Salesforce to Amazon integration with Named Credentials

Salesforce integration to Amazon

Background

We recently worked on a project that required Salesforce to integrate with an Amazon Service. In this instance, the user accounts were synchronized between Salesforce and Amazon. 

I learnt a lot about AWS connection via named credentials and Apex, particularly the requirement to create an authorisation signature. 

I’ll write a longer piece on the whole solution in future but one thing that stumped us for a while was an error message stating: 

The Error

'No authorisation information found in the header' 

We were getting this message after setting up the named credential and for a while were scratching our heads on why this detail wouldn’t be added to the header. Here’s what we spotted. There are 2 checkboxes on the named credential setup and even though we had Generate Authorization Header was checked, it was not being added to the header.

No authorisation header error on named credential

The Fix

When adding the named principal setting under Identity Type I missed the fact that the Authentication Protocol picklist was changing values. Salesforce let me save the named credential without choosing a protocol!

Watch our for the new options in Authentication Protocol

After realising that the drop down was changing each time I saw that AWS Signature 4 was available as an option. This is quite a new feature. Prior to this being available in Named Credentials, developers would have been required to generate the signature header through code.

When you select the appropriate Authentication Protocol you are prompted to enter all of the appropriate security information.

Calling the named credential in Apex

Here is a short code snippet of using this named credential (in our instance, called Cognito) in Apex.