When you create a Salesforce Streaming Event connection, configure the connection using Password or OAuth authentication properties. Default is Password authentication.
Password authentication
To authenticate the Salesforce connection using Password authentication, select Password in the Authentication Type list and configure the following properties:
Property
Description
User name
Required. Salesforce developer account user name.
Password
Required. Salesforce developer account password.
Security Token
Required. The security token to connect to Salesforce. This is a case-sensitive alphanumeric code used as a second level of authentication.
Service URL
Required. The SOAP service URL of the Salesforce Streaming Event endpoint. For example, enter:
https://login.salesforce.com/services/Soap/c/56.0
To subscribe to Salesforce Streaming platform events, PushTopic queries, and change events, or publish messages to Salesforce Streaming platform events, the supported version for the soap service URL for Salesforce login is 56.0. Enter the following value:
https://login.salesforce.com/services/Soap/c/56.0
To subscribe to Salesforce Streaming platform events, PushTopic queries, and change events, or publish messages to Salesforce Streaming platform events, you must configure the following properties in the Event API Settings section:
Property
Description
Consumer Key
The consumer key associated with the Salesforce user account for API access.
This field is required to subscribe to platform events, PushTopic queries, and change events, or publish messages to platform events.
To find the consumer key, perform the following steps:
- Log in to Salesforce.
- Click Create > Apps. The connected apps are displayed.
- Click the connected app. The API section displays the consumer key as shown in the following image:
Consumer Secret
The consumer secret associated with the Salesforce user account for API access.
This field is required to subscribe to Salesforce platform events, PushTopic queries, and change events, or publish messages to Salesforce platform events.
To find the consumer secret, perform the following steps:
- Log in to Salesforce.
- Click Create > Apps. The connected apps are displayed.
- Click the connected app. The API section displays the consumer secret as shown in the following image:
OAuth authentication
Use OAuth to connect to a Salesforce through an API. If you choose OAuth authentication, you enter your Salesforce developer account credentials in a Salesforce window that opens when you authenticate the connection. You do not enter your Salesforce developer account credentials in the Application Integration UI. For more information about using OAuth to authorize external applications, see the Salesforce documentation.
To authenticate the Salesforce connection using OAuth authentication, select OAuth in the Authentication Type list and configure the following properties:
Property
Description
Authorization URL
Required. Endpoint used to make OAuth authorization requests to Salesforce. The following URLs are the default production and sandbox authorization URLs:
Optional. Number of minutes after which the OAuth token expires. When this duration ends, the connection makes a token request and performs authorization again. You do not need to manually authorize the connection when the session times out.
Default is 60 minutes.
Authorization Status
The current authorization status. The name of the last user who authorized the connection and the time of authorization appears, if applicable.
Authorize Access
Required. Starts the OAuth authentication process.
Perform the following tasks:
1Click Authorize next to Authorize Access.
2In the Salesforce window that appears, enter your Salesforce developer account credentials.
3Click Allow next to the message that prompts you to authorize access.
OAuth JWT authentication
You can configure OAuth JSON Web Token (JWT) authentication in a Salesforce connection to connect to Salesforce.
Use OAuth JWT authentication to authorize servers to access data without logging in each time the servers exchange information. The OAuth JWT authentication uses a certificate to sign the JWT request and does not require explicit user interaction.
Before you configure OAuth JWT authentication, ensure that you have the keystore file and password.
To authenticate the Salesforce connection using OAuth JWT authentication, select OAuth JWT in the Authentication Type list and configure the following properties:
Property
Description
User Name
Required. Salesforce user name that has access to the connected app.
Keystore File
Required. Select a keystore file of the PKCS12 format.
Keystore Password
Required. Enter the keystore password.
Session Duration
Optional. Number of minutes after which the session expires. When this duration ends, the connected app makes a token request and performs authorization again. You do not need to manually authorize the connection when the session times out. Default is 60 minutes.
Consumer Key
Required. The consumer key associated with the Salesforce connected app.
This field is required to subscribe to Salesforce platform events, PushTopic queries, and change events, or publish messages to Salesforce platform events.
To find the consumer key, perform the following steps:
- Log in to Salesforce.
- Click Create > Apps. The connected apps are displayed.
- Click the connected app. The API section displays the consumer key as shown in the following image:
Token Request URL
Required. Endpoint used to make OAuth token requests to Salesforce. The following URL is the default production token request URL:
Required. Endpoint of the authorized servers of the intended audience for the token. The following URLs are the default production and Experience Cloud site token request URLs:
- https://login.salesforce.com
- https://site.force.com/customers
Note: To use a platform event-based Salesforce connection with OAuth JWT authentication in a process, ensure that the platform event is in the same Salesforce organization and the event is enabled. Otherwise, in the input fields of the process, instead of the connection event type, you might see the type as $any.
While configuring the Salesforce connection with OAuth JWT authentication, you might encounter the following errors:
• invalid_grant : user has not approved this consumer
To resolve this issue, you must change the OAuth policy of the connected app from All users may self-authorize to Admin approved users are pre-authorized in Salesforce.
•invalid_app_access : user is not admin approve to access this app
To resolve this issue, you must provide the connected app access to the user's profile in Salesforce.
For more information about OAuth JWT authentication, see the Salesforce documentation.