0

I have to retrieve data from Salesforce (using default endpoint for Rest Api SOQL queries) for a specific user. Now for getting Access_token I'm using "grant_type: password" with "System User" who has full privileges. Unfortunately, in this approach I can only retrieve all data. I could use specific user credentials but I don't want to store them in my database. Is there any workaround, which let me retrieve data on behalf of a specific user, respecting roles and sharing settings?

Thanks in advance.

Lyroys
  • 1
  • 1
  • Check this post https://salesforce.stackexchange.com/questions/152543/create-record-on-behalf-of-another-user – Dhanik Lal Sahni Aug 09 '19 at 10:50
  • Use JWT Bearer flow in oAuth. This has been covered in many previous questions, e.g. https://salesforce.stackexchange.com/questions/258371/jwt-bearer-flow-vs-usernamepassword-flow-in-server-to-server-integration – identigral Aug 12 '19 at 15:15

1 Answers1

1

You can use authorization as 'Authorization: Bearer <your_session_id>'. You can get session id using UserInfo class

httpReq.setHeader('Authorization', 'Bearer ' + UserInfo.getSessionId());

added based on comments

As you said SOQL through REST:

HttpRequest req = new HttpRequest();
req.setEndpoint('https://ap2.salesforce.com/services/data/v35.0/query/?q=select+name+,+type+from+account');
req.setMethod('GET');

string autho = 'Bearer '+ userInfo.getsessionId();
req.setHeader('Authorization', autho);

Http http = new Http();
HTTPResponse res = http.send(req);

Here the records will be retrieved based on logged in user.

When you login as another user, only records accessable to that user will be retrieved

salesforce-sas
  • 24,161
  • 5
  • 41
  • 78
  • But how would it work if I am already authorized as a admin? – kurunve Aug 09 '19 at 09:35
  • added in answer – salesforce-sas Aug 09 '19 at 09:46
  • Thank you for the response. I should precise one thing: the main problem here is a fact, that I have to retrieve data in Microservices (.Net), so I can't use UserInfo class. I'm trying to find an implementation which I could use in ASP.NET Core, so outside Salesforce Org. – Lyroys Aug 09 '19 at 11:06
  • You will need integration user created and store those credentials in .net. Records accessibility depends on profile of integration user – salesforce-sas Aug 09 '19 at 11:29
  • 1
    But in this case, I still won't be able to get records for a specific user, respecting records visibility. – Lyroys Aug 09 '19 at 11:36
  • Am actually confused what specific user you are talking about. Can you please give correct requirement in question. It's not clear from question that you even want to integrate to external system – salesforce-sas Aug 09 '19 at 11:38
  • 1
    Sorry about that. I mean, that I'm building a web and mobile app where users (who use salesforce) can log in and check their data (for example Accounts). Because of that, I'm creating API which should retrieve proper data. In this API I'm using grant_type: password authentication. The point is, that I want to retrieve only data which should be displayed to a logged user, like in Salesforce, respecting Role hierarchy, Sharing Rules etc. The easiest way would be using credentials of currently logged user, to retrieve his Access_Token, but I don't want to store their passwords. – Lyroys Aug 09 '19 at 12:04