> ## Documentation Index
> Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Salesforce Connection

> Learn how to configure a Salesforce Connection for Infisical.

Infisical supports the OAuth 2.0 [Client Credentials](https://help.salesforce.com/s/articleView?id=xcloud.remoteaccess_oauth_client_credentials_flow.htm\&type=5) flow to connect with your Salesforce org.

## Configure a Connected App in Salesforce

<Steps>
  <Step title="Open Settings">
    In the top-right corner, click the gear icon.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/gear-icon.png" alt="Gear Icon" />

    Click the **Setup** option.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/open-setup.png" alt="Open Setup" />
  </Step>

  <Step title="Create a Connected App">
    In Salesforce Setup, search for **External Client App Manager** and select it from the results.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/search-app.png" alt="Search External Client App Manager" />

    Click **New External Client App**.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/create-connected-app.png" alt="Create External Client App" />

    Provide a name, API name, and contact email.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/basic-info-app.png" alt="Basic Information" />
  </Step>

  <Step title="Enable OAuth Settings">
    Under **API (Enable OAuth Settings)**:

    * Check **Enable OAuth**.
    * Provide a callback URL.
          <Note>
            The callback URL is only used by Salesforce's OAuth Web Server Flow. Since this External Client App is used solely to rotate secrets via the Client Credentials Flow, the callback URL is never invoked — any valid URL (e.g. `https://localhost`) works.
          </Note>
    * Add the OAuth scopes your integration requires. For secret rotation, you must select **Manage user data via APIs (api)**.
    * Check **Enable Client Credentials Flow** and **Enable Token Exchange Flow** (along with the sub-option **Require secret for Token Exchange Flow**).

          <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/oauth-scopes.png" alt="OAuth Scopes and Flow Enablement" />

    Under **Security**, enable **Require secret for Web Server Flow** and **Require secret for Refresh Token Flow**.

    Save the Connected App by clicking **Create**. It may take a few minutes for the new app to become available.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/oauth-security.png" alt="OAuth Security Settings" />
  </Step>

  <Step title="Configure the Policies">
    Go back to the **External Client App Manager** page and select the External Client App you just created. To do this, search again for **External Client App Manager**.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/created-external-app.png" alt="External created app" />

    Click the app you just created, select the **Policies** tab, and click **Edit**.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/policies-tab.png" alt="Policies Tab" />

    Under the **OAuth Policies** section, check **Enable Client Credentials Flow** and provide a username under **Run As (Username)** to specify which user the flow runs as.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/policies.png" alt="Policies" />
  </Step>

  <Step title="Copy the Consumer Key and Consumer Secret">
    Back on the **Settings** tab, go to the **OAuth Settings** section and click **Consumer Key and Secret** to open a new page where the values are displayed.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/get-secret-key.png" alt="Consumer Key and Secret Button" />

    Copy both the **Consumer Key** and **Consumer Secret** for later.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/secret-value.png" alt="Consumer Details" />
  </Step>

  <Step title="Enable access to External Client App Consumer">
    Search again for **External Client Apps** and click the **Settings** sub-option. Under **External Client App Settings**, enable **Allow access to External Client App consumer secrets via REST API**.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/allow-access.png" alt="Allow Access to Consumer Secrets" />
  </Step>

  <Step title="Identify Your My Domain URL">
    In Salesforce Setup, search for **My Domain**.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/domain-search.png" alt="Search My Domain" />

    Copy the **Current My Domain URL** (e.g. `my-org.my.salesforce.com`). This is your instance URL.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/domain-value.png" alt="My Domain URL" />
  </Step>
</Steps>

## Setup Salesforce Connection in Infisical

<Tabs>
  <Tab title="Infisical UI">
    1. Navigate to **App Connections** in your organization or project.

    2. Select the **Salesforce Connection** option.
           <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/search-infisical.png" alt="Select Salesforce Connection" />

    3. Enter your **Instance URL**, **Consumer Key**, and **Consumer Secret** from the previous section, then click **Connect to Salesforce**.
           <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/fillup-info.png" alt="Create Salesforce Connection" />

    4. Your **Salesforce Connection** is now available for use.
           <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/salesforce/app-connection.png" alt="Salesforce Connection Created" />
  </Tab>

  <Tab title="API">
    To create a Salesforce Connection, make an API request to the [Create Salesforce
    Connection](/api-reference/endpoints/app-connections/salesforce/create) API endpoint.

    ### Sample request

    ```bash Request theme={"dark"}
    curl    --request POST \
    --url https://app.infisical.com/api/v1/app-connections/salesforce \
    --header 'Content-Type: application/json' \
    --data '{
        "name": "my-salesforce-connection",
        "method": "client-credentials",
        "credentials": {
            "instanceUrl": "my-org.my.salesforce.com",
            "consumerKey": "...",
            "consumerSecret": "..."
        }
    }'
    ```

    ### Sample response

    ```bash Response theme={"dark"}
    {
        "appConnection": {
            "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "name": "my-salesforce-connection",
            "version": 1,
            "orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "createdAt": "2026-05-04T05:31:56Z",
            "updatedAt": "2026-05-04T05:31:56Z",
            "app": "salesforce",
            "method": "client-credentials",
            "credentials": {
                "instanceUrl": "my-org.my.salesforce.com"
            }
        }
    }
    ```
  </Tab>
</Tabs>
