Configure web server authentication setup

Web server authentication is a user authentication that ensures the proper scope for API calls.

Create an API client in AppDirect

1. From AppDirect, go to Manage > Marketplace > Settings > Integration > API Clients.
2. Click Create API Client.
3. Add the following values to the API Client Settings dialog:

   Field	Value
   Name	Salesforce-Auth-WSA
   Client Type	Web server application
   Grant Types	Authorization Code Refresh Token
   Redirect URLs	Scratch org: https://<domain>.<instance>.my.salesforce.com/services/authcallback/AppDirect_WSA Partner developer edition org: https://<domain>.my.salesforce.com/services/authcallback/AppDirect_WSA Note: If you are not using My Domain, use the following <instance>.salesforce.com.
   Allowed Scopes
   OpenID Connect	n/a
   User-level scopes	Billing Admin Company Admin Customer Support Developer Marketplace Manager Network Manager Product Support Reseller Reseller Manager Sales Support User
   Allowed IP Address	n/a
   Refresh token expiration	30

4. Note the marketplace domain to set up the web server authentication. For example, https://cscreeen.byappdirect.com.
5. Note the consumer key and secret for each API client that you create.

Create a new authentication provider in Salesforce

1. Click the gear icon and then select Setup.
2. Go to Settings > Identity > Auth.Providers.
3. Click New.
4. Add the following values to the Auth. Provider dialog:

   Field	Value
   Provider Type	Open ID Connect
   Name	AppDirect-WSA
   URL Suffix	AppDirect_WSA
   Consumer Key	<consumer key generated during API client setup in AppDirect>
   Consumer Secret	<consumer secret generated during API client setup in AppDirect>
   Authorization Endpoint URL	https://<marketplace>.byappdirect.com/oauth/authorize
   Token Endpoint URL	https://<marketplace>.byappdirect.com/oauth/token
   Default Scopes	n/a
   Execute As	<search for integration user created in previous step>
   Send access token in header	True
   Send client credentials header	False
   Include Consumer Secret in API response	False

5. Click Save.
6. Validate the callback URL generated matches what you put in the Appdirect web-server API client redirect URL field (https://<salesforce domain>.<instance>my.salesforce.com/services/authcallback/AppDirect_WSA).

Create a named credential in Salesforce

1. Click the gear icon and then select Setup.

2. Go to Settings > Security > Named Credentials.

3. Click New Named Credential.

4. Add the values to the following fields:

   Field	Value
   Label	AppDirect-WSA
   Name	AppDirect_WSA
   URL	https://<marketplace>.byappdirect.com
   Identity Type	Per User
   Authentication Protocol	OAuth 2.0
   Authentication Provider	AppDirect - WSA
   Scope	(space separated list of values) ROLE_CHANNEL_ADMIN ROLE_RESELLER ROLE_RESELLER_MANAGER ROLE_SALES_SUPPORT
   Start Authentication Flow on Save	true
   Generate Authorization Header	disable
   Allow Merge Fields in HTTP Header	enable
   Allow Merge Fields in HTTP Body	disable
   Outbound Network Connection	n/a

5. Click Save.

6. At the authentication prompt, log in to AppDirect (as an integration user that you set up in AppDirect).

   You return to the Named Credential setup screen. The Administration Authentication Status is set to Authenticated.

Authenticate SSR agents

You can authenticate one SSR agent at a time.

1. From Salesforce, click your profile icon and then select Settings. The Personal Information page appears.
2. From the Personal Information menu, select Authentication Settings for External Systems.
3. Click New.
4. Add the following values to the Authentication Settings for External Systems page:

   Field	Value
   External System Definition	Named Credential
   Named Credential	AppDirect WSA
   User	<their user>
   Authentication Protocol	OAuth 2.0
   Authentication Provider	(defaults to the Auth Provider defined for the AppDirect - WSA named credential)
   Scope	(defaults to the scopes defined in the AppDirect - WSA named credential)
   Authentication Status	(defaults to Pending)
   Start Authentication Flow on Save	True

5. Click Save. When you save, the authentication is tested and validated by the system.
6. Log in to AppDirect with AppDirect user credentials.
   A successful login returns you to the Named Credential setup page and the Administration Authentication Status will be set to Authenticated.

Validate the authentication

You can validate the authentication that you just configured by performing test calls against AppDirect API endpoints.

1. From Salesforce, click the gear icon and then select Developer Console.
2. From the Debug drop-down list, select Open Execute Anonymous Window. The Enter Apex Code dialog appears.
3. Add the following text to the dialog.

   /* Companies API Request - Web Server Application */  
   HttpRequest req = new HttpRequest();  
   req.setMethod('GET');  
   req.setEndpoint('callout:AppDirect_WSA/api/account/v2/companies');  
   req.setHeader('Authorization', '{!$Credential.AuthorizationMethod} {!$Credential.AuthorizationheaderValue}');  
   req.setHeader('Accept', 'application/json');  
   req.setHeader('Content-Type','application/json');  
   HttpResponse res = new Http().send(req);  
   System.debug(res.getBody());
4. Click Execute.
5. Double-click the log you generated.
6. To see the response text, click the Debug Only checkbox.