Tag Archives: sites

Public Anonymous Web Service on Salesforce Platform – No Login!

Posted on by

39645249So I was approached recently with the need to expose data to a vendor.  “Sure!” I thought…”What’s your endpoint, WSDL, and the format you want your data sent in?” was my initial response.

“No, we need to pull from you.” threw me for a loop – Salesforce ABSOLUTELY allows you to expose web services, but you need to establish a session first.  For an established vendor with 1,000’s of other clients they poll data from, there is no way in heck that they would change their process to add a log in component.

Hmmmph.  Well, let’s figure this out.  Salesforce is awesome, and there is always a way to do this.

Step 1:  Create your APEX Web Service

global class Generic_Whatever_Service {
webService static String yourWebService() {
String strReturnValue = 'Put whatever normal logic in here you would do';
return strReturnValue;
}
}

Step 2:  Create or Navigate to a Salesforce Sites instance

You’ll need to go in to the “Public Access Settings” button and configure the Guest Profile to be able to access your APEX class and any other objects that it may hit.

Step 3:  Download your WSDL and modify your endpoint

You’ll note that the endpoint in the WSDL is set to be https://yourinstance.salesforce.com/services/soap/class/name_of_your_class.  If you try to access this as it’s provided, you’ll be prompted for a sessionId, hence a login.

If you change your endpoint to be http://<your Sites URL>/<your Sites name if applicable>/services/soap/class/<name of your class> you’ll find that you now have a fully anonymous web service!

WAIT!  Don’t forget about security!

Honestly, there is no reason that you need to have a fully anonymously-accessible web service hosted by Salesforce.  The platform does a lot, but it’s just not geared for that IMHO.  (You should have an environment built for this if you are hosting data like that)

What I’ve done with the services I publish like this is to lock down access to it via the Guest Profile’s “IP Login Ranges”, found through the “Public Access Settings” button in Sites.  While this method doesn’t completely shut down access, people outside of your specified ranges will get an “INSUFFICIENT_ACCESS” error when trying to access your web service.

Questions?  Ask below.  =)