Annotate the Apex class with @RestResource(urlMapping='/myresource/*') and methods with @HttpGet, @HttpPost, etc.; deploy and confirm the class is Active.
Authenticate externally using a connected app (JWT Bearer for server-to-server or authorization code for user-delegated) and obtain the instance_url and access_token.
Build the request URL as: {instance_url}/services/apexrest/myresource/{optional-path-params}; do not insert a /vXX.0/ segment — the apexrest path is version-agnostic.
Include the Authorization: Bearer {access_token} header; for POST/PUT send Content-Type: application/json with your payload.
Parse the response; Apex REST returns whatever the method returns or serializes as JSON — document the contract because schema is developer-defined.
Test in a sandbox using the same connected app credentials to avoid sharing production secrets in test pipelines.
Known gotchas
The urlMapping is case-sensitive and must begin with '/'; wildcard segments use '*' not named parameters — query string parameters must be read from RestRequest.params.
Governor limits apply to Apex REST just as they do to triggers; a single REST call that hits 101 SOQL queries returns a 500 with a governor limit error in the response body.
Salesforce does not automatically expose Apex REST methods to guest or community users unless the class has appropriate sharing settings and a site user profile grants access.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp