To simplify the setup of an authenticated callout to the Salesforce Tooling API, we specify a named credential as the callout endpoint. We also create an external credential to specify the authentication protocol and permission set or profile to use when authenticating against the API.

1. Create an External Credential and Principal

  1. Go to Setup, then type in Named Credentials to the Quick Find box and select it.

  2. First create an External Credential by navigating to that tab and clicking New on the right hand side.

    External Credentials

  3. Fill in the following External Credential fields in the modal with these specifications:

    Field Specification
    Label Tooling API Authentication
    Name Tooling_API_Authentication
    Authentication Protocol OAuth 2.0
    Authentication Flow Type Select Browser Flow
    Authentication Provider Select LEDQ Tooling API

    New External Credentials modal

  4. Click Save.

  5. Scroll to Principals and click New to create a principal for this external credential with the following specifications:

    Field Specification
    Parameter Name EDQ Principal
    Sequence Number Assign a sequence number. A sequence number specifies the order of principals to apply when a user participates in more than one principal. For example, a user could be part of multiple permission sets that are applicable for a credential provider. Priority is from lower to higher numbers. If unsure, just use 1.
    Identity Type Choose either Named Principal or Per-User Principal. You can set up each external credential to use an org-wide named principal or per-user authentication. A named principal applies the same credential or authentication configuration for the entire org, while per-user authentication provides access control at the individual user level. We recommend Named Principal.

    Create Principal

  6. Click Save to save the principal.

  7. If you've set the Identity Type as Named Principal as suggested, then select Authenticate from the principal’s Actions menu. Authenticate yourself to the system.

  8. You will then log in and and agree to allow Experian LEDQ the access it requires. If authentication is successful you will be redirected back to the External Credentials page and the principal will have an Authentication Status of Configured.

    Principals

2. Map the principal to a permission set or profile

You can map a principal to multiple permission sets, permission set groups, or profiles. We detail the steps for the EDQ User External Credentials permission set created when you followed the steps earlier on the assigning permissions page, but you may want to configure things differently based on your own org configuration. Further details can be found within the Salesforce Documentation.

  1. Go to the Setup screen and type Permission Sets in the Quick Find box and select it.

  2. Select the EDQ User External Credentials permission set.

  3. Click External Credential Principal Access in the Apps section.

  4. Click Edit.

  5. Select Tooling_API_Authentication - EDQ Principal in the left column and click the Add arrow to move it into the Enabled column.

    External Credential Principal Access

  6. Click Save.

  7. Click Manage Assignments and add an assignment for all users who will be interacting with EDQ components, both system administrators and standard users.

3. Create a Named Credential

  1. Go to the Setup screen and type Named Credentials in the Quick Find box and select it.

  2. Click New on the right hand side.

    New Named Credentials

  3. Fill in the following Named Credential fields in the modal with these specifications:

    Field Specification
    Basic
    Label Tooling API Layouts
    Name Tooling_API_Layouts
    URL Use just the protocol and domain portion of the Callback URL provided from the Auth. Provider detail screen. Copy only up until the first / after the domain, e.g. https://example-domain.my.salesforce.com
    Enabled for Callouts Toggled on
    Authentication
    External Credential Select Tooling API Authentication
    Callout Options
    Generate Authorization Header Checked
    Managed Package Access
    Allowed Namespaces TExperianLEDQ

    New Named Credentials Modal

  4. Click Save.