Page Comparison

SOAP

• Simple Object Access Protocol

• Synchronous request response architecture

• XML

• Standards based

• WSDL (Web Service Description Language) (a package to define all the methods) needs to be downloaded and saved to the server.

  • The structure of the web services that clients can call

  • An XML file describing the endpoints.

  • A contract between the server and the client

  • Also defines the operations that Salesforce supports

  • And a definition of the data that will be passed back to the client

• System to system

• State maintained

• Supports gZip compression

• Built in security

  • OAuth or Session ID (OLD)

• Can build Custom SOAP Web Services

• Standard Salesforce WSDL

• SOA (Service Oriented Architecture) Callout (eg bring data into external systems)

  • Synchronous

• Web Service API

  • Anything referring to Web Service relates to SOAP.

• Custom Web Service is inbound

  • Your client application submits a service request to the Web Service via the API

• Callouts are outbound.

  • Callouts require a remote site setting.

  • The domains you want to allow communication to.

• Layers

  • Application Layer

    • HTTP, SOAP, SSL, FTP etc

  • Transport Layer

    • TCP, UDP

  • Internet Layer

    • IP, ICMP

  • Link Layer

    • Ethernet, DSL, PPP etc

  • Gee this is all stuff I learned in my university days in the early 90s

• Process

  • Insert records into Salesforce

  • Convert CSV data to XML

  • Send request for 200 records

  • Salesforce parses the request

  • Saves the records to the database

  • Return the success or failure response message to the client

  • This all happens synchronously.

  • Individual records be rolled back if exceptions.

    • Eg 198 records may be successful, 2 may have errors.

• First call passes the username and password

  •  Typically you will need to append the security token to the password unless your IP address has be added to the Org.

  • All subsequent calls pass the session ID that is returned from the successful authentication

  • See Documentation https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_calls_login.htm

Enterprise WSDL

• Strongly Typed

• For a specific org - has all of the customisations in that org

• Changes if the org changes (eg custom fields added)

...

• Secure Transport over HTTP (HTTPS)

  • Implemented at the Application Layer

  • Network Segments are encrypted end-to-end in the transport layer (TLS)

• One way SSL is enabled by default.

• Two way SSL needs self-signed or CA-signed certificates

  • Both the client and server present a certificate to prove their identity to the other party

• For the exam only, not reality now with many different options available…

  • Apex code ignores profile based security.

  • Can respect or ignore record level security.

• Two way SSL is mutual authentication

TLS

• Transport Layer Security

• You upload your certificate to Salesforce

• You can download salesforce client certificate to authenticate on your web server.