Hi Dev!
Today I would like to introduce Salesforce to Google (Drive, Email, Calendar) REST API integration!
Below you can find step by step configuration.
Note: This article is an example only. You can adjust your requirements using Google APIs documentation.
Overview of REST API Architecture
1. Create App in Google Console
- Go to Google Cloud Platform and Log in.
- Select Create button to create a new Project (App) [Screen no.1]
- Select Project Name and click Create button. [Screen no.2]
- Select ENABLED APIS AND SERVICES [Screen no.3]
- Choose the needed API. [Screen no.4]
In that tutorial, I chose Gmail API, Google Drive API, and Google Calendar API - Go to OAuth consent screen. Add Application Name, add Application Logo (if needed) and what is a very important select scope. Scope defined what type of access your app can guarantee. [Screen no.8]
- Create credentials, choose for that OAuth client ID.
Credentials are needed to connect our Google project with Salesforce. [Screen no.9] - Select Web Application, add some Name, leave other fields blank. We don’t know Authorized redirect URLs yet. [Screen no.10]
- If everything goes good you should receive a client ID and client secret. [Screen no.11]
2. Configure Salesforce Auth. Provider
- In Salesforce go to Setup > Auth. Provider > New and select Open ID Connect
- Select Name, paste Consumer Key and Consumer Secret. You can find it in Credentials > OAuth 2.0 client IDs. [Screen no.13]
- Add endpoints:
Authorize Endpoint URL > https://accounts.google.com/o/oauth2/v2/auth
Token Endpoint URL > https://oauth2.googleapis.com/token
Necessary google endpoints you can find here. - As a default Scope use scopes defined in your google app. e.g emails.
- After saving you can find Callback URL in Salesforce Configuration section. Copy the link and paste it in your credentials (Credentials > OAuth 2.0 client IDs). [Screen no.15]
Remember: “Domain must be added to the authorised domains list before submitting.“ - Test your connection. Open Test-Only Initialization URL and OAuth-Only Initialization URL.
3. Create Named Credentials in Salesforce
- In Salesforce go to Setup > Named Credentials > New Named Credentials
- Select: [Screen no.17]
– Name
– URL – https://www.googleapis.com
– Identity Type – Named Principal
– Authentication Provider – Auth. Provider defined in the previous step.
– Scope – Space-separated scopes defined in your google app. In my e.g I used https://mail.google.com/
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/drive
– Start Authentication Flow on Save – Check it to authorize to your google account. - Authorize to your google account.
IMPORTANT! We need to open an unsafe connection. [Screen no.18] - Allow for access. [Screen no.19]
- If everything is ok, you should be authorized as a user. [Screen no.20]
- If you find ” The authentication provider didn’t provide a refresh token. If the access token expires, your org won’t be able to access this named credential. ” that means you don’t have refresh token logic.
” TIP You can add query string parameters to the base URL, if necessary. For example, to get a refresh token from Google for offline access, use https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force. You need the approval_prompt parameter to ask the user to accept the refresh action so that Google continues to provide refresh tokens after the first one. “
IMPORTANT! Go back to Auth. Provider and replace old Authorize Endpoint URL with a new one: [Screen no.21]
https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force - Check the connection once again. You should be able to see Authorized. [Screen no.22]
4. Remote Site Settings
To make callouts we need to add our endpoint to Remote Site Settings in Salesforce.
- Go to Setup > Remote Site Settings > New Remote Site
- Fulfill fields, as Remote Site URL use: https://www.googleapis.com [Screen no. 23]
5. Make callouts!
Google Drive API
Google Calendar API
Google Mail API
Example code:
public with sharing class GoogleWebService {
public static Http http = new Http();
public static HTTPResponse response;
public static HttpRequest request;
public static void getProfile(String userEmail) {
request = new HttpRequest();
request.setMethod('GET');
request.setEndpoint('callout:GoogleAPI/gmail/v1/users/' + userEmail + '/profile');
response = http.send(request);
System.debug(response.getBody());
}
public static void getUserDrafts(String userEmail) {
request = new HttpRequest();
request.setMethod('GET');
request.setEndpoint('callout:GoogleAPI/gmail/v1/users/' + userEmail + '/drafts');
response = http.send(request);
System.debug(response.getBody());
}
public static void getMyCalendar() {
request = new HttpRequest();
request.setMethod('GET');
request.setEndpoint('callout:GoogleAPI/calendar/v3/users/me/calendarList');
response = http.send(request);
System.debug(response.getBody());
}
public static void getFile(String fileId) {
request = new HttpRequest();
request.setMethod('GET');
request.setEndpoint('callout:GoogleAPI/drive/v3/files/' + fileId);
response = http.send(request);
System.debug(response.getBody());
}
}
In anonymous apex
GoogleWebService.getProfile('youremail@gmail.com');
GoogleWebService.getUserDrafts('youremail@gmail.com');
GoogleWebService.getMyCalendar();
GoogleWebService.getFile('fileId');
Resources
- https://help.salesforce.com/articleView?id=sso_provider_openid_connect.htm&type=5
- https://console.cloud.google.com/apis/library
- https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_named_credentials.htm
- https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_rest_intro.htm
Was it helpful? Check out our other great articles here.
This is a really good writeup. I struggled before I came across it.
Thanks alot you solved my problem.
This was very helpful but I am trying to do this for all users in my org and Open ID Connect approach won’t work. Do you know how to do this using JWT and Google Service Account.