REST API Developer Guide

Introducing Lightning Platform REST API
Lightning Platform REST Resources
Using Compression
Using Conditional Requests
Using cURL in the REST Examples
Understanding Authentication
Defining Connected Apps
Understanding OAuth Endpoints
How Are Apps Authenticated with the Web Server OAuth Authentication Flow?
Understanding the User-Agent OAuth Authentication Flow
Understanding the Username-Password OAuth Authentication Flow
How Does the OAuth Refresh Token Fit Into the Authentication Flow?
Finding Additional Resources
Use CORS to Access Salesforce Resources from Web Browsers
Quick Start
Examples
Reference
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Understanding Authentication

Salesforce uses the OAuth protocol to allow users of applications to securely access data without having to reveal username and password credentials.
Before making REST API calls, you must authenticate the application user using OAuth 2.0. To do so, you’ll need to:
  • Set up your application as a connected app in the Salesforce organization.
  • Determine the correct Salesforce OAuth endpoint for your connected app to use.
  • Authenticate the connected app user via one of several different OAuth 2.0 authentication flows. An OAuth authentication flow defines a series of steps used to coordinate the authentication process between your application and Salesforce. Supported OAuth flows include:
After successfully authenticating the connected app user with Salesforce, you’ll receive an access token which can be used to make authenticated REST API calls.