Salesforce generates a standard
authorization header for each callout to a named-credential-defined endpoint, but you can disable
this option. Your Apex code can
also use merge fields to construct each callout’s HTTP header and body.
This flexibility enables you to use named credentials in special situations. For example, some
remote endpoints require security tokens or encrypted credentials in request headers. Some remote
endpoints expect usernames and passwords in XML or JSON message bodies. Customize the callout
headers and bodies as needed.
The Salesforce admin must set up the
named credential to allow Apex
code to construct headers or use merge fields in HTTP headers or bodies. The following table
describes these callout options for the named credential.
Generate
Authorization Header |
By default, Salesforce generates
an authorization header and applies it to each callout that
references the named credential.Deselect this option only if one
of the following statements applies.
- The remote endpoint doesn’t support authorization
headers.
- The authorization headers are provided by other means.
For example, in Apex callouts, the developer can have the code construct a
custom authorization header for each callout.
This option is required if you reference the named
credential from an external data source.
|
Allow Merge
Fields in HTTP Header Allow Merge Fields
in HTTP Body
|
In each Apex
callout, the code specifies how the HTTP header and request body are
constructed. For example, the Apex code
can set the value of a cookie in an authorization header. These
options enable the Apex
code to use merge fields to populate the HTTP header and request
body with org data when the callout is made.
These options
aren’t available if you reference the named credential from an
external data source.
|