If you are building an application that needs to connect to Salesforce, there are multiple ways you can do this. Same is true for authenticating against Salesforce also. You have a wide variety of methods available to authenticate against Salesforce. You can find details of different methods using OAuth in below link.
Authenticating apps with OAuth
Salesforce REST API, provides an efficient way to access Salesforce data. It is common to use this API from mobile apps. In this article we will have a look about how to authenticate and access data using REST API. You can use this same process to authenticate mobile/desktop applications. To demonstrate this, we are using a tool cURL. This tool is preinstalled in Mac. If you are using a windows PC, go to cURL download page and install this application. Once you have installed this tool, you can make http requests with custom headers and JSON body from terminal or command line.
There are different ways to authenticate your application against connected app in Salesforce like “Web Server OAuth flow”, User Agent OAuth flow”, “Username-password flow” etc. We are going to use OAuth 2.0 Username-Password flow here.
Authentication and data operations
1) Create a connected app in Salesforce
First you need to create a connected app in Salesforce. You can do this by going to “Create => Apps => Connected Apps => New” under setup. Fill in the details and save. UI will looks like below image,
2) Note down Consumer Key and Consumer Secret
Once you have saved your details, you will be able to get “Consumer Key” and “Consumer Secret” under “API(Enable OAuth Settings)” section. Note down the values. You need to use these values while authenticating against Salesforce.
3) Authenticate to get session token
First step of authentication is to get session token using username, password, customer key and customer secret. This is obtained by making http request to “https://login.salesforce.com/services/oauth2/token” or “https://test.salesforce.com/services/oauth2/token” for production and sandboxes respectively using cURL. If the authentication is success, it will return a session token/access token. You can make subsequent API calls using this token. This step will look like below,
4) Do REST operations – Query/Insert/Update/Delete etc
Once you have access token you can make different REST API calls. All API calls should go to the instance URL returned by login call. Also access token obtained in login call should be added as “Authorization” header parameter. You can find examples of query, insert, update and delete operations below,
Summary
Now you should have a good idea of how to authenticate your mobile/desktop application against Salesforce using username-password OAuth flow and do operations using REST API. If you are not comfortable using cURL from command line for trying this process, same steps can be done through browser extensions/chrome apps like “Advanced REST Client” or “Postman”.