Implement Username-Password flow (less secure)

To start working with Financials via the Force.com REST API, you need to configure an authentication flow in your Salesforce organization. The authentication flow we’re going to set up in this topic is called OAuth 2.0 Username-Password Authentication Flow. It isn’t the most secure one, but it’s fastest to implement for demo purposes.

In a production environment we recommend that you implement a more secure authentication flow called OAuth 2.0 User-Agent.

For information about all authentication flows you can use with the Force.com REST API, see Understanding Authentication in the Force.com REST API Developer Guide.

Step 1: Review security settings in your org

Log on to your Salesforce org as an administrator and review the following settings:

You may need to change certain settings such as trusted and restricted IP ranges to enable access to the org from your IP address. For details, see:

Step 2: Create a connected app in Salesforce

  1. Go to Setup > Apps > App Manager.
  2. Click New Connected App in the top right, and create a new app.
    Configure the following options and keep the default values for other options:

    • Connected App Name. Enter any descriptive name.

    • API Name. Enter any descriptive name.

    • Enable OAuth Settings. Select this check box.

    • Callback URL. Enter an HTTPS callback URL. Ensure that the URL doesn’t redirect to another website. If you’re automatically redirected from this URL to somewhere else, you won’t be able to configure the user-agent flow.

    • Selected OAuth Scopes. Add the required scopes. For the sake of demonstration, we’ll add Full access (full) and Perform requests on your behalf at any time (refresh_token, offline_access).

  3. Click Save.

Example connected app:

Step 3: Take note of the app’s Consumer Key and Consumer Secret

Once your app is created, take note of the Consumer Key and Consumer Secret of your app – you’ll need them later:

The Consumer Key and Consumer Secret look similar to the following:

Step 4: Get an access token from Salesforce

To try out the steps in this section, install Postman and open the Postman collection we have prepared for you:

Download Postman Open Postman Collection

In the collection, open one of the following requests and replace variables with actual values:

WARNING: Before making any changes to your production organization in Salesforce, test them in a sandbox or scratch org first. For more information, see Develop with Sandbox and Quick Start: Using a Sandbox and Change Sets in the Salesforce Development Lifecycle Guide.

  1. Configure your application to send one of the following POST requests:

    • To get an access token for a sandbox or scratch org: 
       POST https://test.salesforce.com/services/oauth2/token
    • To get an access token for a production org: 
       POST https://login.salesforce.com/services/oauth2/token

  2. Configure the request headers to include the following key-value pair:

    Key Value
    Content-Type application/x-www-form-urlencoded

  3. Configure the request body to include the following key-value pairs:

    Key Value
    grant_type password
    client_id {consumer key you copied in Step 2: Take note of your app’s key and secret}
    client_secret {consumer secret you copied in Step 2: Take note of your app’s key and secret}
    username {your Salesforce user name}
    password {your Salesforce password}
  4. Send your request.

  5. In the response body, locate and copy the values of the access_token and instance_url parameters. The parameter values looks similar to the following:

     "access_token": "00D0N000000h6Yq!AR0AQH8Q246.FAmlewZKdJYJ_O3y1ziq62BbR5Gj0yk9yznYqT.YDjz.rZzTZ0d8aLB9WR2EGz6.myY_Z.smrDiERcF7iKP0",
 "instance_url": "https://my-domain-1234.cs89.my.salesforce.com"

    Append the access_token value to all subsequent HTTP requests your application sends to Financials via the Salesforce REST API. If your token expires, get a new access token by repeating Step 3: Get an access token from Salesforce.

    Use the instance_url value to compose the URLs for sending HTTP requests to Financials deployed in your Salesforce domain.

    For example:

     GET https://my-domain-1234.cs89.my.salesforce.com/services/data/v44.0/queryAll?q=SELECT Id, Name FROM s2cor__Sage_COR_Company__c