSON format is not readable so we can add header “PrettyPrint” in REST API request to return formatted json response.
2. Login to Salsforce using cURL with PrettyPrint option
new request will look like :
curl -X POST -d @LoginInfo.txt https://login.salesforce.com/services/oauth2/token -H "X-PrettyPrint:1"
Output :
{ "id" : "https://login.salesforce.com/id/00D90000000YnViEAK/005900df000Gl5VAAS", "issued_at" : "1437005809464", "token_type" : "Bearer", "instance_url" : "https://shivasoftdemo-dev-ed.my.salesforce.com", "signature" : "3PD9nGTtpis23aWNP8IPtL3sYNuApFdfdd8eDa2Rc=", "access_token" : "00D90000000YnVi!ARIAQB0fu5fjPy_JClQ7BrkkyX3RcPvdfdaWJnVmN 2enCLAeUKBQVcnSvR3JjDz202LfRpGTRzaCmsC6lUBnaQ" }
If login is success then we will get response as shown above. Extract “access_token” and “instance_url” from above response, as it will be used on every subsequent API calls.
As we received session id in form of “access_token”, we can use cURL exactly like workbench as shown in below example.
3. Example – Get information about all available REST API in Salesforce
curl -H "Authorization: Bearer 00D90000000YnVi!ARIAQBdfu5fjPy_JClQ7BrkkyX3RcPv0toe 7QcotaZu1aWJnVmN2enCLAeUKBQVcnSvR3JjDz202LfRpGTRzaCmsC6lUBnaQ" -H "X-PrettyPrint:1" https://shivasoftdemo-dev-ed.my.salesforce.com/services/data/v34.0/
Don’t forget to include Bearer attribute in double quotes as session id contains exclamation mark and it creates issue while sending request.
Output :
{ "limits" : "/services/data/v34.0/limits", "sobjects" : "/services/data/v34.0/sobjects", "support" : "/services/data/v34.0/support", "connect" : "/services/data/v34.0/connect", "query" : "/services/data/v34.0/query", "theme" : "/services/data/v34.0/theme", "queryAll" : "/services/data/v34.0/queryAll", "nouns" : "/services/data/v34.0/nouns", "knowledgeManagement" : "/services/data/v34.0/knowledgeManagement", "tooling" : "/services/data/v34.0/tooling", "chatter" : "/services/data/v34.0/chatter", "analytics" : "/services/data/v34.0/analytics", "recent" : "/services/data/v34.0/recent", "composite" : "/services/data/v34.0/composite", "process" : "/services/data/v34.0/process", "licensing" : "/services/data/v34.0/licensing", "identity" : "https://login.salesforce.com/id/00D90000000YnViEAK/00590000000Gl5VAAS", "flexiPage" : "/services/data/v34.0/flexiPage", "search" : "/services/data/v34.0/search", "quickActions" : "/services/data/v34.0/quickActions", "wave" : "/services/data/v34.0/wave", "appMenu" : "/services/data/v34.0/appMenu", "compactLayouts" : "/services/data/v34.0/compactLayouts", "actions" : "/services/data/v34.0/actions", "tabs" : "/services/data/v34.0/tabs" }
Making Salesforce REST API request without SessionId
Curl works like browser, If we try to access REST API directly from browser then we get below error
If we try to do same with cURL then we will get same error:
Try to access Visualforce page using cURL
To access Visualforce page in Salesforce, first we need to login to Salesforce. Once logged in, if we try to access Visualforce page even with valid session Id, we will not get proper output because of Salesforce security , it shows that it is checking for sfdc.app and navigator and tries to redirect to Login page. It does not display expected output from Visualforce. It clearly seems that salesforce is using some sort of security to check valid request.
In same way, if we are logged in to curl previously and then try to access Visualforce using post method then salesforce tries to display form element with request forwarded from cURL. It does not display expected output from Visualforce. We can clearly see that how secure is salesforce and there is no way to break it.
Leave a Reply