Skip to content

Salesforce credentials#

You can use these credentials to authenticate the following nodes:

Supported authentication methods#

  • JWT
  • OAuth2

Refer to Salesforce's developer documentation for more information about the service.

Using JWT#

To configure this credential, you'll need a Salesforce account and:

  • Your Environment Type (Production or Sandbox)
  • A Client ID: Generated when you create a connected app.
  • Your Salesforce Username
  • A Private Key for a self-signed digital certificate

To set things up, first you'll create a private key and certificate, then an external client app:

  1. In n8n, select the Environment Type for your connection. Choose the option that best describes your environment from Production or Sandbox.
  2. Enter your Salesforce Username.
  3. Log in to your org in Salesforce.
  4. You'll need a private key and certificate issued by a certification authority. Use your own key/cert or use OpenSSL to create a key and a self-signed digital certificate. Refer to the Salesforce Create a Private Key and Self-Signed Digital Certificate documentation for instructions on creating your own key and certificate.
  5. From Setup in Salesforce, enter App Manager in the Quick Find box, then select App Manager.
  6. On the App Manager page, select New Connected App.
  7. Select New External Client App.
  8. Enter the required Basic Info for your connected app, including a Name and Contact Email address. Select Local as Distribution State. Refer to Salesforce's Create a Local External Client App documentation for more information.
  9. In the OAuth Settings area of the page, select Enable OAuth.
  10. For the Callback URL, enter http://localhost:1717/OauthRedirect.
  11. Add these OAuth scopes:
    • Manage user data via APIs (api)
    • Manage user data via Web browsers (web)
    • Perform requests at any time (refresh_token, offline_access)
  12. To configure JSON Web Token (JWT)-based access tokens, enable the JWT Bearer Flow.
  13. Select Choose File and upload the file that contains your digital certificate, such as server.crt.
  14. Select Save to save your external client app settings.
  15. After saving, you can retrieve the Consumer Key (also known as Client ID) from the external client app's settings.
  16. Copy the Consumer Key and add it to your n8n credential as the Client ID.
  17. Enter the contents of the private key file (that you created together with the digital certificate) in n8n as Private Key.
    • Use the multi-line editor in n8n.
    • Enter the private key in standard PEM key format: 
      1
2
3
      -----BEGIN PRIVATE KEY-----
KEY DATA GOES HERE
-----END PRIVATE KEY-----

These steps are what's required on the n8n side. Salesforce recommends setting refresh token policies, session policies, and OAuth policies too:

  1. In Salesforce, within your External Client App select Tab Policies.
  2. Click Edit.
  3. Review the OAuth Policies Section. Salesforce recommends using expire refresh token after 90 days.
  4. In the Session Policies section, Salesforce recommends setting Timeout Value to 15 minutes.
  5. In the OAuth Policies section, select Admin approved users are pre-authorized for permitted users for Permitted Users, and select OK.
  6. Select Save.
  7. Ensure your User is assigned to the Profile or Permission set you put under Selected Profiles or Selected Permission Sets that are pre-authorized to use this connected app.

Refer to Salesforce's Create a Connected App in Your Org documentation for more information.

Using OAuth2#

To configure this credential, you'll need a Salesforce account.

Note for n8n Cloud users

Cloud users don't need to provide connection details. Select Connect my account to connect through your browser.

Cloud and hosted users will need to select your Environment Type. Choose between Production and Sandbox.

If you're self-hosting n8n, you'll need to configure OAuth2 from scratch by creating a connected app:

  1. In n8n, select the Environment Type for your connection. Choose the option that best describes your environment from Production or Sandbox.
  2. Enter your Salesforce Username.
  3. Log in to your org in Salesforce.
  4. From Setup in Salesforce, enter App Manager in the Quick Find box, then select App Manager.
  5. On the App Manager page, select New Connected App.
  6. Enter the required Basic Info for your connected app, including a Name and Contact Email address. Refer to Salesforce's Configure Basic Connected App Settings documentation for more information.
  7. Check the box to Enable OAuth Settings.
  8. For the Callback URL, enter http://localhost:1717/OauthRedirect.
  9. Add these OAuth scopes:
    • Manage user data via APIs (api)
    • Manage user data via Web browsers (web)
    • Perform requests at any time (refresh_token, offline_access)
  10. Make sure the following settings are unchecked:
    • Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows
    • Require Secret for Web Server Flow
    • Require Secret for Refresh Token Flow
  11. Select Save, then Continue. The Manage Connected Apps page should open to the app you just created.
  12. In the API (Enable OAuth Settings) section, select Manage Consumer Details.
  13. Copy the Consumer Key and add it to your n8n credential as the Client ID.
  14. Copy the Consumer Secret and add it to your n8n credential as the Client Secret.

These steps are what's required on the n8n side. Salesforce recommends setting refresh token policies and session policies, too:

  1. In Salesforce, select Back to Manage Connected Apps.
  2. Select Manage.
  3. Select Edit Policies.
  4. Review the Refresh Token Policy field. Salesforce recommends using expire refresh token after 90 days.
  5. In the Session Policies section, Salesforce recommends setting Timeout Value to 15 minutes.

Refer to Salesforce's Create a Connected App in Your Org documentation for more information.