How to limit maximum number of characters that can be typed into ui:inputText and other input fields in Lightning Components?

Use maxLength attribute to limit maximum number of characters that can be typed into ui:inputText and other input fields in Lightning Components.

<ui:inputText value="{!obj.Number__c}" maxlength="8"/>

In the above example, the maximum number of characters that can be entered is 8.


What is the Chatter REST API?

The Chatter REST API

1. Enables integration with Salesforce Chatter.
2. Provides programmatic access to Chatter feeds and social data(Users, followers, files, etc.)
3. Have Build-in pagination.
4. Provides easy relationship traversal with url attribute. Sample url is "/services/data/v40.0/chatter/feed-item/0D530000001BKQ0GCA5"

Use the Chatter REST API to build

1. Social applications for mobile devices.
2. Highly interactive websites.
3. An integration from Salesforce Chatter into other applications(Faceboo, Twitter, etc.)

Example: - Brings all the data from different objects for the user.

Requesting a News Feed

Updating the User's status
Use HTTP POST. Use Request body along with the request.


Request Body:
"body" : 
"messageSegments " : [
"type" : "Text",
"text" : "Working with Infallibletechie"

Inserting a POST with @mention
Use HTTP POST. Use Request body along with the request.


Request Body:
"body" : 
"messageSegments " : [
"type" : "mention",
"text" : "005D00000001GrMq"
"type" : "Text",
"text" : "Working with Infallibletechie"


What is the use of done attribute in Salesforce REST API response?

Done attribute is used to find whether the result is batched. If done is false, then the result is batched and nextRecordsUrl will have the next set of records.

The result from using nextRecordsUrl will contain similar information, used to determine if there are more batches providing a new nextRecordsUrl value to retrieve them.

Response example when done is true:

"done" : true,
"totalSize" : 2,
"records" :
"attributes" :
"type" : "Account",
"url" : "/services/data/v20.0/sobjects/Account/001D000000IRFmaIAH"
"Name" : "Test 1"
"attributes" :
"type" : "Account",
"url" : "/services/data/v20.0/sobjects/Account/001D000000IomazIAB"
"Name" : "Test 2"

Response example when done is false:

"totalSize" : 1000,
"done" : false,
"nextRecordsUrl" : "services/data/v27.0/query/01g30000001NpqhAAC",
"records" :
"attributes" :
"type" : "Account",
"url" : "/services/data/v20.0/sobjects/Account/001D000000IRFmaIAH"
"Name" : "Test 1"
"attributes" :
"type" : "Account",
"url" : "/services/data/v20.0/sobjects/Account/001D000000IomazIAB"
"Name" : "Test 2"


Lock Contention

A situation in which one process tries to acquire a lock held by another process.

Paralell processing enables faster loading of data but can cause lock contention on records.

When we insert AccountTeam record, Account will be locked. When two AccountTeam records for the same account is getting processed in two different batches, we will face Lock Contention.

Lock Contention can be avoided by
1. Organizing data in batches. Child records with same Parent Id should be in the same batch.
2. Using serial mode.

The following operations are likely to cause lock contention and necessitate using serial mode:
  • Creating new users
  • Updating ownership for records with private sharing
  • Updating user roles
  • Updating territory hierarchies

If you encounter errors related to these operations, create a separate job to process the data in serial mode.


HTTP Methods available in Salesforce

Retrieves resource metadata.

2. GET
Queries data.

Creates record.

Updates record.

Deletes record.

6. PUT
Upserts records.


SOAP API Methods using WSDL from Salesforce

1. query()
To perform an initial query against a Salesforce Org.

2. queryAll()
To perform a query against a Salesforce org that returns records in the Recycle Bin as well as active records.

3. queryMore()
To get additional batch results from a query. Default batch size is 500. Minimum batch size is 200 and maximum batch size is 2000.

4. retrieve()
To retrieve data from objects based on their ids.

retrieve("Id, Name, Website", "Accounts", ids)

5. create()

6. update()

7. upsert()

8. delete()

9. merge()

10. emptyRecycleBin()

11. login()
Uses username and password to log in. Gets session id and URL to maintain the connection.

12. logout()

13. search()

14. getDeleted()
Retrieves deleted records for the specific time interval.

getDeleted("Account", StartTime, EndTime)

15. getUpdated()
Retrieves updated records for the specific time interval.

getUpdated("Account", StartTime, EndTime)

16. convertLead()

17. process()

18. getServerTimeStamp()

19. getUserInfo()

20. resetPassword()

21. setPassword()

22. sendEmail()

23. sendEmailMessage()

24. describeGlobal()

25. describeSObjects()

26. describeTabs()

27. describeLayout()

28. describesoftphoneLayout()


What is a Mashup?

A mashup is a Web page or application that combines data or functionality from two ore more sources to create a new service.

1. Link in a page to external app.
2. Embedded page(Example is Google Map as inline VF page in page layout).

Data cannot be passed.
Data cannot be used in reporting in internal application since data is from external application.


What is JSON?

JSON stands for Java Script Object Notation.

It is a lightweight and text-based format. Supports with UTF-8 and date-time information in ISO8601 format. It uses string value pairs for storing data.

JSON supports two structures.

1. Object
An object is an unordered collection of name-value pairs enclosed in {}.


2. Array
An Array is list of JSON values which can include objects enclosed in [].




What is WSDL?

Web Services Description Languare is an XML format for describing network services as a set of endpoints operating on messages containg either document-oriented or procedure-oriented information.

SOAP API uses WSDL to inform the external system about how it can connect to it and perform operations.

WSDL is often used in combination with SOAP and an XML Schema to provide Web services over the Internet. A client program connecting to a Web service can read the WSDL file to determine what operations are available on the server. Any special datatypes used are embedded in the WSDL file in the form of XML Schema. The client can then use SOAP to actually call one of the operations listed in the WSDL file using for example XML over HTTP.

Since WSDL files are an XML-based specification for describing a web service, WSDL files are susceptible to attack[6]. To mitigate vulnerability of these files, limiting access to generated WSDL files, setting proper access restrictions on WSDL definitions, and avoiding unnecessary definitions in web services is encouraged.


What is a PushTopic?

A PushTopic is record that

1. Defines a channel.

2. Determines what events will cause a notification. Event is a modification of a field while creating, updating, deleting or undeleting a record.

3. Describes the data the notification will contain.

Used in Streaming API.

NotifyForFields is used to determine when notification should be sent. NotifyForFields in PushTopic values.

1. All - considers changes in all fields.
2. Referenced - considers changes in fields in both SELECT and WHERE clauses.
3. SELECT - considers changes in fields in SELECT clause.
4. WHERE - considers changes in fields in WHERE clause.

Query limitation in PushTopic

1. Relationship reference is not supported. Example: SELECT Id, ABC__r.Name.

2. Sub Query is not supported. Example SELECT Id, (SELECT Name FROM ABC__r).

Supported CometD methods

1. handshake - for long polling connection

2. subscribe - subscribes to a channel

3. unsubscribe - un subscribes to a channel

4. disconnect - breaks connection


Salesforce APIs and supported formats


3. Chatter REST API - JSON, XML
4. Analytics REST API - JSON, XML
5. Apex REST API - JSON, XML, Custom
6. Apex SOAP  API - XML
7. Tooling API - JSON, XML, Custom


1. Metadata API - XML
2. Streaming API - JSON
3. Bulk API - CSV, JSON, XML


Salesforce Interview Questions with Answers Part 48

1. What is the purpose of Auth. Providers in Salesforce?

2. Define DMZ

In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network) is  a physical or logical sub-network that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet.

3. How to setup Delegated Authentication in Salesforce?

4. How to setup Federated Single Sign-On Using SAML in Salesforce?

5. Single Sign On Security in Salesforce

6. How to set Session Security Levels in Salesforce?

7. App Launcher in Salesforce

8. Difference between SAML and OAuth

9. Methods to Provision or give Access to Salesforce Communities Users

10. Event Monitoring in Salesforce

11. Difference between Web server OAuth flow, User agent flow OAuth Authentication flow and Username-Password OAuth Authentication flow

12. How to Troubleshoot SAML Assertions in Salesforce?

13. Apex Metadata API

14. Toolkit for Facebook

15. Canvas

Cheers!!! Toolkit for Facebook

The Toolkit for Facebook is a free set of tools and services that enables developers to harness the power of the Facebook and platforms to build business applications for Facebook. The Toolkit for Facebook gives you direct access to the Facebook APIs from within Apex Code, letting you create new social graph applications and user experiences that connect directly to’s Sites, database, integration, logic, and Visualforce user interface capabilities. Now, you can tap into Facebook's social graph from the enterprise cloud.

The for Facebook Toolkit beta release has been substantially updated to support recent enhancements in to the Facebook APIs. Most notably the toolkit now supports OAuth 2.0 for authentication, REST API for interrogating the Facebook Social Graph, extended permissions, pagination, and JSON for data.

Check the below link for more information.

Cheers!!! Canvas

A framework for integrating external Web Applications within Salesforce. Works with any Web-enabled application that uses HTTPS. It’s a secure way of exposing another system’s UI within Salesforce.

Canvas enables you to easily integrate a third-party application in Salesforce. Canvas is a set of tools and JavaScript APIs that you can use to expose an application as a canvas app. This means you can take your new or existing applications and make them available to your users as part of their Salesforce experience.

1. Framework to embed external applications into Salesforce.
2. Provides tools to authenticate between systems.
3. Provide JavaScript SDK tools to allow cross-domain callbacks.
4. Supplies Salesforce application context to an external application.
5. Controls access for users through permission sets.



Computing software that functions as an intermediate layer between systems.

Middleware is a software that acts as a bridge between an operating system or database and applications, especially on a network. It is a general term for software that serves to "glue together" separate, often complex and already existing programs.


1. ETL - Extraction, Transform, Load
2. Data Cleansing
3. Process Management
4. Distributed cache
5. Message queue
6. Transaction monitor
7. Packet rewriter
8. Automated backup system


Apex Metadata API

Ability to update Metadata from Apex. Simplify your app's setup and upgrade experience by working with metadata from Apex.

You can retrieve metadata from an org synchronously. Then you can inspect this metadata and update it, and you can also create metadata.

Check the below link for more information

Trailhead link -


How to Troubleshoot SAML Assertions in Salesforce?

1. Go to Single Sign-On Settings.

2. Click SAML Assertion Validator.

3. The SAML Validator shows the last recorded SAML login failure with some details as to why it failed.

4. To test the SAML assertion from the app, copy the Formatted SAML Response from the app.

5. In the Salesforce SAML Validator, paste the SAML assertion in the SAML Response box at the bottom of the page.

6. Click Validate.

The page displays some results to help you troubleshoot the assertion. For example, if the assertion was generated a while before it was used to log in, the timestamp expires and the login isn’t valid. In that case, regenerate the SAML assertion and try again.


Difference between Web server OAuth flow, User agent flow OAuth Authentication flow and Username-Password OAuth Authentication flow

Web server OAuth flow 

Typically used for web applications where server-side code needs to interact with APIs on the user’s behalf, for example DocuSign. Trust that the web server is secure to protect the consumer secret. Client application

1. Client directs user to authorisation end point.
2. User logs in to authorization end point and does not interact with client application at all.
3. Redirect is sent back to users browser appended with authorization code.
4. Client application extracts the access code and sends to authorisation end point.
5. If successful authorisation end point returns access and refresh tokens.
6. Client application uses token to access users data

User agent flow OAuth Authentication flow

Flow is used for authentication for client applications that reside on users device. Key difference with web server flow is that client cannot keep consumer secret confidential.

1. Client directs user to authorization end point.
2. User logs in to authorisation end point and does not interact with client application at all
3. Redirect is sent back to users browser appended with access token
4. Client application uses access token to access user data

Username-Password OAuth Authentication flow

This flow can be used where the client application already has the username password of the user. The flow is discouraged due to username and password being used back and forth in requests.

1. Client application requests access code with username/password
2. Authentication end point returns access token if successful
3. Client application uses access token for access


Event Monitoring in Salesforce

Event monitoring is one of many tools that Salesforce provides to help keep your data secure. It lets you see the granular details of user activity in your organization. We refer to these user activities as events. You can view information about individual events or track trends in events to swiftly identify abnormal behavior and safeguard your company’s data.

So what are some of the events that you can track? Event monitoring provides tracking for lots of types of events, including:
  • Logins
  • Logouts
  • URI (web clicks in Salesforce Classic)
  • Lightning (web clicks, performance, and errors in Lightning Experience and the Salesforce mobile app)
  • Visualforce page loads
  • API calls
  • Apex executions
  • Report exports
All these events are stored in event log files. An event log file is generated when an event occurs in your organization and is available to view and download after 24 hours. The event types you can access and how long the files remain available depends on your edition.
  • Developer Edition (DE) organizations have free access to all log types with one-day data retention.
  • Enterprise, Unlimited, and Performance Edition organizations have free access to the login and logout log files with one-day data retention. For an extra cost, you can access all log file types with 30-day data retention.
Check the below link for API

To download event log file from browser, follow the below steps

1. Go to

2. Click Sandbox or Production based on the environment where you want to download.

3. Click "Allow Access".

4. Enter Date Range.

5. Click Apply.


Methods to Provision or give Access to Salesforce Communities Users

Contact associated with and Impact on user provisioning

Person account - Can only create customer users

Non-partner account - Can only create customer users

Partner account - Can create customer and partner users

Manual Creation

To manually provision an external user for a Person account or non-partner account:

1. Go to the Contact detail page.

2. Click Manage External User.

3. Click Enable Customer User or Enable Partner User.

Enable Self-Registration in the Community

Go to the Communities setup overlay, select the “Login Page” tab, and enable Self-Registration. Optionally, select a default profile to assign to self-registered users. Only profiles that were previously added to the community are shown.

API Provisioning

You can provision community users by using the SOAP or REST API on the User object. When using this API, keep in mind that the Community user has to be associated to a valid contact and account so these fields need to be set. The account must also be owned by a Salesforce user that has a role.

We also provide the following methods to provision a new user through Apex:

createPortalUser(user, accountId, password) lets you create an external user associated to a Customer or Partner account.

createPersonAccountPortalUser(user, ownerId, password) lets you create an external user associated to a Person Account.

Social Sign-On Provisioning

Social Sign-On enables users to authenticate from a range of identity providers, including Facebook, Google, Microsoft, Amazon, Paypal, any OpenID Connect provider, and even other orgs  ( future plans include support for LinkedIn and Twitter as well ). Social sign-on is key to a new way of acquiring prospects, and servicing customers.   As part of the process users are created or updated on the fly using Registration Handlers.

Just-In-Time Provisioning over SAML 

With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you have a customer that needs access to your support Community, you don’t need to manually create the user in Salesforce. When they log in with single sign-on, their account is automatically created for them, eliminating the time and effort with on-boarding the account. This greatly simplifies the integration work required in scenarios where users need to be dynamically provisioned, by combining the provisioning and single sign-on processes into a single message.

Just-in-Time provisioning works with your SAML identity provider to pass the correct user information to Salesforce in a SAML 2.0 assertion attribute statement. You can both create and modify users, contacts, and accounts this way. Because Just-in-Time provisioning uses SAML to communicate, your organization must have SAML-based single sign-on enabled.

Mass-User Provisioning

Data Loader
Data Loader is a great option for non-developers who want to mass upload users.

Follow these steps to mass upload users using Data Loader:

1. Set up your Community accounts (Partner or Customer).

2. Add contacts to the accounts.

3. Create the Community Role that your Users will be using (for role-based users only).

4. Create a .csv import file for importing users.

5. Export the contacts for which you want to create users.

6. Add contact info to the .csv import file; complete empty fields.

7. Import the .csv file through Data Loader.

Once your accounts and contacts are set up, create a .csv file with the following information to create new users:

– RoleId (optional, otherwise default to user role)

– FirstName

– LastName

– ContactId (use the contact id of previously created contact)

– ProfileId

– Username

– Email

– Alias

– TimeZoneSidKey

– LocaleSidKey

– EmailEncodingKey

– LanguageLocaleKey


Difference between SAML and OAuth

Overview of SAML
1. The user makes a request to for a specific resource.
2. detects the user needs to authenticate and redirects the user to their SAML Identity Provider.
3. The user accesses their IdP and authenticates.
4. Once authenticated, the IDP sends a SAML Response back to
5. processes the SAML assertion and logs the user in.

Overview of OAuth

1. The OAuth Client makes an authorization request.
2. The Authorization Server authenticates the user.
3. The user authorizes the application.
4. The application is issued an OAuth token.


App Launcher in Salesforce

Setup, use and manage the Salesforce App Launcher, which provides a single sign-on portal for your users to launch approved Salesforce apps and external applications (also called "Connected Apps") from one interface. Administrators can leverage profiles and permission sets for granular control over who sees the App Launcher and the apps available in each user's App Launcher. Salesforce also provides tools and API support to customize the App Launcher, monitor usage, and block or unblock specific apps, as needed.

1. Enable Use Identity Features in System Permissions.

2. Enable App Launcher Tab Settings

3. Select App Launcher.

4. Use App Menu to organize Apps.


How to set Session Security Levels in Salesforce?

1. Go to Session Settings.

2. Add/Remove Session Security Levels.


Single Sign On Security in Salesforce

It is important to test the security of Single Sign-On implemented. Since it doesn't require username and password, it may expose sensitive data to the attacker.

Single sign on issues arise for developers integrating with when either the API Partner Server URL is not validated or SSL is not used when a non-native application calls back to an external server with a user’s session id. This may result in exposure of the API Session ID or Salesforce data to an attacker.

Check the below link


How to setup Federated Single Sign-On Using SAML in Salesforce?

1. Go to Single sign-On Settings.

2. Enable SAML Enabled in Federated Single Sign-On Using SAML section and click New button in SAML Single Sign-On Settings to configure section.


How to setup Delegated Authentication in Salesforce?

1. Go to Single Sign-On Settings.

2. Set Delegated Gateway URL.

Forces a callout to the gateway URL, even after a failure due to restrictions set in the profile (such as IP range restrictions).


What is the purpose of Auth. Providers in Salesforce?

Auth. Providrs let users log in to your Salesforce org using their non-Salesforce credentials. Implement a custom external authentication provider if your OAuth app doesn’t support OpenID Connect. If your app supports OpenID Connect, you can use one of the authentication providers that Salesforce provides.

External users can log in using their credentials from Facebook©, Janrain©, or another Salesforce organization if you set up authentication providers on the Auth. Providers page in Setup and choose to display them on the community login page.

To configure, check the below link

Sample Examples:


Salesforce Certified Platform Developer I - BETA - WI18 is available for Free!!!

To Register for the Certification, follow the below steps

1. Visit and create a new account for you if you are applying for Salesforce certification for the first time.

2. Click Register Exam.

3. Click Register button to register for the exam.


All the best!!!

Salesforce Interview Questions with Answers Part 47

1. What does the data type sObject represent?
An sObject variable represents a row of data and can only be declared in Apex using the SOAP API name of the object.
For example:
Account a = new Account();
MyCustomObject__c co = new MyCustomObject__c();

2. What are some of the collections types you can use in Apex?

3. Syntax for catching errors in Apex?

4. Unit testing in Salesforce?

5. What is the use of Metadata API?

6. Difference between Enterprise and Partner wsdl in Salesforce

7. When to use Trigger instead of workflow rules?

8. What is the use of With Sharing keyword?

9. What is the use of transient keyword in Salesforce?

10. What are future methods?

11. What VF standard component would you use to display data in a table?


12. What is the use of reRender attribute?

13. What is the use of apex:actionStatus?

14. Order of execution in Salesforce

15. Difference between Lookup and Master-Detail relationship in Salesforce

16. Test classes for webservice classes?

17. How to handle locking exception?

18. How to improve VF performance?


How to handle locking exception?

When an sObject record is locked, no other client or user is allowed to make updates either through code or the Salesforce user interface. The client locking the records can perform logic on the records and make updates with the guarantee that the locked records won’t be changed by another client during the lock period.

Apex has the possibility of deadlocks, as does any other procedural logic language involving updates to multiple database tables or rows.

To avoid such deadlocks, the Apex runtime engine:

1. First locks sObject parent records, then children.

2. Locks sObject records in order of ID when multiple records of the same type are being edited.

As a developer, use care when locking rows to ensure that you are not introducing deadlocks. Verify that you are using standard deadlock avoidance techniques by accessing tables and rows in the same order from all locations in an application.


How to view Feed tab of Case record in Console app in Salesforce?

1. Open Console app.

2. Open any Case Record.

3. Click Feed Tab.


Salesforce Interview Questions with Answers Part 46

1. How to show setup in Visualforce page as Side Bar?

2. File Upload and Download Security in Salesforce

3. In converting VF to Lightning should we replace the whole page?

No. We can change wherever required.

To style your Visualforce page to match the Lightning Experience UI when viewed in Lightning Experience or the Salesforce app, set lightningStylesheets="true" in the <apex:page> tag. When the page is viewed in Salesforce Classic, it doesn’t get Lightning Experience styling.

4. When using APIs, REST APIs – how do we make the user stay on the same page even if the response takes more time? 

apex:actionStatus can be used.

5. Why we use SOSL instead of SOQL?

6. Formula Fields and Workflow Field Updates

Both are easy to configure and no code is involved.

Formula Fields 

1. Changes in Parent record will be automatically reflected in child records.
2. Change in Formula field cannot invoke trigger or workflows.
3. Formula field values cannot be modified manually.

Workflow Field Updates

1. Changes in Parent record cannot be updated in child records.
2. If the record was updated with workflow field updates, fires before and after triggers one more time. Custom validation rules, duplicate rules, and escalation rules are not run again.
3. It considers criteria before updating the field value.