Salesforce API describeSObjects permissions

2
votes

We have an app that allows a user to connect to Salesforce and import data using OAUTH. Works fine for Dev edition users, but Enterprise edition users sometimes get a 401 Forbidden when the app makes a call to describe after they're successfully logged in.

I did manage to find this nugget in Saleforce's documentation for describeSObjects() that says:

Your client application must be logged in with sufficient access rights to retrieve metadata about your organization’s data.

Does anybody know what exactly those sufficient access rights are? For Enterprise edition users, does the Salesforce admin need to grant specific permissions to the user, so that user can retrieve metadata?

Any help is much appreciated.

2
salesforce

2 Answers

2
votes

Needed to have full access permissions set on the Connected App.

0
votes

The salesforce admin controls which users have access to which sobjects via the CRUD settings on the users profile.

Typically you'll want to call describeGlobal first, which'll give you info about which the sobjects the user has access to.

You shouldn't see a 401 from the SOAP API, as SOAP 1.1 requires errors to be returned with a 500 status code. So i'm guessing you're using the REST API, but 401 is Unauthorized, not Forbidden, if you're really getting a 401, it sounds like you might be using an expired access token. The response body should have more info on why you got an error response.