SOAP vs REST

SOAP

• XML

• Standards based

• WSDL (a package to define all the methods) needs to be downloaded and saved to the server

• System to system

• State maintained

• Built in security

  • OAuth or Session ID (OLD)

• Can build Custom SOAP Web Services

• Standard Salesforce WSDL

• SOA (Service Oriented Architecture) Callout (eg bring data into external systems)

  • Synchronous

• Web Service API

  • Anything referring to Web Service relates to SOAP.

• Custom Web Service is inbound

Enterprise WSDL

• Strongly Typed

• For a specific org - has all of the customisations in that org

• Changes if the org changes (eg custom fields added)

Partner WSDL

• Loosely typed

• Can be used against any org (eg used by partners)

• Static - only changes based on API version?

REST

• “lower level on the networking stack” (dunno if it’s important, but it was repeated many times in a 2011 video)

• XML or JSON

• REST has in-built discovery of the available methods / endpoints

• Lightweight

• Security usually via OAuth

  • Old via Session ID

• Standard Salesforce endpoints on every object (Standard and Custom)

• Web service implementations

  • Expose your own APEX classes as REST Endpoints

• GET POST DELETE PATCH PUSH

• Bulk API uses REST See https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=SF&title=Salesforce%20APIs&linkCreation=true&fromPageId=1310556166

Synchronous vs Asynchronous

• Sync

  • Eg a transaction

  • Wait for a reply

  • Within the Salesforce limits

• Async

  • Check back later if it’s done

Callouts

• Ajax Toolkit (see https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=SF&title=Old%20Stuff&linkCreation=true&fromPageId=1310556166 also)

  • Callouts via Apex with a Visualforce Controller

  • VF page requests data from VF Controller.

  • Controller does the callout to get the data.

  • Look wow, this would have been mindbreaking revolutionary stuff back in 2003 but now it’s just something you do regularly.

• SOAP callouts

• REST callouts

• See https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=SF&title=Outbound%20Messaging&linkCreation=true&fromPageId=1310556166

Security

• One way SSL is enabled by default.

• Two way SSL needs self-signed or CA-signed certificates

• For the exam only, not reality now with many different options available…

  • Apex code ignores profile based security.

  • Can respect or ignore record level security.

TLS

• Transport Layer Security

• You upload your certificate to Salesforce

• You can download salesforce client certificate to authenticate on your web server.