The Salesforce Authentication Token is an important component in the authentication process for securely accessing Salesforce APIs and resources. It serves as a kind of identification, ensuring that only authorised users or applications have access to Salesforce data. The token is largely utilised in the OAuth 2.0 flow, which is the preferred mechanism for authenticating and authorising third-party apps to access Salesforce services. This post will explain how to generate a Salesforce authentication token using Postman.
Here are the primary use cases of the Salesforce Authentication Token
1. API Access
Using an access token, we can gain access to Salesforce REST or SOAP APIs. The token is supplied in the HTTP request headers to validate the request’s validity and to grant access to specified resources according to the user’s rights.
2. Single Sign-On (SSO)
In Single Sign-On implementation, the authentication token is utilised to facilitate seamless access to Salesforce and other connected applications. Users simply need to log in once with SSO, and future access to Salesforce and other linked systems is allowed instantly, eliminating the need to re-enter credentials.
3. Connected Apps
Salesforce Connected Apps are third-party applications or services that communicate with Salesforce APIs. During the OAuth 2.0 flow, connected apps use the authentication token to receive an access token. Based on the permissions given, the access token enables the app to make API requests on behalf of a user or the connected app itself.
4. Integration with External Systems
When Integrating Salesforce with other external systems, the authentication token is required. For example, if you have a web application that needs to access Salesforce data on behalf of a user, you can grant the appropriate access using the OAuth 2.0 procedure and the authentication token.
Let us generate an authentication token using POSTMAN.
- Set up a connected app in Salesforce
- Get the Consumer Key and Secret
- Add User for Connected App
- Create a Postman request to get the access token
1. Set up a connected app in Salesforce
Salesforce Connected Apps is a technique to enable and manage the safe integration of external apps or services with Salesforce. They are a component of Salesforce’s Identity and Access Management architecture that uses the OAuth 2.0 authentication protocol. To create a connected app in Salesforce navigate to
Setup > App Manager > New Connected App.
We need to specify a connected app name, and an email and ensure to Enable OAuth Settings. Additionally, we need to select the required OAuth Scopes.
Put callback URL– https://oauth.pstmn.io/v1/callback
Selected OAuth Scopes – select Manage user data via Web browsers (web), Perform requests at any time (refresh_token, offline_access) and Access unique user identifiers (opened)
Save the connected app. It might take 2-10 minutes to take effect. It will give Consumer Key & Secret. We will use this Consumer Key & Secret in the POSTMAN setting.
2. Get the Consumer Key and Secret
Once the connected app is saved, it will generate the consumer key and secret. Click on the Manage Consumer Details button on the connected app page. It will ask for a verification code which will be sent by email. After verification, it will show consumer detail in another window.
3. Create a User for Connected App
Create a user for the connected app which will help us in managing security on Salesforce Object. We should create special users only for API integration. Check out the help documentation to create a secure user Create a secure Salesforce API user.
4. Create a Postman request to get the access token
Now let us create a Postman request to get the access token. Open Postman and create a new POST request.
Authentication URL: https://login.salesforce.com/services/oauth2/token or
https://test.salesforce.com/services/oauth2/token for sandbox org.
In the Body tab set the below details
password: YOUR_SALESFORCE_PASSWORD + YOUR_SALESFORCE_SECURITY_TOKEN
YOUR_SALESFORCE_SECURITY_TOKEN with actual Salesforce credentials.
It will generate access_token, instance_url, and token_type. This token can be used for Salesforce API access.
If you are getting an Invalid_Grant – Authentication Failure error then you can try the below tips
- try putting/removing a security token with a password
- Enable Allow OAuth Username-Password Flows in OAuth and OpenID Connect Settings
- Check Login History for Error.