This document is intended as an additional reference for allowing S-Docs Jobs or REST API calls to be run as a specified user. If you are looking to automate S-Docs, we strongly reccommend you use the newer method involving the S-Docs Jobs Object. Click here for the complete guide to automating S-Docs with S-Docs Jobs.

If you have already automated S-Docs in the past with the REST API method and need to review the details, you can click here for the complete guide to automating S-Docs with the REST API.

Running S-Docs Jobs and REST API calls as any user is simple; getting Salesforce to allow this, however, is a bit more work. This document discusses how you can get Salesforce to allow you to run S-Docs Jobs and REST API calls as another user; please see the above documents for steps on actually running S-Docs as a specified user. This setup uses JWT Bearer assertion flow to run as any user without preauthorization. The steps include adding remote site settings, creating a connected app, and linking the app details to S-Docs via a custom settings entry.

  1. Configure Remote Site Settings. Go to Setup > Security Controls > Remote Site Settings
    1. Click New Remote Site. For Remote Site Name, enter whatever you'd like. For Remote Site URL, enter:
      1. For production: https://login.salesforce.com
      2. For sandbox: https://test.salesforce.com
    2.  Click New Remote Site. For Remote Site Name, enter whatever you'd like. For Remote Site URL, enter the URL for your own Salesforce instance (You can copy+paste this from your address bar, e.g. https://na1.salesforce.com or https://cs2.salesforce.com. In the URL, note that the number after na or cs will vary).
  2. Configure Salesforce Connected App
    1. Create Certificate. Go to Setup > Security Controls > Certificate and Key Management
      1. Click Create Self Signed Certificate. Name it SDocsCert. Click Download Cert, as we will use this later.
    1. Create Connected App. Go to Setup > Build > Create > Apps, Scroll down to Connected Apps, Click New.
      1. Created Connected App name Sdocs Connected Apps, API Name: Sdocs_Connected_App, email: support@sdocs.com
      2. Check API (Enable Oauth Settings), Set Callback to:
        1. For production: https://login.salesforce.com/services/oauth2/callback
        2. For sandbox: https://test.salesforce.com/services/oauth2/callback
      3. Check Use digital signatures, upload Cert from step 1
      4. Select the following OAuth scopes: Perform requests on your behalf at any time, Access and manage your data, Access and manage your Chatter data.
      5. Save.
      1. Go to Setup > Build > Create > Apps, Click Manage link next to app
        1. Click Edit, and then set Permitted Users to Admin approved users are pre-authorized.
        2. Set IP restrictions per your corp policy
        3. Set refresh Token is valid until revoked.
        4. Save your changes.
        5. Under the Profiles section, add All user profiles that will generate documents and save your changes.
      2. Create Custom Setting Entries
        1. Go to Setup > Build > Develop > Custom Settings. Click Manage link next to SDocsSettings entry
        2. Click New.
          1. Enter name: SDocsSettings,
          2. iCertificate Name is SDocsCert [from step 2.a.i]
          3. Connected App Consumer Key- copy/paste the from app info [ to retrieve, you can go to setup>create>Apps> click on SDocs Connected App Link, copy the consumer key field]
          4. Connected App Login URL:
            1. For production: https://login.salesforce.com
            2. For sandbox: https://test.salesforce.com
          5. ConnectedAppUserName – set this to a default valid username (which is an email address format) that will be used as a backup if the provided username is not found or not valid.

    Upon completion, you should be able to invoke the call using any username. To verify the process, you can go to:
    Setup > Administrations Setup > Monitoring > Apex Jobs

    If you require additional error handling, this should be done within your own codebase.

    My Self-Signed Certificate is Expiring Soon!

    Several months after setting this up, you may get an email from Salesforce informing you that your self-signed certificate expired. If that is the case, you can follow the steps below to renew your certificate. We recommend this is done after hours.

    1) Go to Setup-->Administer-->Security Controls-->Certificate and Key Management
    2) Click Delete for SDocsCert
    3) Click Create Self-Signed Certificate
    4) Set Label to SDocsCert
    5) Set Unique Name to SDocsCert
    6) Click Save
    7) Click Download Certificate
    8) Go to Setup-->Build-->Create-->Apps
    9) Scroll down to Connected Apps section
    10) Click Edit next to Sdocs Connected Apps
    11 Scroll down to Use digital signatures
    12) Click Choose File and select the previously downloaded certificate.
    13) Click Save
    14) It may take several minutes for the new certificate to take affect.
    15) Confirm that everything is working (test SDJobs with Mass Merge).

    Troubleshooting

    If you performed this setup, but your S-Docs Jobs are stuck at 10%, please try the following:

    • Go to _Setup > SDocsSettings > Manage > SDocsSettings_ and set ConnectedAppTokenUrl__c to the URL domain seen in your browser's URL bar when you're on the "home" page in Classic.

    • Go to _Setup > Connected Apps > SDocs Connected Apps > Profiles_ and verify that the profiles of the following users are both added to the app's permitted profiles list: 1) the user who inserted the job, and 2) the Run As User