Step-by-Step Guide: Integrating Salesforce with Postman Using OAuth 2.0 and Connected Apps

How to Use Postman to Integrate with Salesforce Using a Connected App

In this blog post, we will walk through how to integrate Salesforce with Postman using a connected app. Salesforce provides a secure way for third-party applications to access its resources through a REST API. To achieve this, you need to authorize the app using OAuth 2.0 authorization flows. We’ll cover different flows like Authorization Code with PKCE, Username-Password, Client Credentials, and Web Server Flow, as well as how to troubleshoot some common errors along the way.

Prerequisites

Before we dive into the details, ensure the following:

  • You have Postman installed.
  • You have access to a Salesforce organization (either a sandbox or developer edition).

Overview

When building a web application that needs to access Salesforce resources, the client app must be authorized to do so securely. This is typically done using OAuth 2.0 and a connected app. Here’s how the general flow works:

  1. Authorization Requirement: The client application (e.g., your web app) wants to access Salesforce resources like data or services.
  2. Authorization Process: In order to access these resources, the client needs authorization.
  3. Authentication Server Role: Salesforce delegates the responsibility of authenticating and authorizing the client to its Authorization Server.
  4. Token Usage:
    • Once successfully authenticated, the client app receives an access token.
    • The app can use this access token to access Salesforce resources.
    • Additionally, the client can request a new access token using a refresh token, if needed.

Step-by-Step Guide

1. Setting Up a Connected App

To begin, we need to create a connected app in Salesforce. This is essential for any external application to securely integrate with Salesforce using OAuth 2.0. The connected app provides the client ID, secret, and the necessary configuration to authenticate.

2. Using OAuth 2.0 Flows in Postman

Once the connected app is set up, we will use Postman to try out different OAuth 2.0 authorization flows. These flows provide various ways to authenticate and authorize access. Let’s walk through the key flows:

  • Authorization Code Flow
    This is a standard OAuth 2.0 flow for web apps. It requires user interaction for granting access. In Postman, you’ll exchange an authorization code for an access token.
  • Authorization Code with PKCE
    PKCE (Proof Key for Code Exchange) is an extension to OAuth 2.0 that adds an extra layer of security by using a dynamically generated secret. This is often used in public clients (like mobile apps). You’ll need a callback URL in Salesforce to complete this flow.
  • Username-Password Flow
    This flow is used in scenarios where you trust the client app with the user’s credentials. It’s considered less secure and is only recommended for trusted applications.
  • Client Credentials Flow
    This flow is ideal for machine-to-machine authentication where there’s no user involvement. It uses only the client ID and secret.
  • Web Server Flow
    This flow allows your application to obtain an access token through the back-end server rather than exposing it to the front-end.

Troubleshooting Common Errors

When working with OAuth flows, you may encounter errors. Here’s one common error and how to troubleshoot it:

Error: invalid_grant, Description: request not supported on this domain

Solution:
This error typically means that the domain you are using in Postman or Salesforce isn’t correctly set up for OAuth. Ensure the callback URL matches what is configured in your Salesforce connected app, and check whether the domain supports OAuth requests.

Watch full breakdown in this video

Conclusion

Using Postman to integrate with Salesforce can streamline your API development process. With a properly configured connected app and an understanding of different OAuth 2.0 flows, you’ll be able to authenticate and access Salesforce resources securely. Always make sure to use the right flow based on your application’s needs and handle errors gracefully.

That’s it for this tutorial! I hope you now have a solid understanding of how to set up and use Postman with Salesforce through a connected app. If you run into any challenges or have more questions, feel free to drop a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *