Salesforce Named Credentials

In this blog, i am going to explain what Named Credentials. Named Credentials were introduced by Salesforce in the spring ’15 release. You can exchange secure authentication in REST API number of ways like OAuth, secure HTTP headers, other ways. Now we are going to see how named Credentials makes the differences.

Before Named Credentials?

If you think before named creations how we are managing the rest API authentication and endpoint URL  in different ways like Custom settings, Custom labels or some other options in Salesforce. Most importantly every time when you add or change you need to add it to remote site settings which are little cumbersome.If you use named credentials, you store the user credentials in the named credential itself with just clicks and configuration. It’s easy to maintain if you have to switch different creation in different org.

What is Named Credentials?

As per the document “A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. To simplify the setup of authenticated callout, specify a named credential as the callout endpoint. If you instead specify a URL as the callout endpoint, you must register that URL in your org’s remote site settings and handle the authentication yourself”

In nutshell 

Named credentials allow you to store a URL and secret together which in turn allows Salesforce to manage all the authentication for Apex callouts that specify this named credentials

What are the benefits?

  •   Specifies the URL of a callouts endpoint and its authentication in one place
  •  No need to handle  Remote site settings of the callout URL
  •   Supports two types of authentication protocols for now: Basic Authentication(Password authentication) or OAuth.
  •  Can be configured easily if Authentication needs to be done in User Context or Admin Context

Basic HTTP Authentication 

Now lets understating how the basic HTTP Callout authentication will be handled with out using named credentials . Here we are going to use simple apex HTTP Request Class to handler the callouts as show below

HttpRequest req = new HttpRequest();
req.setEndpoint(‘http://services.groupkt.com/country/get/all’);
req.setMethod(‘GET’);
String username = ‘username’;
String password = ‘password’;
Blob headerValue = Blob.valueOf(username + ‘:’ + password);
String authorizationHeader = ‘BASIC ‘ + EncodingUtil.base64Encode(headerValue);
req.setHeader(‘Authorization’, authorizationHeader);
Http http = new Http();
HttpResponse res = http.send(req);
System.debug(‘====> result ==>’res.getBody());

even though above logic is not too complicated to handle, sensitive information like password and username got exposed. The second challenge is you need to maintain the remote site settings.

Authentication  with Named Credentials 

Now let’s see how the named Credentials make the difference in authentication  First define a Named Credential with the following values as shown below image   . to define named credentials Setup -> Security Controls ->  Named Credentials and create a new named credential.

Now you can invoke the named credentials in apex code as shown below.Apex code simply you have to pass the named credentials name followed by “callout:”

HttpRequest req = new HttpRequest();
req.setEndpoint(‘callout:Country_API’);
req.setMethod(‘GET’);
Http http = new Http();
HTTPResponse res = http.send(req);
return res.getBody();

Limitations ?
primary named credentials was designed to implement more secure rest callout authentication. even though here are few limitations of named credentials

  • Named credentials only support HTTP Callouts and basic or OAuth 2.0 authentication. They are not an option for storing SOAP callout authentication secrets, encryption keys, or secrets for more complex authentication schemes
  • Named credentials are not currently available for packaging
  • Users with Modify All Data can update the URL