Can't Make A Callout to Own Salesforce from Lightning Component

 Making API Calls from Apex(☑️ )/Java Script(❎)

• We can Make API calls from an Apex controller. You can’t make Salesforce API calls from JavaScript code.

• For security reasons, the Lightning Component framework places restrictions on making API calls from JavaScript code. To call third-party APIs from your component’s JavaScript code, add the API endpoint as a CSP Trusted Site.

• To call Salesforce APIs, make the API calls from your component’s Apex controller. Use a named credential to authenticate to Salesforce.

Note:

    By security policy, sessions created by Lightning components aren’t enabled for API access. This prevents even your Apex code from making API calls to Salesforce. Using a named credential for specific API calls allows you to carefully and selectively bypass this security restriction.

    The restrictions on API-enabled sessions aren’t accidental. Carefully review any code that uses a named credential to ensure you’re not creating a vulnerability.

Summer ’21

 

LWC Quick Actions:

    We can now use Lightning Web Components as Quick Actions! While you can currently do this with Aura Components, this new implementation brings some great new features! First off, there are TWO different types of LWC Quick Actions 

1. Screen Actions and
2. Headless Actions. 

Referece Link : Click Here

 

Aura Components in the ui Namespace Are Deprecated

• Salesforce is ending support for Aura components in the ui namespace on May 1, 2021

• Migrate to Lightning Web Components (LWC) whenever possibl

• Replace the deprecated components with their counterparts in the lightning namespace.

• These components are faster, more efficient, and they implement Lightning Design System styling out-of-the-box.

Example:

ui:actionMenuItem

Use lightning:menuItem with lightning:buttonMenu instead.

When migrating to Lightning Web Components, use lightning-menu-item with lightning-button-menu.

ui:inputText

Use lightning:input with text type instead.

When migrating to Lightning Web Components, use lightning-input with text type. 

 

Referece Link : Click Here 

USER PASSWORD FLOW

 

 USER PASSWORD FLOW

 API Authentication mechanism for Salesforce System 

Salesforce APIs are authenticated. These APIs are accessible through the OAuth 2.0 Password authentication flow. 

• {Domain} maybe

• Test.salesforce.com --> Sandbox

• Login.salesforce.com --> production

API URL: https://{Domain}/services/oauth2/token 

Access Mechanism: OAuth2.0. 

Request Method: POST 

Request from third party : 

Request from Third Party System
Attribute Name	Value	Type
grant_type	password (should be as it is)	String
username	TBD	String
password	TBD (if required append Security Token)	String
client_id	TBD	String
client_secret	TBD	String

Success Response from Salesforce: 

Response from Salesforce
Attribute Name	Description	Type
access_token	Access token that acts as a session ID that the application uses for making requests. This token should be protected as though it were user credentials.	String
signature	Base64-encoded HMAC-SHA256 signature	String
issued_at	When the signature was created, represented as the number of seconds since the Unix epoch (00:00:00 UTC on 1 January 1970)	String
instance_url	Identifies the Salesforce instance to which API calls are sent	String
id	Identity URL	String

Error Response from Salesforce:

Response from Salesforce
Attribute Name	Description	Type
error	Error code (unsupported_response_type/  invalid_client_id/ invalid_request/  invalid_client_credentials / invalid_grant/  inactive_user/ inactive_org/ rate_limit_exceeded)	String
error  description	Error Description	String