Named Credentials in Salesforce are a feature in the platform that allows you to securely store and manage authentication information for external services or endpoints. Named Credentials eliminate the need to hardcode usernames, passwords, tokens, or other sensitive data within your Salesforce code, making it easier to manage and enhance security.
With Named Credentials, you can define a named endpoint and associate it with a specific URL, authentication protocol, and other necessary credentials. This information is securely stored in Salesforce and can be referenced in Apex code, Visualforce pages, or other integrations.
Named Credentials support various authentication mechanisms, such as username-password authentication, OAuth 2.0, and JWT (JSON Web Token) authentication. You can choose the appropriate authentication method based on the requirements of the external service you are integrating with.
Table of Contents
ToggleBenefits of using Named Credentials
- Enhanced security: Instead of storing sensitive information in your code or configuration files, you can securely store and manage it within Salesforce.
- Simplified integration: Named Credentials abstract the authentication details, making it easier to integrate with external services without worrying about the underlying authentication mechanisms.
- Centralized management: You can manage all your external service credentials in a centralized location within Salesforce, making it easier to update or rotate credentials when necessary.
By utilizing Named Credentials, you can streamline your integration processes, improve security, and simplify the management of external service credentials within the Salesforce platform.
What is the difference between remote site settings and named credentials in Salesforce?
Remote Site Settings and Named Credentials are two different features in Salesforce that serve distinct purposes. Here’s the difference between them:
Remote Site Settings:
- Purpose: Remote Site Settings specify and enable access to external websites or services within Salesforce.
- Security and access control: Remote Site Settings allow Salesforce to make outbound requests to the specified remote site or service. It defines the endpoint URL and includes security settings such as protocol (HTTP or HTTPS) and port numbers.
- URL-based access control: Remote Site Settings operate on a URL basis, meaning they grant access to a specific URL or domain. Any requests made to the configured URL are allowed.
- No built-in credential management: Remote Site Settings do not store any authentication credentials. If authentication is required, you must pass the necessary credentials along with the request.
- Typically used for web service integrations: Remote Site Settings are commonly used for integrating with external web services or APIs that do not require complex authentication mechanisms.
Named Credentials:
- Purpose: Named Credentials securely store and manage authentication information for external services or endpoints in Salesforce.
- Authentication and credential management: Named Credentials provide a way to store authentication details such as usernames, passwords, tokens, or certificates securely within Salesforce.
- Support for various authentication methods: Named Credentials support authentication mechanisms such as username-password authentication, OAuth 2.0, and JWT (JSON Web Token) authentication.
- Centralized credential management: Named Credentials offer a centralized location to manage and update credentials, making it easier to maintain and rotate them when necessary.
- Integration simplicity: Named Credentials abstract the authentication details, allowing for simplified integration with external services without exposing sensitive information in code or configuration files.
In summary, Remote Site Settings focus on enabling access to external websites or services. At the same time, Named Credentials are primarily used for securely storing and managing authentication credentials for external services or endpoints within Salesforce. Remote Site Settings handle access control based on URLs, while Named Credentials handle authentication and provide a centralized credential management system.
How to create named credentials in Salesforce?
To create Named Credentials in Salesforce, follow these steps:
- Log in to your Salesforce org with the appropriate user permissions.
- Go to Setup by clicking on your username in the top-right corner and selecting “Setup” from the dropdown menu.
- In the Quick Find box on the left sidebar, search for “Named Credentials” and select it from the search results.
- Click on the “New Named Credential” button.
- Provide the necessary information for the Named Credential:
- Label: Enter a descriptive label for the Named Credential.
- Name: Salesforce will auto-generate a name based on the label. You can modify it if desired.
- URL: Specify the URL of the external service or endpoint you are integrating.
- Identity Type: Select the appropriate identity type based on the authentication method required by the external service (e.g., Named Principal, Anonymous, Per User, etc.).
- Authentication Protocol: Choose the authentication protocol supported by the external service (e.g., Password Authentication, OAuth 2.0, JWT Bearer Token, etc.).
- Username: If applicable, enter the username for authentication.
- Password: If applicable, enter the password for authentication.
- Token: If applicable, enter any token required for authentication (e.g., security token).
- Certificate: If applicable, upload a certificate for authentication.
- Generate Authorization Header: Check this box if you want Salesforce to include an Authorization header in outbound requests.
- Allow Merge Fields in HTTP Header: Check this box if you want to use merge fields in the HTTP header.
- Allow Merge Fields in HTTP Body: Check this box if you want to use merge fields in the HTTP body.
Click “Save” to create the Named Credential.
Once the Named Credential is created, you can use it in your Apex code, Visualforce pages, or other integrations by referencing its name. Salesforce handles the authentication details and securely manages the credentials for you.
Note: The available options and fields may vary depending on the Salesforce edition and the authentication protocols enabled in your org.
How to use Named credential in Apex?
Let’s say you have a Named Credential named “ExternalAPI” that points to an external RESTful API endpoint.
HttpRequest request = new HttpRequest();
request.setEndpoint('callout:ExternalAPI/someEndpoint');
request.setMethod('GET');
Http http = new Http();
HttpResponse response = http.send(request);
if (response.getStatusCode() == 200) {
// Process the response
String responseBody = response.getBody();
System.debug('Response: ' + responseBody);
} else {
// Handle error
System.debug('Error: ' + response.getStatusCode() + ' ' + response.getStatus());
}
In the code snippet above, we create an HttpRequest object and set the endpoint to ‘callout:ExternalAPI/someEndpoint’. The ‘callout:’ prefix indicates that we are referencing the Named Credential.
Using the Named Credential, Salesforce automatically handles the authentication details, including the necessary authentication headers or tokens in the outbound request.
You can then make the HTTP request using the HttpRequest object, and upon receiving the HttpResponse, you can process the response or handle any errors accordingly.
Different Authentication protocol in Named Credential
Salesforce Named Credentials support several authentication protocols for integrating with external services. The available authentication protocols include the following:
- Password Authentication: This protocol involves providing a username and password for authentication. The password can be combined with a security token if necessary.
- OAuth 2.0: OAuth 2.0 is an industry-standard protocol for delegated authorization. It allows users to grant access to resources from one website to another without sharing their credentials. Salesforce supports OAuth 2.0 for authentication with external services.
- JWT Bearer Token: JWT (JSON Web Token) Bearer Token authentication is a method that uses a digitally-signed token to authenticate requests. Salesforce can generate and sign JWTs for authentication purposes.
- AWS Signature Version 4: This protocol is specific to integrating with Amazon Web Services (AWS). It involves signing requests with AWS Signature Version 4 for authentication and authorization.
- Azure Active Directory: This protocol allows authentication with Microsoft Azure Active Directory (Azure AD) for accessing Azure resources and services.
- Named Principal: Named Principal authentication is used when the external service requires a specific identity or principal to authenticate. It involves providing a username and private key associated with that named principal.
- Anonymous: Anonymous authentication is used when no authentication is required for accessing the external service. It is commonly used for public APIs or endpoints not requiring authentication.
The availability of these protocols may vary based on the Salesforce edition and the authentication capabilities enabled in your org. When creating a Named Credential, you can choose the appropriate authentication protocol based on the requirements of the external service you are integrating with.
Become an expert with Salesforce Integration with this course: Salesforce Integration with External Systems