This article explains how to perform OAuth 2.0 authentication with Salesforce using the Client Credentials flow, which is the latest supported method for external client integrations.
This configuration aligns with Salesforce’s External Client Apps framework and enables ACCELQ to securely automate Salesforce API testing without manual token management.
Step 1: Prerequisite
Before proceeding, ensure you have completed the setup described in the article:
Pre-Requisite Setup To Enable API Access In Salesforce (External Client App – OAuth)
You must have the following values from your Salesforce External Client App:
- Consumer Key (client_id)
- Consumer Secret (client_secret)
- Salesforce Instance URL
Note: You can get the Salesforce instance URL by clicking on the Salesforce profile icon.
Step 2: Understand the Authorization Header
In this method, Salesforce expects the client credentials to be sent in a Basic Authorization header.
The credentials are formatted as follows:
<client_id>:<client_secret>
Then Base64-encoded to form the value of the Authorization header.
Example Encoding:
Authorization: Basic TXlDbGllbnRJRDpNeUNsaWVudFNlY3JldA==(where
TXlDbGllbnRJRDpNeUNsaWVudFNlY3JldA==is the Base64 encoding of<ClientID>:<ClientSecret>)
Generate your Authorization header value below:
Basic <Base64 encoding of client_id:client_secret>
Tip: This tool runs entirely in your browser. No data is sent anywhere.
Step 3: Send Token Request
Send a POST request to the Salesforce token endpoint:
|
POST Login to Salesforce with OAuth Authorization. Logs into salesforce with OAuth Authorization using Salesforce user name and password and returns access Token. | |
| End Point URL | <Salesforce Instance URL>/services/oauth2/token |
| Request Headers |
Content-Type : application/x-www-form-urlencoded Accept : application/json Authorization : Basic <Base64 encoding of ClientID:ClientSecret> |
| Query Params |
grant_type : client_credentials |
| Sample Response |
{ "access_token":"00D5g000004FukL!AQUAQOUmfFr_kfJapSdPOIG3VfSuHkkEmd7_pZSV_Shm8fdwdJwMz9n00AOSWcpttdOm3hWJ5cdr7.w24gN7DORwr8wtXTRw", "instance_url": "https://test-tenant.my.salesforce.com", "id": "https://login.salesforce.com/id/00D5g0845885FukLEAS/0055g000004LrQxAAK", "token_type": "Bearer", "issued_at": "1625398015156", "signature": "izP5ZUwLON+Pz56756Apx+wNdMW0vaQLvnG0oN9ipmQ=" |
Here is how you make this API call in ACCELQ and derive the bearer token.
1. Open an Action in ACCELQ, and click the API button dropdown and choose "REST" API.
2. Fill in all the API information as shown below "client id" and "client secret" values are read from the Salesforce Connected App (as explained in the pre-requisite). and click the NEXT button.
3. In the REST Request Payload modal choose the content-type as "application/x-www-form-urlencoded" and specify grant_type as 'client_credentials'
4. Click the SEND REQUEST button to trigger the request and navigate to the REST Response Information modal.
5. Response information should look somewhat like this.
The response will contain a node called access_token. The access_token node value contains the Bearer token which can be used in all subsequent Salesforce API calls for API Authentication
6. Click on the node access_token to generate the JSON node path that can be later used to extract the access_token node value.
Extract the Access Token from the OAuth Login API response
Use the command "Get Node From ReST Response" in the Action Login to extract access token from the path $['access_token']
Here is an example that includes the Login API call and the extraction of the access token.
Convert Access Token to Bearer Token
Use the Expression Builder to create the Bearer Token in the below format as shown below.
Bearer <access_token generated from the OAuth Login API>
Add Authorization Header to all subsequent Salesforce API calls
Add the generated Access Token in the header of all the Salesforce API calls in the below format:
| Header Name | Value |
| Authorization | <bearer token generated from the first step> |
Here is an example:
Comments
0 comments
Please sign in to leave a comment.