Salesforce REST API Integration w/OAuth
There are number of reasons you may want to interact with your instance of Salesforce from outside Salesforce. You may have an app or service that you want to allow to access your Salesforce data. In our case, we have an external call center that needs to be able to access and manipulate our Salesforce data.
We need our external call center to be able to create new Leads, update Lead information and schedule appointments. There is a lot of information online about the Salesforce REST API and Connected Apps, but it is widely distributed and can be confusing. We are going to take a look at a quick and relatively simple way to allow a 3rd party app or service to access Salesforce data.
It might help if you already understand:
- Salesforce
- API requests/responses
For the purposes of this post, we will need a few things to connect to Salesforce:
- A Salesforce user (not covered in this post)
- Login credentials for the user: username and password (not covered in this post)
- Connected App
- OAuth Token endpoint
- Consumer key
- Consumer secret
- Request endpoint
Log in to your Salesforce org. Go to Setup.
At this point you might think you can enter Connected Apps in the Quick Find box and be on your way. You would be wrong. Remember this is Salesforce and rarely does anything make sense, nor is it intuitive. You cannot create Connected Apps from Connected Apps. Follow the instructions below…
In the left sidebar, under App Setup click:
Create > Apps (or enter Apps in the Quick Find box and click Apps)
Now, do not clickNew next in the section labeled: Apps . Instead, scroll down to the section labeled: Connected Apps and click New.
In the Basic Information Section enter the required information:
In the API (Enable OAuth Settings) section check Enable OAuth Settings.
I am setting this app up in order make API requests from a server, so I don’t need a Callback URL and I am leaving it blank (we’ll end up with an error, but let’s see what happens). If you need a Callback URL, enter one now.
Now choose the Selected OAuth Scopes you need. I chose Access and manage your data (api). (If you don’t know what you need I can’t help you, sorry)
That’s all we need for a basic integration, so hit Save. You should see:
It looks like the app was created, but (if you did not enter a Callback URL) when we hit Continue we see:
Now, if you go to the Salesforce documentation Defining Connected Apps, it will give you information on Callback URLs, but will not tell you what to do if you don’t need one. It took me a minute to figure it out, but you can enter no:callbackurl to bypass the validation:
Now hit Save then Continue and you should see something like:
Scroll down to the API (Enable OAuth Settings) section and you’ll find the magic credentials you need to integrate an external app with your Salesforce instance:
Now that we have the required credentials to interact with our Salesforce org, we may need to take 2 additional steps. I am not 100% sure these are both required, but I know that before I completed these tasks, I kept receiving this error response:
{"error":"invalid_grant","error_description":"authentication failure"}
Scroll down further to the section: Trusted IP Range for OAuth Web server flow. You will need to enter the IP addresses or ranges that will be calling out to your Connected App.
Edit: More recently I encountered this error for another reason: If you see this error, you may not need to set the trusted IP ranges. I received this error when making a call from Postman to Salesforce. I had to prepend my Salesforce password (for the org I was calling out to) to my Security Token. In other words, if my password was 123 and my Security Token was XYZ, I had to use 123XYZ as the value for password. In the params it would look like password=123XYZ. When I did this I didn’t have to set the IP ranges.
I wanted to test my Connected App by sending a request from another instance to Salesforce (our Sandbox), so I entered the IP Ranges provided by Salesforce:
You may also need to Set Trusted IP Ranges for Your Organization for the application that is calling out to your Salesforce org. Follow the instructions in the previous link, to set those IP Ranges.
Again, to send test requests from our Sandbox, I set the IP Ranges provided by Salesforce in Network Access.
At this point you should be able to send a request to Salesforce and get a successful response. In order to access Salesforce the app sending the request will need items 1–7 listed near the start of this post.
Here is a Salesforce REST API Sample Request/Response wrapped in an Apex class. If you update the class with the proper endpoints and credentials, it should run as is:
We hope this helps!
Please feel free to leave kind comments, suggestions, corrections and better solutions!
