The Salesforce Developers website will undergo maintenance on May 29, 2024 from 3:00 a.m. UTC to 10:00 a.m. UTC. The maintenance process may affect the availability of our documentation. Please plan accordingly.

requestToken Reference for Legacy Packages

This document applies only to API integrations in legacy packages. To get an access token for OAuth 2.0 API integrations, review Set Up Your Development Environment for Enhanced Packages.

For your authentication requests, we recommend that you use a tenant-specific endpoint, which includes your tenant’s subdomain. Find your endpoints in Installed Packages. New and existing customers on S1 through S10 can continue to use

To obtain an OAuth token, perform an HTTP POST that includes your client ID and client secret in the request body.

legacyBooleanSet to 1 to return a legacy token.

The JSON object in the request body has these properties.

| Name | Type Description | | -------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | clientID | String | Required. The ID for a Client Credentials App Key pair. | | clientSecret | String | Required. The client secret for the Client Credentials App Key pair. | | accessType | String | Set to offline to return a refresh token. | | refreshToken | String | An access token that is contextualized for your app. Refresh tokens are valid for up to 700 days and can be used only one time. Each token has a 5-minute revocation period after use, allowing for more attempts in case the service doesn't respond immediately. |

The HTTP POST with valid values for clientID and clientSecret returns two values:

  1. accessToken - An OAuth token passed to subsequent API requests.
  2. expiresIn - The expiration period of the OAuth token in seconds. The default value of 3600 seconds cannot be changed.