REGISTER NOW: Supercharge Your Cloud Integrations and Watch Our Webinar Recording

Kloudless Blog

Tutorials, case studies and how-tos from our experts

Monday Motivation: Understanding the Salesforce OAuth Authentication Flow

Photo by Samuel Zeller on Unsplash

“If we always helped one another, no one would need luck.”

It’s Monday, and we’re back with another helpful post centered on helping you overcome some of the most commonly asked questions about the APIs we work with here at Kloudless. Every Monday, we will aim to help answer some of the oft-asked inquiries into the world’s most popular APIs. Today, we will be focusing on the industry’s leading solution for all things CRM: Salesforce.

Salesforce is not only a popular integration choice for applications looking to offer their users CRM functionality. It is also popular among developers looking to add to their already-robust skill sets. There are many positions available for those that can navigate and build out functionality in the customer relationship manager, and developers looking to pad their income can find wonderful opportunities by learning more about the platform and its capabilities.

If you’re in the process of learning how to use the Salesforce API, then authentication is a priority on your list of things to learn. Let’s take a minute to walk through how to go about authenticating with Salesforce using their OAuth flow.

Authenticate This

You should use the username-password authentication flow to authenticate when you already have the user’s credentials. In this authentication flow, the user’s credentials are used by the application to request an access token that we will cover in the following steps.

The whole flow looks something like this:

Username-password OAuth authentication flow
c/o Salesforce

The client application uses the user’s username and password when requesting an access token. This is done via an out-of-band POST request to the appropriate Salesforce token request endpoint, such as https://login.salesforce.com/services/oauth2/token. The following request fields are required:

  • grant_type
  • client_id
  • client_secret
  • username
  • password

For more information on these parameters, please head over to the Salesforce docs here.

An example request body will look like so:

Salesforce will then verify the user credentials, and if successful, will send a response to the application with the access token. This response will contain the following values:

  • access_token
  • instance_url
  • id
  • issued_at
  • signature

The request body returned will look like so:

Your application can now use the provided access token to access protected user data. Keep in mind that this method will not provide a refresh token, as the user is never directed to login at Salesforce using this flow. If your application requires a refresh token, consider using the webserver or user-agent OAuth flow.

So You Passed the Test. Now What?

That should cover everything you need to wrap your head around the Salesforce OAuth authentication process. If your application is providing CRM integrations, why offer a single service when you can provide your users with any of their preferred CRM platforms? In the same amount of code it would take to connect to a single service, you can provide your users with up to dozens of competing CRM providers through the Kloudless Unified CRM API. Click here to learn more, and good luck on the test!

Published By

David Hallinan

David Hallinan is an Integration Strategist and Head of Content at Kloudless. He enjoys painting, JavaScript, vintage synths, drum machines and forcing his sports allegiances on his children.

View all posts by David Hallinan