OAuth Authentication

Pranjal Bansal   |  

April 11, 2024

A Representational State Transfer Application Programming Interface (REST API for short) is a type of web service that exposes access to different resources in which a client can interact through the use of unique URLs and HTTP methods to indicate the requested action.

What is OAuth?

OAuth is an open protocol that authorizes a client application to access data from a protected resource through the exchange of tokens.

Layer 1: OAuth Tokens and Scope

OAuth's tokens authorize access to protected resources. Connected apps receive tokens on behalf of a client after authorization. Scopes further define the type of protected resources that the connected app can access. You assign scopes to a connected app when you build it, and they’re included with the OAuth tokens during the authorization flow.

1.1 Access Tokens :

Access tokens are your key to Salesforce APIs. When a client successfully completes an authorization flow, whether it’s a standard OAuth 2.0 flow or a Headless Identity flow, Salesforce issues an access token that can be used to access protected Salesforce data. Salesforce supports two types of access tokens: opaque tokens and JSON Web Token (JWT)-based access tokens. Each type has its own merits and limitations based on your use case.

1.2 OAuth Endpoints :

OAuth's endpoints are the URLs that you use to make OAuth authorization requests to Salesforce. Each OAuth flow defines which endpoints to use and what data request to provide. To integrate an external web app with the Salesforce API, use the OAuth 2.0 web server flow, which implements the OAuth 2.0 authorization code grant type. With this flow, the server hosting the web app must be able to protect the connected app's identity, defined by the client ID and client secret.

Layer 2: Configure a connected app:

A connected app requests access to REST API resources on behalf of the client application. For a connected app to request access, it must be integrated with your org’s REST API using the OAuth 2.0 protocol. OAuth 2.0 is an open protocol that authorizes secure data sharing between applications through the exchange of tokens.

How to create connected app?

Record-Step 1: Go to Setup

Metadologie Oauth Authentication
Metadologie Oauth Authentication

Step 2: Search for App Manager on quick find box

Step 3: Click on New connected app button

Metadologie Oauth Authentication

Step 4: Give all basic details like name, phone email and also give a callback url (Url of your org)

Step 5: After clicking on enable oauth settings and select OAuth scopes Save changes

Step 6: Stay on page and click manage consumer details. It provides you with client ID and client secrets which are necessary for authentication.

After all your Connected app looks like this:

Metadologie Oauth Authentication

Layer 3: Auth Providers :

It represents an authentication Provider(auth provider). Only users with customize Applicationand manage AuthProviders permissions can access this object.

Step 1: Go to Setup

Metadologie Oauth Authentication

Step 2: Search for Auth. Provider on quick find box

Metadologie Oauth Authentication

Step 3: Click on new

Metadologie Oauth Authentication

Step 4: Select Provider Type as salesforce and fill all basic details be sure client id and client secret you give that was generated by connected app. Add default scopes as: full refresh_token offline_access

After saving Auth. Provider it looks like this:

Metadologie Oauth Authentication

Layer 4: Named Credentials :

To simplify the setup of authenticated callouts, specify a named credential as the callout endpoint. Create an external credential to specify an authentication protocol and permission set or profile to use when authenticating to an external system. Add custom headers to named and external credentials to cover more use cases and security requirements. You can create and configure named credentials programmatically or through the Salesforce app UI.

Step 1: Go to Setup

Metadologie Oauth Authentication

Step 2: Search for Named Credentials on quick find box

Metadologie Oauth Authentication

Step 3: Click on drawdown after new and then click on new legacy

Step 4: Give label and url (must be org url)

Step 5: Select named principal as identity type and protocol as OAuth 2.0

Step 6: Select your auth. Provider name from the authentication provider and give scope.

Metadologie Oauth Authentication

After creating the name credentials, it looks like this:

Layer 5: Setup Postman

Step 1: Create a collection

Step 2: Select method as post and put https://test.salesforce.com/
services/oauth2/token this url if you are in sandbox otherwise replace test with login

Step 3: For Authorization select No Auth

Step 4: For Header choose key (Content-Type) and value (application/x-www-form-urlencoded)

Step 5: In body choose x-www-form-urlencoded

Then give key and value as :

grant_type = password

client_id = your client id

client_secret = your secret key

username = ‘org username’

password = ‘org password’


REST APIs are the basis of all interactions between different applications. Many companies and organizations today offer APIs to interact with their applications. REST APIs allow third-party application developers to perform operations such as transmitting or accessing data from one application to another.

Keep the conversation going

Connect with us on Medium, Instagram and the LinkedIn. Have questions or stories to share? We're all ears!