Wednesday, 11 April 2018

2 Factor Authentication / 2FA

Single Factor Authentication  VS 2 Factor Authentication(2FA)?


Single Factor Authentication
2 Factor Authentication
Only one level, Usually password used for authentication
2 level of authentication, Usually Password + Any verification code from hard ware device typically mobile

Ex: 
1. OTP
2. RSA hardware device


Why do we need 2 Factor Authentication(2FA) ?

This provides additional layer of security.
Ex:
  • OTP (One Time Password)
  • Finger Prints
  • Facial Recognition
  • SMS 
  • etc..


Any live examples have you come across?

Yes,
1. Every time any bank transaction it will ask for OTP which used to get in my registered mobile
2. Every time you try Salesforce login in new browser  it will send OTP to your registered Mobile/ Email


Authentication Apps Vs Text/Voice/Email ?

Authentication apps prompts 6 digit number every 30 seconds once.So no need to wait to recieve any text/voice/Email message.
Only the thing is need to install Authenticator the app.


What are the different Authenticator apps you know?

  • Google Authenticator
  • Salesforce Authenticator


How to enable 2 Factor Authentication in Salesforce?




Friday, 6 April 2018

API Testing Tools & Salesforce API Test

What are the API Testing Tools ?

Few tools available to test the REST / SOAP API with out writing any code.
With that simple test  can verify web service is working fine or not.

Share the widely used API Tools information?

Below are the tools which i used in my experience.
  • Hurl
  • Postman
  • SoapUI

Explain each one ?

SoapUI
PostMan
Hurl.it
Specifically built tool for API functional testing.
Google Chrome Extension for API testing.
Online link available foe API testing.

Download SoapUI Open Source

Google Chrome Webstore – Add this extension
Sign in using below
Note: If we have account, Can login to any machine and get all the API collections which we tested.

Supports both REST & SOAP
Supports both REST & SOAP, But mostly used for REST API testing
Only REST API testing supported.
Time Saving – The raised request can be save and can re-run later point of time.
Time Saving – The raised request can be save and can re-run later point of time.
Time Consuming – Every time need to enter the request details.
Installation needed
Extension need to be added
Not required any installation, Directly access by url

How to access Salesforce API from external application?

  1. Create a Connected app in Salesforce. Share Consumer Key,Consumer Secret with client.
  2. Create a user with access API only access.As best practice create a separate profile API access and create a user under that.Share that user credentials with external application. 
    • Note: This user credentials will be shared with external application,So it should have permission only 'API Only User' to limit that credential access.
  3. Generate Access Token from these values & Send CRUD request along with Access Token.



How to generate access token from "Hurl" tool ?

Please enter below details to get the access token

POST
https://salesforce.com/services/oauth2/token
Authentication
Basic Authentication, Add Username & Password
deepik@gmail.com
pwd
Headers

Content-type
application/x-www-form-urlencoded
Parameters :
username
deepik@gmail.com
password
pwd
client_id
3MVG9d8..z..iQcL79m2_ABa8Kiq5mtRIW88bMQS5JVc6_4_zdyIjDZ8
client_secret
127141494000000000000
grant_type
password





Some times you get Invalid_grant / Authentication Failure error? What could be the reason?

           1. If your organization security token is enabled,Need to add password+security token in above password field
        2. If IP range is enabled and still getting the above error,Please verify on connected app permission is granted or not.Provide the permission for that user.

How to get the user details from Salesforce by passing the user id from external application?



GET
https://salesforce.com/services/apexrest/User/
Headers

Content-Type
application/x-www-form-urlencoded
Authorization
Bearer  00D7F000000owBh!AQwAQJ9d5Ffx9ndeM8
1DPowo8AM1kOe88Y
TnSw0tJUTUgDxtov64NaO_8kxCFQ0
Parameters

UserID
0057F000d4000

What is the significance of "Bearer" in Authorization request?


            Authentication Type.

How to perform API call with out code?Ex:Get the user details from Salesforce?






How to generate Access token & API request from Postman ?