REST API without Connected App

I have to design an external app which will retrieve information from Salesforce. Any user can install this app and use it. This app will use rest API to access information from Salesforce. I cannot force the users belonging to multiple orgs to create a connected app in their instance to generate consumer key and consumer secret. Ideally users must be able to enter username and password+security token to access the data. Is there a way to achieve this or any other way without much customization by the admin.


Definitely doable. The admin should not have to customize anything:

  1. create your Connected App, once, in an org with a managed package and namespace,
  2. bake that exact client_id into the runtime code that you distribute,
  3. use Web Server authentication flow or Username-Password flow when calling REST API,

Maybe there is a misunderstanding of how Connected App really operates here. Imagine a Salesforce Package as an analogy. You control the true source code in a Packaging / Release Org but you deploy or install a special instance of it. Similarly with a Connected App:

  • you control the Connected App ‘definition’ including client_id and secret,
  • a user allows (or a sysadmin can manage) the connected app ‘instance’ when it’s used.

Does this help?

Source : Link , Question Author : Saranya , Answer Author : Matt and Neil

Leave a Comment