I am a salesforce developer and need to go through a salesforce security review they need OWASP ZAP report for my app because I have used the stripe API for payment
Endpoint: https://api.stripe.com/v1/payment_methods
Now here I cant used chimera as I don't own the endpoint.
Anyone knows how to create a ZAP report for salesforce with endpoint like this.
I got the following link as help but its no good for me.
https://security.secure.force.com/security/tools/webapp/zaprunningscan
Thanks
Related
I am trying to integrate Microsoft Graph API with my Django backend application. I want to be able to read, manage and send emails on behalf of users.
The frontend is built with React
My issue now is how the authorization flow will work. I want users to authorize the app(prolly using Oauth) on the frontend after which I will get some kind of access code that I can save on the backend and subsequently use to make requests to the graph APIs on the user's behalf
Pls, how do I achieve this flow ??
Any help will be appreciated. I have been scrambling through the docs all day, need someone to point me in the right direction
Get access on behalf of a user:
Follow this documentation for more information: https://learn.microsoft.com/en-us/graph/auth-v2-user
I have the following goal - I want to integrate my application users with Coinbase. All users should be able to connect their own Coinbase accounts with my application so I can grant read permissions. In order to do that I have to use oauth api, but the problem is, I do not want to ask users to first create oauth application through the Coinbase UI themselves and then provide me the application ID and secret so I can initiate a coinbase oatuh integration. I need a seamless, one click integration. Do you have any suggestions how to achieve that?
Thanks....
The whole point of oAuth to not need the api key.
this is the documentation that says how to do it. future questions need to be programming specific or stack overflow will eat you up for dinner.
https://docs.cloud.coinbase.com/sign-in-with-coinbase/docs/sign-in-with-coinbase-integration
We have a website running on Kentico. When a user logs in there will be a link available for the user to navigate to a Salesforce Community. When the user clicks the link I would like to automatically log the user into the Salesforce Community. My Kentico Users as in sync with the Salesforce contacts/external users.
Has anyone implemented this? If so, can you share how you achieved? It seems like a SAML Assertion needs to be generated and posted but I am not familiar with how to do this.
Thanks in advance!
Since Kentico should not be used as the authentication provider for other applications, it will be easier for you to find out can SF Community provide some authentication API which then you can setup custom external authentication (through SF) in Kentico.
You can also consider using something like OpenID which is supported by both SF and Kentico. (https://help.salesforce.com/articleView?id=networks_authentication_options.htm&type=0)
We want to use OKTA for SSO but need to know if this is Synced in both ways?
In case if we are making any change in Salesforce side for User , will this be updated back to OKTA, believe not and this would need API calls.
Someone Please confirm.
Pls share the OKTA API wsdl or Link for Salesforce call outs.
Thanks in advance.
This is tricky, ultimately something has the be the master of a Users profile. Okta can push almost any record to salesforce, no problem, and it can import changes from salesforce. But, which source is authoritative ?
What I have done in the past, is I used a (I'm not a salesforce admin) trigger, so when a Users profile was updated in Salesforce, it would make a web service call to update elements of that users profile that needed to be immediately sync'd with Okta.
In this situation, there were people in a call center, and if someone updated their subscription service, they needed that to get pushed to Okta immediately so they could have Okta update that users profile in other downstream systems.
Okta uses rest, not WSDL, but you can easily build a proxy service to accept them, and convert them in to JSON Rest calls. Everything you need is available on https://developer.okta.com (including a sandbox if you need it).
There is also a postman collection, so you can get familiar with the Okta APIs. Here is the link to that: https://developer.okta.com/docs/api/getting_started/api_test_client
I'm pretty new to SalesForce and their Apex language. I've been reading some documentation and tried the integration between Google and SalesForce.
I'm wondering is it possible to emulate an auth token from google to SalesForce?
I'm trying to read a google spreadsheet and then fill up a SalesForce object automatically. The user login will always be the same/universal for this spreadsheet, so I have the credentials required to login.
I am working off of the sample that requires a visualforce, and I'm wondering how would I automatically do the session id token that the google spreadsheet API requires.
Any ideas?
The old-school, hard way would be to send a login() call to the API (available through SOAP messages). Salesforce API is well documented and plenty of examples are available (both in programming languages and for raw XML requests/responses).
But I have no idea what possibilities you have from Google side, if it's only JavaScript then you might not be able to send and retrieve AJAX-like calls to another domain...
Recently another option emerged and that is REST API (no SOAP needed). Looks more promising and easier in my opinion. Quick intro is available here and you'll find more documentation on the bottom of the page.
Last but not least - 2 interesting links:
http://code.google.com/apis/gdata/articles/salesforce.html for some integration tutorial
and built-in integration offered by Salesforce: http://www.salesforce.com/assets/pdf/datasheets/SalesforceGoogleApps.pdf
I've used custom settings to do this. Use OAuth to get a token for Google, then store that token in Salesforce custom settings (Setup-Develop-Custom Settings). You can then retrieve the token for callouts to Google from that custom setting for any user needing access to Google Apps. The downside is, every user will authenticate as your custom setting token user. The upside is that they won't need to individually authenticate. Custom settings are retrievable via Apex using a simple getter, and live as Apex-like objects.
Also keep in mind, Google requires each service to use it's own token. So, if your user wants to use Calendars and Spreadsheets, that's two separate tokens that will need to be stored and retrieved for the callout.
I generally allow users to create their own authenticated session tokens via OAuth if they want to do that, then failover to the custom settings to get the general admin token if necessary.
Are you trying to log into Google Apps from SFDC? There are options for Google Apps within Salesforce, go to Setup > Administration Setup > Google Apps > Settings. I've not used this and it requires some setup, but thought I'd point it out. Aside from that I can only blurt out OAuth (getting users to authenticate with Google from within Salesforce when trying to access Google Apps) and SSO (which I know can be used to authenticate from an external system, though not sure if it works the other way).
Look into the "Named Credentials" menu in salesforce setup.
There, you can store auth credentials for the services accessed via Apex:
"A named credential specifies a callout endpoint and its required authentication parameters. When setting up callouts, avoid setting authentication parameters for each callout by referencing named credentials."
a username/pass combo can be used, or a certificate, or an AWS signature, and there is a JWT option..
Help docs: https://help.salesforce.com/articleView?id=named_credentials_about.htm&type=5