current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Salesforce Stack Exchange is a question and answer site for Salesforce administrators, implementation experts, developers and anybody in-between. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 2 down vote favorite
1

I am using metadata API to retrieve connected App information. I am getting all information but NULL value for "consumerSecret" . Is there any security reason behind this?

share|improve this question
    
Visit this link. A Similar question was asked. – Rohit Mourya 53 mins ago
up vote 3 down vote accepted

The Client Secret is a password, and should be treated as such. You can read more about this feature in the ConnectedApp documentation:

A value that is combined with the consumerKey and used by the consumer for identification to Salesforce. Referred to as client_secret in OAuth 2.0. Typically, this value is generated by Salesforce when you create the connected app. However, the field is write-enabled so you can customize the shared secret value. Once set, the value is not returned in metadata API requests. The value must be alphanumeric (no special characters and no spaces) and a minimum of eight characters (maximum of 256 characters). If you specify a secret already in use for another connected app in the organization, you’ll get an error.

This field is available in API version 32.0 and later.

Yes, it's true that you can retrieve the Client Secret via the UI, but this feature is restricted to administrators, and only available in locally created Connected Apps (i.e. it can't be read for apps installed from a third-party).

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.