Connect to salesforce through apigee.

vikastiwari2 · 07-23-2018 03:04 PM

I am trying to connect apigee to salesforce using salesforce connected app. I am passing Form param and content type in assign message policy:

	 <Set> <Headers> <Header name="Content-Type">application/x-www-form-urlencoded</Header> </Headers> </Set> <Add> <Headers/> <QueryParams/> <FormParams> <FormParam name="username">{sfdc.username}</FormParam> <FormParam name="password">{sfdc.password}</FormParam> <FormParam name="client_id">{sfdc.client-id}</FormParam> <FormParam name="client_secret">{sfdc.client-secret}</FormParam> <FormParam name="grant_type">password</FormParam> </FormParams> </Add>

on Service Callout policy I am getting error as following:

	{"error":"unsupported_grant_type","error_description":"grant type not supported"}

I have also tried to call though .net code and passing same values and it worked but throwing error at apigee. Also I have selected no IP restriction at salesforce for this connected app. Any Idea n what I am missing here?

sidd-harth

Hi @Vikas Tiwari, try using Set tag for setting all FormParams instead of Add and let us know if it worked or not.

vikastiwari2

@Siddharth Barahalikar Thanks for your suggestion, but it didn't work still has same error message. I have changed code like this:

<Set>
        <Headers>
            <Header name="Content-Type">application/x-www-form-urlencoded</Header>
        </Headers>
        <FormParams>
            <FormParam name="username">{sfdc.username}</FormParam>
            <FormParam name="password">{sfdc.password}</FormParam>
            <FormParam name="client_id">{sfdc.client-id}</FormParam>
            <FormParam name="client_secret">{sfdc.client-secret}</FormParam>
            <FormParam name="grant_type">password</FormParam>
        </FormParams>
    </Set>

vikastiwari2

Ok, I finally get it working posting answer here it may help anyone in future.

I was missing headers and form parameter in Service Callout policy, after adding it to service call out policy I was able to connect to salesforce and received access token back.

Report Inappropriate Content

What you have added exactly?

Thanks

vikastiwari2

If you see above <FormParam> xml section, that has all info to connect to salesforce (username, password, client-id and client-secret and grant_type which is password).

You need to pass this info in service callout policy where you are first connecting to salesforce (i.e. login.salesforce.com).

Let me know if it works or you have any question on this.

Report Inappropriate Content

I am getting {"error":"invalid_grant","error_description":"authentication failure"}. Doses your username is an email? I am asking this question, because the username sent by my servicecall the "@" is encoded

vikastiwari2

yes my username also an email id, I don't think '@' should create issue here. Could you cross check password, client-secret and client-id is correct and same used inapp connect feature in salesforce.

Report Inappropriate Content

Hi @Vikas Tiwari,

I am Seifeddine's collegue.

The problem that apigee is encoding the "@" character to %40.

<Request clearPayload="true" variable="myRequest"><Set><Headers><Header name="content-type">application/x-www-form-urlencoded</Header>
            </Headers><FormParams><FormParam name="grant_type">password</FormParam>
                <FormParam name="username">{salesUsername}</FormParam>// an email adress  wheer the @ is encoded into %40 causing the problem<FormParam name="password">{salesPassword}</FormParam><FormParam name="client_id">{salesClientID}</FormParam><FormParam name="client_secret">{salesClientSecret}</FormParam></FormParams>
            <Path>{salestokenPath}</Path><Verb>POST</Verb>
        </Set></Request>

and that's causing "authentification failure"

Can you please tell me what sdfc is? is it a JSON flow variable?

vikastiwari2

I am storing these credentials in key value map and extracting from there using extract variable policy there I am assigning values into variable named as "sfdc.username, password etc", so yes its just flow variable.

But I don't think %40 conversion is an issue its just simple html encoding/decoding, in my case also '@' getting converted into '%40' so that' normal.

what I am seeing here missing "grant_type" in you form parameter and that's one of the required field while fetching access token. you can see in my first question above the same way you should pass.

My policy looks like following and its working:

<Request clearPayload="true" variable="sfdc.access-token-request">
        <Set>
            <Headers>
                <Header name="Content-Type">application/x-www-form-urlencoded</Header>
            </Headers>
            <Verb>POST</Verb>
            <FormParams>
                <FormParam name="grant_type">password</FormParam>
                <FormParam name="username">{sfdc.username}</FormParam>
                <FormParam name="password">{sfdc.password}</FormParam>
                <FormParam name="client_id">{sfdc.client-id}</FormParam>
                <FormParam name="client_secret">{sfdc.client-secret}</FormParam>
            </FormParams>
        </Set>
        <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    </Request>
    <Response>calloutResponse</Response>

Please note for grant_type value "password" is just text its not any value I am assigning.

Hope this should help you guys.

Report Inappropriate Content

Hi Vikas,

to make it work. We had to whitelist Apigee IP addresses in SalesForces.

Thanks for your help.

vikastiwari2

In my case our salesforce env doesn't force any custom restriction on inbound calls, but good to hear finally it worked for you :-).