You are here

You are here

Salesforce Client Flow

With the Salesforce Client Flow, a Salesforce session token and the Org's Partner Server URL is used in place of a SpringCM refresh token to obtain a SpringCM REST API access token.  To use this form of authentication the following setup is required:

  1. The Salesforce Organization Id from which session tokens will be used must be mapped to a SpringCM account in the SpringCM account preferences.  SpringCM supports a single one to one mapping of a Salesforce Org to SpringCM account.  When the session token is passed to SpringCM, it will be verified and then a query is executed to determine the Salesforce organization from which the session originiated.  The Salesforce Client flow will then determine what SpringCM account that Salesforce organization is mapped to.
  2. Users must be mapped in the SpringCM Address Book ahead of the authentication request.  After determining the SpringCM account mapping, the Salesforce Client Flow will retrieve the user’s email address from Salesforce and try to map that to a user in the SpringCM account’s Address Book.  Users can be provisioned in SpringCM using any supported user creation method. These include SpringCM user sync for Salesforce, bulk CSV upload, the SpringCM user interface, or the API.

If the Salesforce Org has installed SpringCM’s managed package for Salesforce and followed the setup instructions, the above 2 items should already be in place and no further action should need to be taken to start using the Salesforce Client Flow authentication method to the REST API.

The token endpoint for the Salesforce Client Flow and sample JSON request/response are shown below.  Note that the Org’s Partner Server API URL must also be passed along with the Salesforce session Id:

Production Salesforce Authentication Endpoint

UAT Salesforce Authentication Endpoint

Salesforce Authentication - Sample Request

headers:  Accept: 'application/json', Content-Type: application/json 
method: POST
  "session_id": [Salesforce session],
  "api_url": [Salesforce Partner WSDL SOAP endpoint for the Org],
  "client_id": [client id passed to the authorization endpoint],
  "client_secret": [client secret pair for the client id]

Salesforce Authentication - Sample Response

  "access_token": [Access token that can be used immediately],
  "token_type": "bearer",
  "expires_in": "number of seconds before the access token expires",
  "api_base_url": "base url for the object api"

The Partner WSDL SOAP endpoint can be obtained in a visual force page from the following global variable where xxx represents the version of the API: {!$Api.Partner_Server_URL__xxx}

The access token can now be used to access the API.  It must be passed in the Authorization header for all calls to the Object, Task and Content API.  When passing it must be prefixed with “bearer” as shown below:

Authorization: bearer [your access token]