I have been tasked with integrating our homegrown multi-client CRM with Salesforce.com. I am going to write a server-based service which will push information from each of our clients CRM datastores to Salesforce. I'd like to use the SFDC REST API, but could use the SOAP API if necessary.
I am struggling to understand the best security mechanism to use. As the solution will be server-based it is essential that no user interaction is required when connecting to SFDC. Our server needs to be able to establish a secure connection to SFDC without a user providing their login credentials.
So far I have experimented with the REST API, and OAuth2.0. I have setup a test SFDC account and configured our app within it, getting the consumer key, secret key and callback uri. This all works, and my callback page receives a security token. My callback page uses the supplied token as follows:
string rc = "";
string uri = "https://eu2.salesforce.com/services/data/v20.0/sobjects/";
System.Net.WebRequest req = System.Net.WebRequest.Create(uri);
req.Method = "GET";
req.Headers.Add("Authorization: Bearer " + token);
System.Net.WebResponse resp = req.GetResponse();
System.IO.StreamReader sr = new System.IO.StreamReader(resp.GetResponseStream());
rc = "code=" + code + ", response=" + sr.ReadToEnd().Trim();
catch (Exception ex)
rc = "45435465 Token=" + token + ", err=" + ex.Message;
Trouble is, every time I run this I receive a 401 (Unauthorised) reply from SFDC, even though I am passing the security token provided by SFDC.
Is the REST API the correct approach for 'unattended' access like this, and can anyone advise what I'm doing wrong in my code, or offer words of wisdom on how to get this working?