Friday, 10 November 2023

oAuth Use Case -  Headless API

Explained in the Easiest way


Wondering why? and When we use the Headless API flow


Use case example:

Imagine a company that uses Salesforce as its primary CRM platform. The company also maintains a separate customer portal that is hosted on a different server. The goal is to allow the customer portal to access Salesforce data and perform certain operations, such as retrieving customer information or updating records, without requiring manual user intervention.


Now in a simple and easy example decoded below:- 

Imagine:

You own a fancy showroom, and you've hired a reliable person (a third-party app) to pick up items after business hours.


Problem: The showroom is Closed


1. Authorization Call (Requesting Access):

The person arrives at your showroom, but it's closed. He calls you (the owner) and says, "I can't get in; the showroom is closed!" In the digital world, this is like the person making an "Authorization Call" by visiting a special URL: /services/oAuth2/authorize. It's like him asking for permission to access.


2. Admin (Owner) Intervention:

You, being the owner and having all the access, give him a special code (like an OAuth authorization code). It's your way of saying, "Okay, here's the secret code to open the lock."


3. Access Code Delivery (Getting the Digital Key):

The person receives the code and enters it at the showroom door. Now, instead of directly unlocking the door, the code triggers a system to send an SMS or email (access token) to the person. This is like a digital key being delivered through a special URL: /services/token. It's the final piece that allows him to access the showroom.


4. Entering the Showroom:

With the access token received on his phone, the person can enter the showroom without you physically handing him a key. It's like a digital key that grants access.


Benefits in Simple Terms:


Smooth Access: The person gets access to the showroom even if it's closed, just by using the special code and the digital key (access token).


Owner Control: As the owner, you control who gets the special code. It's not a physical key, but it works like one, and you can change it anytime.


No Need for Physical Keys: The person doesn't need a physical key; the code and digital key make the process seamless and secure.


Note:- 

All the information and step-by-step guide are available here 
https://resources.docs.salesforce.com/246/latest/en-us/sfdc/pdf/headless_identity_impl_guide.pdf

oAuth Use Case -  Headless API Explained in the Easiest way Wondering why? and When we use the Headless API flow Use case example: Imagine a...