I implemented a batch job which makes a webservice call within the same salesforce instance, which then is supposed to send emails with a pdf attachment,
since you cannot send pdf attachments directly from a batch job. My webservice call looks like this:
public static void callOut(List ids){
InvoiceAttachmentConnector.InvoiceAttachmentService ws = new InvoiceAttachmentConnector.InvoiceAttachmentService();
ws.SessionHeader = new InvoiceAttachmentConnector.SessionHeader_element();
ws.SessionHeader.sessionId = UserInfo.getSessionId();
ws.handleInvoicePdfAttachment(ids);
}
However in batch jobs UserInfo.getSessionId() returns null, therefore i get a INVALID_SESSION_ID exception.
How can i log in to get a SessionId? So far I found no solution to login from salesforce to salesforce. If u can help I would appreciate it! Thanks!
You cannot get a session Id like this in batch apex as it runs under the system context and so has no specific user info for retrieval.
UPDATE:
You have the following options:
Try running the web services wsdl from your Salesforce org through the wsdl to apex generator in your org to generate some classes that may allow you to login. You are only allowed one web service request per execute call.
You could create a sites page that you make a HTTP get request to in your batch apex. This needs to retrieve the Ids of the items you want to send the PDFs for and a particular user to run as for you to use the System.runAs(user) method. You could pass these parameters in the HTTPRequest header or in a custom setting.
Note that neither of these solutions are ideal, you may want to reconsider why you are using Batch apex first of all and see whether you could reimplement it in a different way.
Related
I made a Authorizing system with SMS which gets number of an application then makes account and with verify code it let user to login. the problem is that when I send data by Retrofit in Kotlin as POST ,it sends no data (None) to server and Django logs show that no data sent for it. I know my Django API is working truly because of that POSTMAN works with it but my Kotlin application doesn't. Here I used APIService "Kotlin Intrface" class like this you see as below:
#FormUrlEncoded
#POST("v1/register/")
suspend fun RegisterRequest(
#Field("mobile") mobile: String
):Response<Reply>
I expected to see in logs that data sends for server but it doesnt work.
Also maybe you say that it needs Header but no ,cuz of I tried to set header for it also its Register and doesn't need token or anything like this and there's no persmission for it in server side.
I'm currently trying to make an account signup page for a small project I'm working on and I don't know how to send data back to the server (I'm using the Flask framework) without also allowing everyone to send data. Let's say that I've set up an API endpoint on /createAccount. I can then send POST requests to that endpoint: {"username": "test", "password": "test"}. The web server will then handle that request by inserting that data into a database and responding with 201. The problem is, anybody would be able to send these requests, and I only want users to be able to register through the login page, and not by making an API call. Is there any way of doing this?
Edit: I've given this problem a bit more thought and I think that the only API that is difficult to secure is the signup API. When a user has created an account, I can just assign them an API key, which they will send to the API every time they want to make a request, which means that an account is required to make API calls. If a certain key is making too many requests, they can be rate limited or temporarily banned from making further requests. The problem with the signup API however, is that there is no information by witch a request sender could be identified. I could use the IP address, but that can be changed and wouldn't really help if multiple IPs are spamming the API at the same time. Is there a way I can identify non-registered users?
Short answer: no.
You have to check data to make sure the account being created is something legit and not trash data to fill your database or any other malicious intents.
This is the reason you usually have to confirm an account clicking on a confirmation link sent to your mail: this way the app is sure that your account is legit.
You could also check info on the front end, but that is never as secure as back end checking, because of your concern in the question: in the end, anyone who gets to know your endpoints could potentially send direct requests to your server with whatever data they wanted.
Assuming you have a trusted source of registrations, an if that source can make an ssh connection to the server where your Flask app is running, an alternative to trying to lock down a registration API is to provide a command line script to do the registration.
The trusted source does something like
ssh someuser#youripaddress /path/to/register.py "username" "password" "other info"
If you use a Flask custom command you can share model definitions db configuration.
Frankly speaking azure still does not have direct way to set up alerts on continuous web job's so that one can get notification if web job stops for unknown reasons. After some investigation i found that logic apps are best way to do that. Here are the steps how one can achieve this
Go to azure web job, select properties and copy web hook url, username and password.
By default web hook url will have /run option at end to so remove that as you dont want to run webjob
Create a logic app setting following parameters in exact order
Recurrence - Your choice how frequently you want to run your logic
app
Initialize a variable for example status (type - string)
Call Http end point giving following details which you copied
earlier []2]
Add a step of parse
JSON response, pasting response so that logic app can create its own
schema
Pick the item name for
value you want to read for example i am using status
Add a condition for failure
Send the mail or whatever you want to do
Over all your Login app will look something like this
This is helpful, indeed. But I was facing issue with the web hook url authentication. The logic app connector was returning 401 – Unauthorized for the http request, as the password was encoded. Took a while to understand why it is throwing unauthorized even after providing correct credentials. Hence, copying the original password helped in that case ( if not anything else).
I have an asmx web service running in a Web Role in a Windows Azure cloud application. I want to user the Windows Azure scheduler to call this service on an hourly basis. I am able to create the job but everything I have tried in the URI results in an error.
I can call the same web service successfully from a web page using ajax using a URI such as :
http://www.example.com/myservice.asmx/TheFunction
but this form returns an error (when I use either a GET or a POST):
Request format is unrecognized for URL unexpectedly ending in '/TheFunction'.
Can anyone advise what format this URI should take?
Thanks
Don't know if this will help, but our team found that if you're using the brand new Management screens from the Azure Portal to do this, you can only set the URL and the Content, but you don't appear to have access to the request headers.
We were calling into an MVC application, and found that we need to add a header variable (Content-type: application/x-www-form-urlencoded) in order for our Router / Controllers to pull the associated POST arguments. We're looking at using the API to create the job instead, as there appears to be control over the headers using this method.
See the "headers" argument within the
Create Job Method in the Scheduler API.
Coding in ASP.NET 4.0 / javascript/ jQuery/ WebServices
The Scenario
I have an analytics account i have set up at, say, some-name#gmail.com with password as pass123
I also know the table id,say ga:30037474
My question is can I pull data like
// Load the Google data JavaScript client library.
google.load('gdata', '2.x', { packages: ['analytics'] });
// Set the callback function when the library is ready.
google.setOnLoadCallback(init);
function init() {
myService = new google.gdata.analytics.AnalyticsService('charts_sample');
//how do i securely pull data without exposing my credentials if client login is a must
getDataFeed();
}
/**
* Main method to get report data from the Export API.
*/
function getDataFeed() {
myService = new google.gdata.analytics.AnalyticsService('charts_sample');
var myFeedUri = ['https://www.google.com/analytics/feeds/data',
'?start-date=2010-06-01',
'&end-date=2010-06-10',
'&dimensions=ga:day,ga:visitorType',
'&metrics=ga:visits',
'&sort=ga:day',
'&max-results=20',
'&ids=',
'ga:30037474'].join('');
myService.getDataFeed(myFeedUri, handleDataFeed, handleError);
}
Or shall i authenticate the client before this?
If I need to authenticate the client, it would be better if I get some pointers on how to proceed with these two requirements.
1. Cannot authenticate by exposing the user credentials on client side(Need a webservice like thing)
2. When my site loads, it should load up with the analytics data(should not ask for login then and there to pull the analytics data).
Are there any articles anywhere?
Not sure if this answers your question. Based on the content of your question it seems you have a very good handle on the Google Analytics API. But somewhere along the line someone will need to grant access to the Google Analytics data. Using AuthSub this can be accomplished. Basically the user will need to do a one-time login to Google Analytics and "grant" your webservice a long-lived token to access their data. Once this is done you can store this token and associate it with their account, passing it when making data calls to the Google Analytics API.