In the Summer ’20 Release, Pardot added a more modern, consistent, and secure method for authenticating to the Pardot API. The newly supported authentication method allows customers to leverage the familiar Salesforce OAuth flows using your Salesforce users, no longer requiring a one-off Pardot only user.
If you have current API integrations, please pay close attention since we are asking you to migrate to this new authentication by the Spring ’21 release as part of the Pardot User Migration initiative. The initiative’s overall goal is to increase security to protect your data and enable your admins to manage all users from one location – no longer needing to hop around to effectively manage your user base.
In the following sections, we’ll show you everything you need in order to leverage this new authentication method:
A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols like OAuth. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps. To put it simply, a connected app is a representation of an external application integration.
To set up a connected app, you will need to have Salesforce admin access to follow these steps:
Congratulations! You just configured your connected app. The above setup just scratches the surface of connected apps. If you’d like to learn more, like how to restrict access to certain users, then we recommend reviewing the following resources:
Now that you have a connected app, let’s gather the details that will be needed for integration.
The primary details are:
Since the above information is sensitive, particularly the Connected App’s Consumer Secret and Salesforce User Credentials, please consider how to securely share these details with other team members. They should not be shared outside of your organization or published to a public source code repository.
To find the Consumer Key & Secret, follow these steps:
Note: If you just completed the “Setup a Connected App” section, then you can just click “Continue” on the post-save screen and skip to step four.
To find the Pardot Business Unit, follow these steps:
For the integration user, we recommend creating a unique user for each specific app integration.
Salesforce provides many different OAuth flows to meet your specific security and integration needs. We’re going to show you an example leveraging the Web Server OAuth flow. This flow is appropriate when you want the end-user to enter credentials to authorize the integration and you don’t want to store the credentials on your system since it could be a security risk. To learn more about the options and find the best flow for your integration, please refer to Salesforce OAuth Help Documentation.
In order to use Web Server OAuth flow:
https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9IHf89I1t8hrvswazsWedXWY0i1qK20PSFaInvUgLFB6vrcb9bbWFTSIHpO8G2jxBLJA6uZGyPFC5Aejq&redirect_uri=https://my.example.com/myapp&scope=pardot_api
https://my.example.com/myapp?code=aPrx4sgoM2Nd1zWeFVlOWveD0HhYmiDiLmlLnXEBgX01tpVOQMWVSUuafFPHu3kCSjzk4CUTZg==
POST /services/oauth2/token HTTP/1.1 Host: login.salesforce.com Content-type: application/x-www-form-urlencoded grant_type=authorization_code& code=aPrxhgZ2MIpkSy0aOdn07LjKFvsFOis6RGcWXz7p8JQCjcqfed5NQLe7sxWwMY_JQFuLwHRaRA==& client_id=3MVG9IHf89I1t8hrvswazsWedXWY0iqK20PSFaInvUgLFB6vrcb9bbWFTSIHpO8G2jxBLJA6uZGyPFC5Aejq& client_secret=*******************& redirect_uri=https://my.example.com/myapp
{ "Access_token": "00DB0000000TfcR!AQQAQFhoK8vTMg_rKA.esrJ2bCs.OOIjJgl.9Cx6O7KqjZmHMLOyVb.U61BU9tm4xRusf7d3fD1P9oefzqS6i9sJMPWj48IK", "signature": "d/SxeYBxH0GSVko0HMgcUxuZy0PA2cDDz1u7g7JtDHw=", "scope": "pardot_api", "instance_url": "https://example.salesforce.com", "id": "https://login.salesforce.com/id/00DB0000000TfcRMAS/005B0000005Bk90IAC", "token_type": "Bearer", "issued_at": "1558553873237" }
Once a user follows your authentication flow, your application should have an access token. To update your Pardot request there are just two small header changes to make:
GET 'https://pi.pardot.com/api/prospect/version/4/do/query?format=json' Host: pi.pardot.com Authorization: Bearer 00DB0000000TfcR!AQQAQFhoK8vTMg_rKA.esrJ2bCs.OOIjJgl.9Cx6O7KqjZmHMLOyVb.U61BU9tm4xRusf7d3fD1P9oefzqS6i9sJMPWj48IK Pardot-Business-Unit-Id: 0UvB0000000TN1tKAG
Once you have made those changes and done some regression testing you have completed the process of migrating your application’s use of the Pardot API to leverage Salesforce OAuth. Well done!
Below are some helpful tips and best practices to help make your integration go smoothly.
Hopefully, you now feel confident in updating your Pardot API integrations to leverage Salesforce OAuth flows and creating new integrations that use them as well. More importantly, you now have more knowledge to help prepare for the Pardot User Migration due by the Spring ’21 release. I also recommend learning more about all the great Connected App capabilities and Salesforce OAuth options as there is a lot we couldn’t cover in this blog post.
Noshir Patel is a Pardot Lead Software Engineer. He focuses on developing Pardot’s API framework and lead the Salesforce OAuth integration. You can follow him on LinkedIn.
Christopher Cornett is a Pardot Senior Product Manager. He focuses on API & Web Tracking capabilities. You can follow him on LinkedIn.