Rule: ApexSuggestUsingNamedCred

Message

Suggest named credentials for authentication

Description

Detects hardcoded credentials used in requests to an endpoint.

You should refrain from hardcoding credentials:

• They are hard to mantain by being mixed in application code
• Particularly hard to update them when used from different classes
• Granting a developer access to the codebase means granting knowledge of credentials, keeping a two-level access is not possible.
• Using different credentials for different environments is troublesome and error-prone.

Instead, you should use Named Credentials and a callout endpoint.

For more information, you can check this

Priority

1 (was 3)

Example

public class Foo {
    public void foo(String username, String password) {
        Blob headerValue = Blob.valueOf(username + ':' + password);
        String authorizationHeader = 'BASIC ' + EncodingUtil.base64Encode(headerValue);
        req.setHeader('Authorization', authorizationHeader);
    }
}