Understanding External Credentials and Named Credentials in Salesforce

Imagine this: you’re on a treasure hunt. The treasure is hidden in a locked vault, and to open it, you need the right key. In Salesforce, when you need to access external systems, the key is what we call External Credentials and Named Credentials. But what exactly are they? Let’s dive into this journey together and unravel their secrets in a simple and beginner-friendly way.

What are External Credentials?

External Credentials are like your treasure map—they hold the directions to unlock the vault. In Salesforce, these credentials define how your org authenticates with an external system. This could be an API, a third-party service, or even another Salesforce org.

Let’s say you want to connect Salesforce to an external payment gateway like PayPal. The External Credential would store details like your username, password, or token required for authentication. Think of it as your secure login stored safely in Salesforce.

But here’s the catch: External Credentials are not directly used to make the connection. They’re just the first part of the puzzle. That’s where Named Credentials come in.

What are Named Credentials?

Named Credentials are like the actual key that unlocks the vault. Once you’ve stored your External Credentials (the treasure map), you’ll use Named Credentials to define the final connection.

In simple terms, Named Credentials:

• Specify the endpoint URL of the external system you want to connect to.
• Define which External Credential to use for authentication.
• Make the process of accessing external systems easier and more secure.

For instance, if you’re connecting to PayPal, your Named Credential will define PayPal’s API endpoint and reference the External Credential that holds your login information.

Why Use External and Named Credentials?

Now, you might wonder, “Why do we need this two-step process? Can’t we just store everything in one place?” The answer lies in security and flexibility.

• Security: External Credentials separate authentication details from the connection logic. This means your sensitive data is stored securely and can be reused across multiple Named Credentials.
• Flexibility: If you need to change your authentication method (e.g., switch from basic authentication to OAuth 2.0), you can update the External Credential without touching your Named Credentials.
• Ease of Maintenance: Named Credentials make it easier to manage multiple external integrations without duplicating authentication details.

How Do They Work Together? An Example

Let’s bring everything together with a straightforward example:

Scenario:

You want Salesforce to connect to a weather service API to fetch real-time weather updates.

1: Set Up External Credential

1. In Salesforce, you create an External Credential.
2. Define the authentication method—let’s say it’s an API key.
3. Store the API key securely in the External Credential.

2: Set Up Named Credential

1. Create a Named Credential in Salesforce.
2. Specify the weather service’s API endpoint (e.g., https://api.weather.com).
3. Link the Named Credential to the External Credential you created in Step 1.

3: Use the Named Credential in Apex

Now, you can use the Named Credential in your Apex code to call the weather API without worrying about managing the authentication details directly.

Here’s a quick Apex example:

HttpRequest req = new HttpRequest();

req.setEndpoint('callout:WeatherService/forecast');

req.setMethod('GET');

Http http = new Http();

HttpResponse res = http.send(req);

System.debug(res.getBody());

In this code:

• callout:WeatherService references the Named Credential.
• Salesforce automatically handles the authentication using the linked External Credential.

Common Questions About External and Named Credentials

1. Can I use Named Credentials without External Credentials?
   Yes, but External Credentials provide additional security and flexibility, especially when dealing with complex authentication methods like OAuth 2.0.
2. What authentication methods are supported?
   External Credentials support various methods, including basic authentication, OAuth 2.0, and JWT-based flows.
3. Are they mandatory for integrations?
   While not mandatory, using External and Named Credentials simplifies your integration setup and makes it more secure.
4. Can I use the same External Credential for multiple Named Credentials?
   Absolutely! This is one of their biggest advantages. You can reuse a single External Credential across multiple Named Credentials to streamline your setup.
5. How do Named Credentials improve security?
   By abstracting sensitive authentication details and managing them separately, Named Credentials reduce the risk of exposing sensitive data in your code.

Wrapping It Up

Think of External Credentials and Named Credentials as your dynamic duo for external integrations. External Credentials securely store your login details, while Named Credentials use those details to establish a connection with external systems. Together, they make your Salesforce org more secure, flexible, and easier to maintain.

Whether you’re a beginner setting up your first integration or an experienced admin managing complex connections, this duo will save you time and headaches.

So, the next time you’re on a treasure hunt for external data, remember: the map (External Credentials) and the key (Named Credentials) will lead you to success!

 

Source: Read More