I am calling the salesforce using REST API provided by maven dependency.
<!-- Force REST API -->
<dependency>
<groupId>com.frejo</groupId>
<artifactId>force-rest-api</artifactId>
<version>0.0.39</version>
</dependency>
I have implemented the below code, but I am wondering without sending the access_token how am I getting the result ? Isn't that not secure or how its implemented ? Will be good to go ahead with this API?
public class ForceApiExample {
public static void main(String[] args) {
ForceApi api = new ForceApi(new ApiConfig()
.setUsername("[email protected]")
.setPassword("XXX")
.setClientId("XXXXXMB8EGsF3NRtJ0")
.setClientSecret("XXX"));
ApiSession session = api.getSession();
String accessToken = session.getAccessToken();
System.out.println("ACCESS_TOKEN : "+accessToken);
List<Map> result = api.query("SELECT name FROM Account").getRecords();
System.out.println("RESULT : "+result.size());
}
}
Here is the result:
ACCESS_TOKEN : 00D7F0000001I8v!ARgAQB8tHuuquPRL5Z4uj4TBJG0cg0dJYBxy00jPhioEWKI86RlHqgXKSM0DfSTWHYVLl5i9HbbPxjXlgxlUP7XmLKejKrP4
RESULT : 535
Actually Salesforce internally provides the client the authentication token when a request is made. For REST API Salesforce uses OAuth 2.0 for authentication. There exists different kinds of OAuth authentication process. One of them is through User credentials. When you are sending the request using the user credentials you are actually asking Salesforce to provide you the access token. After getting the request Salesforce verifies the credentials and sends the access token back. But here no refresh tokens can be used because the user does not directly authorize the app.
Follow Understanding Authentication link for more details.