Quick win 8. Unbox Salesforce Named credentials hidden fields

Ever wondered → what are these options under named credentials and how you can benefit from them:

Salesforce

Let’s try understand the relevance of each one this

A. Generate authorization header — This setting lets the Named Credential (salesforce) generates the autoriztion header for you when making callouts. but at times there are cases where the integrating party (azure, APIM, AWS etc.) asks you send a custom header key in the autorization header for them to authenticate you. This is where this option plays handy and salesforce gives you the option to define your own custom auth header. but first uncheck (disable) this standard “Generate authorization header” flag and then set/ define the custom header in your code using setheader() method as shown below:

Correct Syntax to use Auth. Parameter referring from Named credentials : request.setHeader(‘Authorization’,’Bearer {!$Credential.OAuthToken}’);

NOTE: If you get unauthorized access, 401 error check 2 things, 1) scope to ensure you have permission in the destination system to use the scope. 2) Oauth token value (ensure your Named creential shows status of authenticted not pending else this will fail)

Lastly, Remember if you check the “Generate Authorization Header”, you don’t need the merge fields, as the Named Credential covers this for you on its own.(i.e. Salesforce generates an authorization header and applies it to each callout that references the named credential)

However in below special situation as below, you would need to Deselect this option ‘GAH’ only if one of the following statements applies and select either of the merge fields from the 2 options depanding on if you are customizing header or body.

  • The remote endpoint doesn’t support authorization headers.
  • The authorization headers are provided by other means. For example, in Apex callouts, the developer can have the code construct a custom authorization header for each callout.

B. Allow merge fields in http header — This option enable the Apex code to use merge fields & populate this in your header prior the call out is made-.

C. Allow merge fields in http body- this allows you to include merge fields in your request body.

Examples 1. To connect Salesforce into Auth0

Create a named credential with password authentication as below

  1. Add a named credential and save it as Password Authentication
  2. Set username as client ID and password as client secret
  3. Check Allow Merge Fields in HTTP Header/Body
  4. Save

Now go in your Apex code (where you will make the call) and use the following

  • For your endpoint use request.setEndPoint(callout:NameCredential ) (replace NameCredential with one you created )
  • so name you can use the clientID and Secret however your want, you access them but {!$Credential.UserName} and {!$Credential.Password}
  • build your request and send, everything should be good.

**************************

Example 2: Named Credential with API key; To conect Sf with Jotform (where site uses site uses a non-standard API design)

  • Go to the New Named Credential screen. Specify the base endpoint (“http://api.jotform.com/"),
  • select the Identity Type to “Named Principle,” choose Authentication Protocol “Password Authentication,” specify any random user name (“anonymous” should work), and type in the API key as your password. Uncheck “Generate Authorization Header” and check “Allow Merge Fields in HTTP Header”, then save this Named Credential.

Now, in your code, you can specify the API key using a merge field:

HttpRequest req = new HttpRequest();
req.setMethod('GET');
req.setEndpoint('callout:jotform/user');
req.setHeader('APIKEY', '{!$Credential.Password}');
HttpResponse res = new Http().send(req);

Note: Here is the list of Merge fields that you can use in your apex code which uses named credentials:

D. Outbound connection: An outbound connection allows you to send traffic from Salesforce to your AWS Virtual Private Cloud (VPC) using Named Credentials. I would spend another blog explaining in detail what it is, but to get a glimpse please look at https://developer.salesforce.com/blogs/2020/10/using-private-connect-to-securely-connect-data-between-salesforce-and-aws.html

thanks — Mohit

Salesforce Program Architect at Salesforce