SOAP
XML
Standards based
WSDL (a package to define all the methods) needs to be downloaded and saved to the server
System to system
State maintained
Built in security
OAuth or Session ID (OLD)
Can build Custom SOAP Web Services
Standard Salesforce WSDL
SOA (Service Oriented Architecture) Callout (eg bring data into external systems)
Synchronous
Web Service API
Anything referring to Web Service relates to SOAP.
Custom Web Service is inbound
Enterprise WSDL
Strongly Typed
For a specific org - has all of the customisations in that org
Changes if the org changes (eg custom fields added)
Partner WSDL
Loosely typed
Can be used against any org (eg used by partners)
Static - only changes based on API version?
REST
“lower level on the networking stack” (dunno if it’s important, but it was repeated many times in a 2011 video)
XML or JSON
REST has in-built discovery of the available methods / endpoints
Lightweight
Security usually via OAuth
Old via Session ID
Standard Salesforce endpoints on every object (Standard and Custom)
Web service implementations
Expose your own APEX classes as REST Endpoints
GET POST DELETE PATCH PUSH
Bulk API uses REST See https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=SF&title=Salesforce%20APIs&linkCreation=true&fromPageId=1310556166
Synchronous vs Asynchronous
Sync
Eg a transaction
Wait for a reply
Within the Salesforce limits
Async
Check back later if it’s done
Callouts
Ajax Toolkit (see https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=SF&title=Old%20Stuff&linkCreation=true&fromPageId=1310556166 also)
Callouts via Apex with a Visualforce Controller
VF page requests data from VF Controller.
Controller does the callout to get the data.
Look wow, this would have been mindbreaking revolutionary stuff back in 2003 but now it’s just something you do regularly.
SOAP callouts
REST callouts
Security
Secure Transport over HTTP (HTTPS)
Implemented at the Application Layer
Network Segments are encrypted end-to-end in the transport layer (TLS)
One way SSL is enabled by default.
Two way SSL needs self-signed or CA-signed certificates
For the exam only, not reality now with many different options available…
Apex code ignores profile based security.
Can respect or ignore record level security.
TLS
Transport Layer Security
You upload your certificate to Salesforce
You can download salesforce client certificate to authenticate on your web server.
0 Comments