Making API Calls from Apex(☑️ )/Java Script(❎)
- We can Make API calls from an Apex controller. You can’t make Salesforce API calls from JavaScript code.
- For security reasons, the Lightning Component framework places restrictions on making API calls from JavaScript code. To call third-party APIs from your component’s JavaScript code, add the API endpoint as a CSP Trusted Site.
- To call Salesforce APIs, make the API calls from your component’s Apex controller. Use a named credential to authenticate to Salesforce.
Note:
By security policy, sessions created by Lightning components aren’t enabled for API access. This prevents even your Apex code from making API calls to Salesforce. Using a named credential for specific API calls allows you to carefully and selectively bypass this security restriction.The restrictions on API-enabled sessions aren’t accidental. Carefully review any code that uses a named credential to ensure you’re not creating a vulnerability.
No comments:
Post a Comment