Named Credentials Configuration
aprity uses Salesforce Named Credentials to securely route API calls from your Salesforce org to the aprity cloud platform. Two Named Credentials are created automatically during the registration process.
Named Credentials Overview
| Named Credential | Purpose | Authentication |
|---|---|---|
| FR_API | Authenticated API calls (scans, feedback, documentation) | HMAC-signed requests with tenant-specific secret |
| FR_API_Public | Unauthenticated public endpoints (registration, health check) | No authentication |
:::info Automatic configuration Both Named Credentials are created and configured automatically when you register your org. In most cases, you do not need to modify them manually. :::
How They Work
FR_API
This is the primary Named Credential used for all authenticated operations. Every API call made through FR_API is cryptographically signed using HMAC (Hash-based Message Authentication Code) with a tenant-specific secret key. This ensures that:
- Requests originate from your registered Salesforce org.
- Request payloads have not been tampered with in transit.
- Each tenant's API calls are isolated and verifiable.
The HMAC signing happens transparently in the aprity managed package. You do not need to manage signing keys or authentication tokens manually.
FR_API_Public
This Named Credential handles calls to public endpoints that do not require authentication, such as the initial registration call and health checks. It points to the same aprity cloud platform but does not include HMAC signing.
When to Update Named Credentials
Named Credentials rarely need manual updates. The following scenarios may require changes:
API endpoint migration
If aprity migrates its cloud platform to a new endpoint (announced via email), you may need to update the endpoint URL in both Named Credentials:
- Go to Setup > Named Credentials.
- Click on FR_API.
- Update the URL field to the new endpoint provided by aprity.
- Repeat for FR_API_Public.
After package upgrade
Major package upgrades may update the Named Credentials automatically. If you experience connectivity issues after an upgrade:
- Go to Setup > Named Credentials.
- Verify that both FR_API and FR_API_Public exist and have valid endpoint URLs.
- If either is missing, try unregistering and re-registering your org from the aprity Settings tab.
Troubleshooting
"Callout not allowed" error
This error typically means the Named Credential endpoint is not in your org's Remote Site Settings or CSP Trusted Sites list.
Solution:
- Go to Setup > Remote Site Settings.
- Verify that the aprity API endpoint is listed.
- If missing, add a new entry pointing to the URL shown in the FR_API Named Credential.
See Callout Errors for detailed troubleshooting steps.
"Unauthorized" or 401 errors
If API calls return 401 errors, the HMAC signing may be misconfigured.
Solution:
- Go to the aprity Settings tab in Salesforce.
- Click Test Connection to verify connectivity.
- If the test fails, try re-registering your org with your activation code.
Named Credential not found
If the aprity package cannot find the expected Named Credentials:
- Go to Setup > Named Credentials.
- Confirm that both FR_API and FR_API_Public are present.
- If they are missing, re-register your org from the aprity Settings tab. Registration recreates the Named Credentials automatically.
Do not rename the Named Credentials. The aprity managed package references them by their exact names (FR_API and FR_API_Public). Renaming them will break all API communication.
Security Considerations
- Named Credentials ensure that endpoint URLs and authentication details are managed centrally in Salesforce Setup, not hardcoded in Apex code.
- The HMAC secret used by FR_API is stored securely within the managed package and is not accessible to org administrators.
- All API calls are made over HTTPS with TLS 1.2 or higher.