Including access token in endpoint URL when using named credential in REST callout

I’m trying to retrieve a list of forms using the FormAssembly API via a HTTP Request to the endpoint:

I was able to setup named credentials and an authentication provider to successfully authorize via oAuth 2.0. I believe it was successful b/c the FA oauth flow was triggered, and my named credential has authentication status = ‘Authenticated’.

FA specifies that the access token must be included as a query string parameter, as follows

In the developer documentation on “Merge Fields for Apex Callouts That Use Named Credentials“, it seems that one can access the Access Token using {!$Credential.OAuthToken}.

However, I have been unable to add this variable to the endpoint URL. The example in the docs is for the request header, so I’m not sure if its just not possible to do this, or if I’m doing something wrong.

This approach results in a ‘variable does not exist’ error in Salesforce

  • req.setEndpoint('callout:TFA/api_v1/forms/index.json?access_token='+{!$Credential.OAuthToken});

Passing the variable inside quotes, which is similar to the approach in the documentation, gives System.CalloutException: The URI is invalid.

  • req.setEndpoint('callout:TFA/api_v1/forms/index.json?access_token={!$Credential.OAuthToken}');

This approach gives an ‘invalid access token’ response from FA

  • req.setEndpoint('callout:TFA/api_v1/forms/index.json');

I’ve tried including the access token in the header with the endpoint above, but I still get invalid access token from FA, as its expecting it in the endpoint URL itself

  • req.setHeader('Authorization', 'access_token {!$Credential.OAuthToken}');

So, is there a way to get at the access token so I can include it in the URL itself? And, are there any security concerns with sending the access token in the endpoint in this manner?

My code is copied below. I’m currently just calling it via anonymous apex for testing.

public class TFA_Endpoint {

    public void callTFA(){
        HttpRequest req = new HttpRequest();        
        // variable does not exist req.setEndpoint('callout:TFA/api_v1/forms/index.json?access_token='+{!$Credential.OAuthToken});
        req.setHeader('Authorization', 'access_token {!$Credential.OAuthToken}');       
        Http http = new Http();
        HTTPResponse res = http.send(req);


UPDATE – FEB 2019. Not a solution to the original issue, but i dug into it further w/ formassembly and they have some funky requirements, but if you set the auth header as below, it will work

req.setHeader('Authorization','Token ="{!$Credential.OAuthToken}"');     


Source : Link , Question Author : gorav , Answer Author : Community

Leave a Comment