Integration With Salesforce Without using OAuth2.0
As we all know, we configure a connected app with OAuth2.0 to authenticate and authorize a safe visit for our clients. But what if our client does not support OAuth2.0? Is there any other way to authenticate our clients? The answer is Yes! and here is what you can do!
- Go to Setup and search for Sites. Now, Go to Sites and register your company's Salesforce site domain.
- Now, you are ready to create a site for the domain you just registered. Click on New and create a new site. Activate the site after successful creation.
- A user (SITENAME Site guest user) and a profile (SITENAME profile) get created after you create the site. Click on Public Access Settings to give object level and field level permission to Site Guest user for the corresponding profile.
- What now? Nothing, You are already home!. You are all set to expose your services to your client. You just need to select one of the hash-based authentication methods which can be used in both the systems ( Salesforce and client system).
Let’s use HMAC SHA256 code to authenticate our clients. You can visit Here to more read about HMAC.
HMAC SHA256 uses 2 parameters to generate signature. We will use Secret key and Request body for authentication.
- Use any secret Code which is shared between you and the client. Let’s say you decide to use ‘AuthenticateMe’.
- So, here is how your client will generate an HMAC signature.
EncodingUtil.base64Encode(crypto.generateMac('HmacSHA256',requestBody,’ AuthenticateMe’’)));
- Ask your client to send a generated signature in Headers with a key such as ‘HMACSignature’( you can suggest them any key based on your requirement).
- You will receive this header and compare it with the signature you created using the same secret key and body.
You just integrated with your client system without OAuth2.0. Do you know any other way to achieve this? Let me know in the comment below.
