Activity Forums Salesforce® Discussions How is Access Token used with REST API in Salesforce ?

Tagged: , , , ,

  • Vikas Kumar

    Member
    January 9, 2017 at 12:30 pm

    Hi sushant,

    Access token is used for authorization purpose.

    Once authenticated, every request must pass in the access_token value in the header. It cannot be passed as a request parameter.

    go through https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/quickstart_oauth.htm for detail option

    Hope it may help

  • shariq

    Member
    September 19, 2018 at 11:54 am

    Hi,

    The first step in any API-based integration is getting an OAuth access token to authenticate your calls.

    Using the client ID and secret  call the REST Auth service to obtain an OAuth access token for authenticating your API calls. This sample call demonstrates how to POST to that resource to acquire an access token.

    POST https://auth.exacttargetapis.com/v1/requestToken
    Content-Type: application/json
    {
    "clientId": "YOUR_CLIENT_ID",
    "clientSecret": "YOUR_CLIENT_SECRET"
    }

    200 OK
    {
    "accessToken": "YOUR_ACCESS_TOKEN"
    "expiresIn": 3600
    }

    The access token is returned in the accessToken property. Specify this access token to authenticate all other REST API calls via the Authorization header field with the Bearer HTTP authorization scheme.

    Refresh an Access Token
    Note the expiresIn property in the HTTP response to the requestToken API call. Access tokens expire one hour after they are issued. If you attempt to use an expired token, you receive a 401 Unauthorized HTTP response. If this happens, refresh your access token by calling requestToken again.

    Follow these considerations when using the API directly and doing your own OAuth token management.

    Do not request a new access token for every API call you make—-each access token is good for an hour and is reusable. Making two API calls for every one operation is inefficient and causes throttling.
    Be careful where you store your client ID and secret. Never expose this information on the client side via JavaScript or store it in a mobile application. Ensure that these credentials are stored securely in your application.

    Hope this helps!

  • Parul

    Member
    September 22, 2018 at 5:32 am

    Adding some points:

    Once access token is used for authorization purpose and authenticated, every request must pass in the access_token value in the header. It cannot be passed as a request parameter.

    go through https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/quickstart_oauth.htm for detail option

    Hope it may helps

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos

Report

Harassment or bullying behavior
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Mobile App Reported Contents
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .