What are the widely used authentication mechanism ?
- API key
- OAuth Access Tokens
- JSON Web Tokens (JWT)
API Key VS OAuth ?
APIK Keys : Mostly used for publicly exposed web services.
Ex: Google APIs
OAuth : Authentication + Authorization
Ex: Google Map can be authenticated with 'API Key',
Facebook should use OAuth,Because each member data is confidential and if we give Facebook access via API key they should be able to perform any operation on any user data.
Real Time Exp :
Outbound Integration :
In one scenario client shared the API key and directly used that while interacting with their REST Web service from salesforce.
--> In Salesforce Remote site settings configure the API details
--> Latest ,By using Named Credentials can configure API & Credential details
--> Latest ,By using Named Credentials can configure API & Credential details
Inbound Integration :
In one scenario created a REST web service in the salesforce and exposed to other clients.
--> Created a API user and shared User name ,Password with client
--> Created a Connected App and generated Client ID (Consumer Key )& Client Secret (Consumer Secret) ,Share these details with client
-->By passing all these values with grant type password receives the Access Token
-->Then passing the access token can perform CRUD operations on REST web service
No comments:
Post a Comment