This document discusses building an API with Force.com and Heroku. It provides an overview of key considerations for designing and building an API, including choosing REST principles, authentication methods, caching, and development tools. It also highlights some best practices like prototyping with the REST API and versioning Apex classes, as well as potential Force.com limitations around downtime and testing.
With the Lightning Framework you can build modern apps faster and run them across all your devices. With the Winter ’17 Release, we’ve delivered a number of enhancements to Lightning to help you build even faster including new Lightning Base Components and Lightning Data Services. Learn about these important new features and more in this must-attend webinar.
- Accessing data more easily and efficiently with the new Lightning Data Service
- Building Lightning Components faster with new Lightning Base Components
- Developing more interactive experiences with new Lightning Quick Actions and the Utility Bar
When building an enterprise solution or creating an app, data often comes from multiple systems, and business processes frequently cross application boundaries.
Salesforce offers a rich library of programmatic and point-and-click integration tools to customize business processes that span multiple application systems. In this webinar, we will survey the many integration options and technologies available in Salesforce, including newer API and integration features.
This webinar is the first in a series that will explore several ways to integrate systems and services with Salesforce.
Bots are redefining the way users engage with applications, and natural language is the new UI! Bots allow users to access information in an unstructured manner, using natural language and from wherever they happen to be without having to switch context and load a dedicated app. The possibilities are endless! Join us in this session as we explore how to build Salesforce-powered bots for Facebook Messenger, Slack, Alexa, and Chatter.
With the Lightning Framework you can build modern apps faster and run them across all your devices. With the Winter ’17 Release, we’ve delivered a number of enhancements to Lightning to help you build even faster including new Lightning Base Components and Lightning Data Services. Learn about these important new features and more in this must-attend webinar.
- Accessing data more easily and efficiently with the new Lightning Data Service
- Building Lightning Components faster with new Lightning Base Components
- Developing more interactive experiences with new Lightning Quick Actions and the Utility Bar
When building an enterprise solution or creating an app, data often comes from multiple systems, and business processes frequently cross application boundaries.
Salesforce offers a rich library of programmatic and point-and-click integration tools to customize business processes that span multiple application systems. In this webinar, we will survey the many integration options and technologies available in Salesforce, including newer API and integration features.
This webinar is the first in a series that will explore several ways to integrate systems and services with Salesforce.
Bots are redefining the way users engage with applications, and natural language is the new UI! Bots allow users to access information in an unstructured manner, using natural language and from wherever they happen to be without having to switch context and load a dedicated app. The possibilities are endless! Join us in this session as we explore how to build Salesforce-powered bots for Facebook Messenger, Slack, Alexa, and Chatter.
Sandboxes: The Future of App DevelopmentDreamforce
Major Releases, Minor Releases. Developers, Testers. Refreshes and Previews. How do you manage all of these various demands in your Salesforce environments and sandboxes? Join Farhan Tahir, Platform Product Manager, as he shares details on how to tackle these problems around sandbox management through the use of both processes and tools. As well as insight on roadmap features to make development efficient and agile by automating with Salesforce Sandboxes. Watch the video now: https://www.youtube.com/watch?v=FMH77436I2o
Did you know that the platform has the capability to debug live sessions in sandbox? In this session, you will learn how to set a breakpoint in Apex code and step through a transaction in the Force.com IDE. You will learn how this capability augments Apex debug logs and Apex unit tests, and when to use it.
For a large development team or ISV, building an external API on Heroku for Force.com allows you to share your processes and data with your ecosystem, while limiting their access. Through a real-world example, you'll learn how to design an eloquent RESTful API using JSON and OAuth, when to use Apex REST Services over the REST API, and when to add functionality to your org versus your API. Join us as we outline approaches for user-level security, key-based authorization, versioning of Salesforce assets, caching strategies, throttling, testing, and much more.
So you have made the decision to move to Lightning, but what does that mean for your Visualforce pages? Join us to find out what works and what doesn’t, strategies for the things you might need to fix, and finally, how to update your pages with the Salesforce Lightning Design System, and much more.
Over the past two months, we’ve announced many new resources for developers at Dreamforce and TrailheaDX India. To learn all about them, watch this video, where we'll explore live demos showcasing the latest updates for Lightning Web Components (LWC), Einstein, Heroku, and a lot more on the Customer 360 Platform.
In this session we,
- Explore key highlights from TrailheaDX India
- Show live demos of generally available features
- Explain how you can benefit from these features
Let's Learn About Heroku and How to Integrate with SalesforceSudipta Deb ☁
Kitchener Developer Group's session where Julian Duque, Lead Developer Advocate at Salesforce presented on "Let's Learn About Heroku and How to Integrate with Salesforce"
Secure Development on the Salesforce Platform - Part 3Mark Adcock
This webinar covers key topics and best practices on how to securely connect your applications with Salesforce. We will demonstrate Salesforce recommended solutions to securely handle secrets within your application and help you prevent data leaks
You will also learn how to set up a Salesforce Connected App to handle authentication and access control when integrating with Salesforce.
Description:
In this session, we will discuss and demonstrate how to build engaging employee and customer-facing applications in JavaScript on top of the Salesforce1 Platform.
We will explore all the aspects involved in building these next generation applications including authentication, the REST APIs, mobile development options, and different integration scenarios. We will also share some inspiring examples built on the Salesforce1 Platform with leading JavaScript frameworks such as AngularJS, Ionic, BackboneJS, Ratchet and more.
Key Takeaways:
::Get an overview of the Salesforce1 Platform from a developer point of view
::Understand Salesforce OAuth Authentication
::Acquire knowledge on the Salesforce REST APIs
::Get insight on building a Single Page Application on the Salesforce1 Platform
::Explore using modern JavaScript Frameworks such as AngularJS, Ionic, Backbone, etc.
::Gain knowledge on building state-of-the art mobile apps on the Salesforce1 Platform
::Get familiar with building custom apps with Heroku and Heroku Connect
Intended Audience:
This session is for both seasoned JavaScript developers who want to learn how to build applications on top of the Salesforce1 Platform, and seasoned Salesforce developers who want to learn how to create amazing user experiences in JavaScript.
Recommended Resources:
https://developer.salesforce.com/en/events/webinars/JavaScript_Applications_Salesforce?d=70130000000lgzk
Reinvent your App Dev Lifecycle with Continuous Delivery on HerokuSalesforce Developers
Learn how your team can use modern application development and deployment practices on the App Cloud to build apps with Internet scale and sophistication. We will walk through how we used Continuous Delivery with GitHub and Heroku Pipelines to build a consumer-facing real estate app.
With the MuleSoft Anypoint Platform, you can build scalable data integrations and flows across any application, data source, and device - whether in the cloud or on-premise. The platform provides a suite of out-of-the-box connectors that work across any system, and you can customize them to whatever you need with minimal code. This means you can integrate and deploy innovative, robust customer apps even faster. Join this webinar, learn the basics of the Anypoint Platform, and see how it works with Salesforce and any of your third party systems.
While there are many ways to build integrations with salesforce, one of the fastest growing ways is through the Salesforce REST API. Join us as we explore the current REST-ful mechanisms available to the AppCloud, and see what the next year has to offer. In this session we will discuss the Salesforce REST API structure, Authenticating to the REST API, sObject Manipulation, and Composition through the REST API.
The Business of Flow - Point and Click Workflow ApplicationsDreamforce
Salesforce Visual Workflow is a power "clicks not code" tool you can use to automate work and build workflow applications. In this session we'll cover two in-depth real work workflow applications built by customers using Visual Workflow. They'll detail their use case, show how they got started, what it took to build, and demo their applications. Watch the video now: https://www.youtube.com/watch?v=2PhDeQgKzLY
Have you ever wanted to write a trigger? This workshop is designed for people who would like begin learning the basics of implementing business logic using Apex, the primary programming language of the Salesforce platform. This workshop will begin exploring the building blocks of Apex, and provide you with the best practices for implementing complex business logic.
Want to learn how to publish and distribute your Lightning Components? Join us to learn the steps for packaging Lighting Components and the process to list them on the Lightning Exchange for Components. In this session, we will discuss tips for packaging Components and best practices for managing versioning.
Heroku recently announced a new part of Heroku Enterprise called Private Spaces that allows you to run your own Heroku in a separate but still managed cloud. This webinar will cover the basics of Heroku and Private Spaces. Private Spaces provides an isolated network for your apps and data, enhancing security and privacy. You will learn how to securely integrate your Heroku apps with Salesforce using IP restrictions.
In addition you will learn how you can use Private Spaces to pick specific geographic locations for your Private Spaces, aiding in privacy and performance requirements.
Key Takeaways
- Learn the basics of Heroku Private Spaces
- See how Private Spaces will help improve security for your cloud apps
- Explore the benefits of using Private Spaces with Salesforce
- Watch live demos from Salesforce & Heroku Evangelists
Force.com lets developers rapidly create and deploy trusted cloud apps that are secure and scalable. Part 1 of this webinar series gave you the platform overview, in Part 2 you learn how to customize your app using the foundational features of Force.com.
- Key Takeaways
- Part 1 recap with demo
- Get an understanding of Visualforce Pages and Standard Controllers
- See basic uses of Controller Extensions and Custom Controllers
- Writing test classes for unit testing to improve code coverage
Intended Audience
This session is geared towards Developers (any programming background) who wish to learn about Force.com basics and to create apps faster with code on Force.com platform
Our API Evolution: From Metadata to Tooling API for Building Incredible AppsDreamforce
Exposing org metadata is incredibly powerful if successfully harnessed. Hear from Salesforce's Exposing org metadata is incredibly powerful if successfully harnessed. Hear from Salesforce's Federico Recio on the evolution of Salesforce?s APIs as well as an introduction to Metadata Catalog with Peter Wisnovsky. Let?s discuss how Salesforce Object Manager utilizes our newest API and how you can create incredible user experiences in your own apps. Watch the video now: https://www.youtube.com/watch?v=pPNOtxVd7ow
Sandboxes: The Future of App DevelopmentDreamforce
Major Releases, Minor Releases. Developers, Testers. Refreshes and Previews. How do you manage all of these various demands in your Salesforce environments and sandboxes? Join Farhan Tahir, Platform Product Manager, as he shares details on how to tackle these problems around sandbox management through the use of both processes and tools. As well as insight on roadmap features to make development efficient and agile by automating with Salesforce Sandboxes. Watch the video now: https://www.youtube.com/watch?v=FMH77436I2o
Did you know that the platform has the capability to debug live sessions in sandbox? In this session, you will learn how to set a breakpoint in Apex code and step through a transaction in the Force.com IDE. You will learn how this capability augments Apex debug logs and Apex unit tests, and when to use it.
For a large development team or ISV, building an external API on Heroku for Force.com allows you to share your processes and data with your ecosystem, while limiting their access. Through a real-world example, you'll learn how to design an eloquent RESTful API using JSON and OAuth, when to use Apex REST Services over the REST API, and when to add functionality to your org versus your API. Join us as we outline approaches for user-level security, key-based authorization, versioning of Salesforce assets, caching strategies, throttling, testing, and much more.
So you have made the decision to move to Lightning, but what does that mean for your Visualforce pages? Join us to find out what works and what doesn’t, strategies for the things you might need to fix, and finally, how to update your pages with the Salesforce Lightning Design System, and much more.
Over the past two months, we’ve announced many new resources for developers at Dreamforce and TrailheaDX India. To learn all about them, watch this video, where we'll explore live demos showcasing the latest updates for Lightning Web Components (LWC), Einstein, Heroku, and a lot more on the Customer 360 Platform.
In this session we,
- Explore key highlights from TrailheaDX India
- Show live demos of generally available features
- Explain how you can benefit from these features
Let's Learn About Heroku and How to Integrate with SalesforceSudipta Deb ☁
Kitchener Developer Group's session where Julian Duque, Lead Developer Advocate at Salesforce presented on "Let's Learn About Heroku and How to Integrate with Salesforce"
Secure Development on the Salesforce Platform - Part 3Mark Adcock
This webinar covers key topics and best practices on how to securely connect your applications with Salesforce. We will demonstrate Salesforce recommended solutions to securely handle secrets within your application and help you prevent data leaks
You will also learn how to set up a Salesforce Connected App to handle authentication and access control when integrating with Salesforce.
Description:
In this session, we will discuss and demonstrate how to build engaging employee and customer-facing applications in JavaScript on top of the Salesforce1 Platform.
We will explore all the aspects involved in building these next generation applications including authentication, the REST APIs, mobile development options, and different integration scenarios. We will also share some inspiring examples built on the Salesforce1 Platform with leading JavaScript frameworks such as AngularJS, Ionic, BackboneJS, Ratchet and more.
Key Takeaways:
::Get an overview of the Salesforce1 Platform from a developer point of view
::Understand Salesforce OAuth Authentication
::Acquire knowledge on the Salesforce REST APIs
::Get insight on building a Single Page Application on the Salesforce1 Platform
::Explore using modern JavaScript Frameworks such as AngularJS, Ionic, Backbone, etc.
::Gain knowledge on building state-of-the art mobile apps on the Salesforce1 Platform
::Get familiar with building custom apps with Heroku and Heroku Connect
Intended Audience:
This session is for both seasoned JavaScript developers who want to learn how to build applications on top of the Salesforce1 Platform, and seasoned Salesforce developers who want to learn how to create amazing user experiences in JavaScript.
Recommended Resources:
https://developer.salesforce.com/en/events/webinars/JavaScript_Applications_Salesforce?d=70130000000lgzk
Reinvent your App Dev Lifecycle with Continuous Delivery on HerokuSalesforce Developers
Learn how your team can use modern application development and deployment practices on the App Cloud to build apps with Internet scale and sophistication. We will walk through how we used Continuous Delivery with GitHub and Heroku Pipelines to build a consumer-facing real estate app.
With the MuleSoft Anypoint Platform, you can build scalable data integrations and flows across any application, data source, and device - whether in the cloud or on-premise. The platform provides a suite of out-of-the-box connectors that work across any system, and you can customize them to whatever you need with minimal code. This means you can integrate and deploy innovative, robust customer apps even faster. Join this webinar, learn the basics of the Anypoint Platform, and see how it works with Salesforce and any of your third party systems.
While there are many ways to build integrations with salesforce, one of the fastest growing ways is through the Salesforce REST API. Join us as we explore the current REST-ful mechanisms available to the AppCloud, and see what the next year has to offer. In this session we will discuss the Salesforce REST API structure, Authenticating to the REST API, sObject Manipulation, and Composition through the REST API.
The Business of Flow - Point and Click Workflow ApplicationsDreamforce
Salesforce Visual Workflow is a power "clicks not code" tool you can use to automate work and build workflow applications. In this session we'll cover two in-depth real work workflow applications built by customers using Visual Workflow. They'll detail their use case, show how they got started, what it took to build, and demo their applications. Watch the video now: https://www.youtube.com/watch?v=2PhDeQgKzLY
Have you ever wanted to write a trigger? This workshop is designed for people who would like begin learning the basics of implementing business logic using Apex, the primary programming language of the Salesforce platform. This workshop will begin exploring the building blocks of Apex, and provide you with the best practices for implementing complex business logic.
Want to learn how to publish and distribute your Lightning Components? Join us to learn the steps for packaging Lighting Components and the process to list them on the Lightning Exchange for Components. In this session, we will discuss tips for packaging Components and best practices for managing versioning.
Heroku recently announced a new part of Heroku Enterprise called Private Spaces that allows you to run your own Heroku in a separate but still managed cloud. This webinar will cover the basics of Heroku and Private Spaces. Private Spaces provides an isolated network for your apps and data, enhancing security and privacy. You will learn how to securely integrate your Heroku apps with Salesforce using IP restrictions.
In addition you will learn how you can use Private Spaces to pick specific geographic locations for your Private Spaces, aiding in privacy and performance requirements.
Key Takeaways
- Learn the basics of Heroku Private Spaces
- See how Private Spaces will help improve security for your cloud apps
- Explore the benefits of using Private Spaces with Salesforce
- Watch live demos from Salesforce & Heroku Evangelists
Force.com lets developers rapidly create and deploy trusted cloud apps that are secure and scalable. Part 1 of this webinar series gave you the platform overview, in Part 2 you learn how to customize your app using the foundational features of Force.com.
- Key Takeaways
- Part 1 recap with demo
- Get an understanding of Visualforce Pages and Standard Controllers
- See basic uses of Controller Extensions and Custom Controllers
- Writing test classes for unit testing to improve code coverage
Intended Audience
This session is geared towards Developers (any programming background) who wish to learn about Force.com basics and to create apps faster with code on Force.com platform
Our API Evolution: From Metadata to Tooling API for Building Incredible AppsDreamforce
Exposing org metadata is incredibly powerful if successfully harnessed. Hear from Salesforce's Exposing org metadata is incredibly powerful if successfully harnessed. Hear from Salesforce's Federico Recio on the evolution of Salesforce?s APIs as well as an introduction to Metadata Catalog with Peter Wisnovsky. Let?s discuss how Salesforce Object Manager utilizes our newest API and how you can create incredible user experiences in your own apps. Watch the video now: https://www.youtube.com/watch?v=pPNOtxVd7ow
The Force.com IDE includes new features to help you develop and deploy your Lightning Applications. In this session, the Platform Developer Tools team will give you a preview at these new features through a live demo of building an app. Let us know what other features you would like to see to accelerate your Lightning Development eXperience!
New to Force.com and need an orientation to bring you up to speed? This monthly series of introductory sessions on Force.com, the world’s leading cloud platform that lets you build apps rapidly using configuration-driven development and powerful programmatic logic.
Earlier this year, we released Lightning Web Components (LWC), a new UI framework based on web standards and optimized for performance and developer productivity. We have now open sourced the Lightning Web Components framework so that anyone can build applications on any platform.
Join our webinar where we'll explore how this framework, based on standard HTML, modern JavaScript (ES6+), and the best of native Web Components, helps you create web components and apps using the stack and tools you prefer.
In this session you will learn how to integrate Salesforce with Google APIs. This will include the required steps to configure a project in the Google Developer Console and setup the OAuth 2.0 authentication handshake. Through samples and code you will learn how to use an OAuth access token to communicate with the Google APIs.
An Inside Look at a Large-scale Writer-driven REST API Doc Solution at Salesf...Pronovix
23 different REST APIs, 26+ teams, 150+ writers — how we built a unified solution. In this session, hear the inside story of how a handful of writers developed a REST API doc solution and earned the trust of executives and engineering teams across Salesforce along the way.
[MBF2] Plate-forme Salesforce par Peter ChittumBeMyApp
Présentation de la plate-forme Salesforce par Peter Chittum lors de la journée de lancement de la Mobile Banking Factory 2.
API :
https://developer.salesforce.com
Site de la Mobile Banking Factory 2 :
http://mobilebankingfactory2.bemyapp.com
"We'll need an Apex trigger to do that." Sound familiar? Take your advanced Admin skills to the next level by developing Apex triggers to solve complex business requirements that can't be implemented using just the configuration-driven features of Force.com. Join us to learn when and how to write your first Apex trigger, and some best practices for making them effective.
Similar to Build your API with Force.com and Heroku (20)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Build your API with Force.com and Heroku
1. Build your API with Force.com &
Heroku
Jeff Douglas, Appirio, CloudSpokes Platform Architect
@jeffdonthemic
2. Safe harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties
materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results
expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be
deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other
financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any
statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new
functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our
operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any
litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our
relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of
our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to
larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is
included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent
fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor
Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently
available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions
based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these
forward-looking statements.
4. All about CloudSpokes
CloudSpokes is a crowdsourcing development community
where members compete in design, coding and algorithm
challenges for cash, prizes, badges and bragging rights.
~600,000 member community
40-60 development challenges in-flight at any one time
Force.com platform manages members, challenges, payments, etc.
API calls Force.com via REST and JSON
5. Why build an API?
IT departments can provide limited access
to internal development teams without
exposing the implementation details of
Salesforce.com
ISVs can better serve existing customers
by extending their platform
Startups and entrepreneurs can build their
business upon Force.com
6. Why choose Force.com?
Build your business logic in Apex
Declarative development
Security – FTW!
No admin UI to develop and maintain
New features three times a year
Sandbox environments, tools, deployment processes, etc.
Reports & dashboards
7. Why choose Heroku?
Polyglot platform
Scale up and down rapidly
Distributed development with Git
Fork applications for testing, QA, etc.
Postgres database (fork, follow, share)
Heroku add-ons
Free to get started
Excellent support
8. Designing your API
Developers want the following:
Simple, intuitive and easy to learn
Great documentation
Code samples
Test cases
11. Other API design considerations
HTTP response and error codes
• 200, 400, 401, 404 & 500
Versioning (header vs. URL)
Key management & security
Hide complexity behind “?”
Poor design: /challenges/open/5
Better design: /challenges?status=open&limit=5
Teach a Dog to REST
12. Which development language is best?
Language specific REST wrappers for Force.com as well as tools
to make it easier to build well-designed APIs.
Ruby
• restforce gem, forcifier gem
• Rocket_pants, Grape
Node.js
• nforce package, forcifier-node package
• Actionhero, Restify, Express
Java
• Play!, Jersey
13. Apex REST Services vs. REST API
The REST API is great for interacting with records while Apex
REST Services can encapsulate numerous operations into a
single request.
Design to run as quickly as possible
Handoff long running requests to asynchronous processes
15. User authentication
Authenticate your API with Force.com
Single “shared” user
Named user
• Security
• Chatter
• Audit trail & history
• Record ownership
16. Best practices
Prototype with REST API then refactor to Apex REST Services
Caching is cheap and fast with Memcache and redis
Sync to local datastore with Cloudconnect.com
“Listen” for record changes using the Streaming API
Think about how to version Apex classes, triggers and workflows
17. Development tools
Workbench
Runscope for debugging, testing and sharing API calls
Chrome extensions: Postman, REST Console
Documenting and testing calls with IODocs, Swagger and Apiary.io
18. Force.com Gotchas!
Salesforce.com maintenance downtime
Sandbox refreshes and upgrades
Hard to write API unit tests against sandbox environments
OK… let’s get started. Welcome to Build your API with Force.com and Heroku. I’m Jeff Douglas and as the title aptly describes I’m going to give you some pointers on building an API on top of force.com and then we’ll build a quick API using Node.js. We only have 30 minutes so let’s get going.
OK… so here’s the ever popular safe harbor statement. I’m sure you are quite familiar with it and have read it thoroughly numerous times.
Again I’m Jeff Douglas, a senior technical consultant at appirio and the platform architect at CloudSpokes. Now they told me to toot my own horn, so I’m one of the original 10 Force.com MVPs, I won the Force.com Developer Hero award at Dreamforce 2010, I have a number of salesforce certifications, I write a popular salesforce blog at blog.jeffdouglas.com with tons of code and example applications and I’m also the co-author of the Salesfoce Handbook.
I’m going to be talking about our experience building an API on top of Force.com for CloudSpokes. Is anyone familiar with CloudSpokes? CloudSpokes a crowdsourcding development community where roughly 600K members compete in design, coding and algorithm challenges for cash, prizes, badges and bragging rights. The entire community is built on Force.com so we manage members, challenges, payments, settings, virtually everything in force.com. We expose this functionality to our website using an API that we originally wrote in ruby a couple of years ago but recently ported to node. I’m going to talk about some lessons we’ve learned over the past two years, some best practices to keep in mind and some gotchas to watch out for.
So the big question is WHY build an API when you can just use the existing SOAP or REST APIs that salesforce offers. I think there are a number of valuable use cases for building your own API that wraps Force.com.
1. Perhaps your company has a large development shop and doesn’t want to give everyone direct access to the salesforce org. Let’s say the SAP team wants some sales data and perhaps the web team needs some type of real-time integration with pricing. In this situation, you can build an API that exposes only the data and functionality that these teams need without having to manage their access to your org. They are limited to the functionality that your api provides.
2. Maybe you are an ISV with an existing Force.com application and want to make it easier for existing customer to consume your platform. Spin up an api that exposes this functionality and make it super easy for developers who don’t necessary know how to work with Force.com.
3. Or you want to build an entire business on top of Force.com. This is exactly what we did at CloudSpokes. We started off with the paradigm that Force.com would hold our data and business logic and our API would expose this functionality to anyone that wanted to consume it. They don’t know or care that we are using Force.com for our backend and that’s the way it should be.
Why chose Force.com when there are so many other alternatives? This is my standard “why is force.com so awesome” slide. There are too many reasons for this slide but some of the obvious ones are that it’s quick and relatively easy to build your business logic in Apex. It’s a fairly mature and feature rich language and enforces good development practices. Plus the declarative nature of the platform allows non-coders to contribute to the development process with configuration, workflows, formulas and email notifications.
Security is probably the biggest advantage to using Force.com. I’m just telling you right now, don’t build your own user authentication, profile management and access layer. What you get out of the box with force.com is rock solid. So at CloudSpokes we have a private sharing model for our Challenge object but by default each challenge is shared with an “all members” public group so everyone has access to it.So if we want to make a challenge private to only CloudSpokes administrators and a x number of members, we remove the “all members” share, and add shares for the individual members and the “cloudspokes admin” public group. So now when the API makes a SOQL query, if the member has access to the challenge, it will be returned normally. If they don’t have access, the API simply returns a 404. From the API side I don’t have to do anything special at all. Force.com handles all of the security for me. Super simple.
How much time and development effort do you think companies spend building and maintaining an admin UI for their application? My guess is probably 20%-30%. With Force.com you can spend this time building a better product as the as you get most of this admin functionality free with Force.com. Add a new field to a object and the CRUD UI is immediately updated, it’s available in reporting, for web services and much much more. Plus three times a year you get new features without even doing anything.
Another advantage is the complete development lifecycle and tools available. If you’re running a Java stack on Windows with SQL Server how long does it take your IT department to get a new server provisioned? My guess is significantly longer than the amount of time it takes me to spin up a new sandbox or sign up for a DE org to test newly released features. I have an number of friends whose companies spend a good chuck of change at Amazon just on development AMIs. We get that with force.com as part of the platform.
Lastly I’m just going to say two words: reports and dashboards. I don’t want to build them by hand. Let the business users take care of that stuff.
We use heroku for everything at cloudspokes and absolutely love it. In my opinion heroku is the rainbow colored unicorn of application development. You can do almost anything with heroku. It’s a polyglot platform that supports node.js, java, python, ruby, scala and almost any other language with buildpacks. You can easily scale application up and down with a single command to handle spikes in traffic and deployment is a breeze with git. Heroku has baked in a lot of features that make development stupid simple. Let’s say you need a copy of your application for QA testing or training or something, you can create an exact replica along with all of its addons simply by forking the application. It’s a one line command and the entire process takes about 15 seconds.
If you haven’t used postgres you should try it. We love postgres and heroku adds some awesomesauce by allowing you to fork a database to make an exact copy, create a read-only follower for things like reporting and analytics and you can even share queries externally with dataclips. They also have a growing number of addons for a bunch of services like mail, caching, queueing, elasticsearch all for ridiclously low prices. Why should I build a logger service when I can easily add Papertrail for $7 month. They wrap this all up with a free usage tier to get started plus excellent support. So the answer is yes….they are a rainbow colored unicorn of application development.
So lets talk about designing your api. There’s a lot that goes into designing a greate API but I’ll touch on a few high level ideas. Keep it simple. As a developer I want to look at an API and be able to grok it quickly. I want great documentation when I get stuck that includes code samples and test cases.
When building your api don’t go crazy and try to reinvent the wheel. Use existing standards like REST, JSON and Oauth. Sure, you could use SOAP and XML but honestly no one likes that stuff anymore.
When building your API use proper REST principles but don’t be dogmatic. There will be times where you need to wander off the beaten path. Just remember: Nouns are good. Verbs are bad. The number one principle in pragmatic RESTful design is: keep simple things simple. The base URL is the most important part of your API design. A simple and intuitive base URL makes using your API easy to understand. Verbs shouldn’t be in the base URL. Everything is centered around collections and resources and you use HTTP verbs to operate on them. You can think of these as CRUD methods.
Some other important factors when designing your API. Always return proper HTTP responses but don’t go crazy. Start off with a 200 for success, a 400 for bad request, 401 for not authorized, 404 for not found and a 500 for a internal server error. Don’t get more complex unless unless you absolutely have to. You’ll want to think about your endpoint versioning strategy ahead of time. Typically you can either pass the version number a part of the URL or in the header. We prefer the the URL route so you can easily test endpoints in the browser, the version number is obvious and it’s fewer keystrokes for cURL commands.
For simple security, use API Keys to restrict access to your api and endpoints. I’ll show you an example of that in the demo but basically your API should be able to produce a API key that is passed from the client with each request. If the API key is found in the local datastore then they are granted access. If not simply return a 401 response.
And finally, hide the complexity of your API behind the “?”. It provides for a more expressive API with far fewer endpoints. And finally, there’s a great presentation called “Teach a Dog to REST” from Dreamforce a couple of years ago that I would recommend you listen to.
OK… so now we know which platforms to use and have a good idea of how to design our API. Now the big choice. Which language to write it in. We actually really don’t care. Some of the more popular languages for APIs are ruby, node and java. Fortunately there are a number of language specific wrappers around the Force.com APIs that you can use along with some other frameworks and tools to make api development much more enjoyable. I would recommend the restforce gem if you are using ruby but my favorite is the nforce package for node.js. Both of these provide authentication, SOQL and DML statements, calling Apex rest services, streaming api and much more. I’ve also written a “forcifier” utility package for ruby and node to make it easier to work with funky salesforce field names. Since languages like ruby and node are case sensitive, the “forcifier” will take the mixed case object field names from force.com and make them lower case with the “__c” removed plus some other helper functions as well. This way the client code never has to know about or deal with the funky salesforce field names.
There are a number of language specific frameworks for building RESTful web services. For ruby there’s rocket pants and grape. Grape is more mature and feature-rich but we chose rocket pants since it was a little more light weight and honestly I just really liked saying “rocket pants” all the time. For node you can certainly use Express but you’ll find a lot of applications using Restify. We chose the new Actionhero package and are really happy with it. We’ll use that in our demo in second. If you are using Java, the Play! Framework and Jersey are really popular.
One last thing before we get into some code. One of the questions that come up regularly is the use of the REST API vs. Apex REST services. We highly suggest you use Apex REST Services whenever possible as they are super fast and easy to build! Unlike the REST API where you essentially operate on a single record or collection of records, you can wrap as much functionality as you’d like into a single request with Apex REST Services. For instance, the leaderboard page at CloudSpokes originally made 3 REST calls: one to return the leaderboard for current month, for this year and all time. We dramatically reduced the load time by replacing these three calls with a single Apex REST service that returned all 3 time periods with a single request.
You should build your Apex REST Services to run as fast as possible to prevent hitting long running request limits. You can only have 10 concurrent request longer than 5 seconds before the platform starts spitting out errors. Whenever possible, hand off long running requests to asynchronous processes. So when we create a new CloudSpokes member, we quickly return the new member and then hand off the setup and email notification to an asynchronous process to complete when the platform has resource available.
OK… let’s write some code. So this has become my stock “getting down to business” picture. Does everyone know Pat Patterson? He’s a developer evangelist at SFDC? I took this picture of him in Portland Maine last month at the Monktoberfest conference. I love that picture.
So the api we are going to build is rather basic since we only have a few minutes. If you need some sample code or reference you can go to the cloudspokes github repo and find the ruby or node version of our api. The code is all open source so feel free to poke around. Ok… so let’s build an API using actionhero, node.js and force.com that uses both the REST API, Apex REST services and handles security with some simple key management.
One last thing to talk about is authentication. You can either one a single “share” user for each call to Force.com or individual named users. You can certainly go the shared user route but we suggest using named users instead for a number of reasons including granular record security, chatter integration, audit trail and record ownership to name a few.
Prototype using the REST API then once you’re happy with the the process, refactor to use Apex REST Services. Cache results from Force.com whenever possible. With our new node API we’ve started using Cloudconnect for some of the site’s functionality. Cloudconnect syncs your data between force.com and either mysql or postgres. So now your developers are happy. They can work with a local database like they are used to instead of dealing with an API. Instead of polling for changes in force.com, use the streaming API to “listen” for any record changes and then process them in your API. Lastly, you’ll need to think carefully about how you version things like Apex classes, triggers and workflows. We try to keep our endpoints in sync with an internal version number inside Force.com but it can become challenging.
The workbench is fantastic tool for development. Can you test the REST API, Apex Rest Services, the Streaming API and much more. If you are not using it, you should. We also use Runscope all the time for debugging, testing and sharing API calls. You saw a minute ago I was using Postman to make REST calls. I can’t live without Postman. Then we use IODocs for documenting and testing calls. You can also look at Swagger which does the same job. We’ve recently started using Apiary.io for API development. You can declaratively build your interface with RABL and it provides a mock interface that you can gradually replace with your actual implementation. It’s pretty sweet.
Lastly a couple of salesforce gotchas: maintenance downtime and sandbox refreshes and upgrades. Since your API is dependent upon Force.com then it’s offline during this period. This is one of the reasons we implemented Cloudconnect.
One of the things that’s a real pain is writing rspecs or mocha tests for your API. Typically when you write your test for ruby or node it’s against some local testing database that is rolled back after each test run. However, since your tests are hitting Force.com these are not rolled back because it looks like a normal call for Force.com and not an actual test. This can be a real pain so think ahead about how to handle this with some common test data or perhaps setup and tear down methods in your test framework.
OK.. So that’s it. Feel free to ask any questions now or find me after the session.