Salesforce REST API

This post will describe the Salesforce Rest API and how to get the usage from the Salesforce Rest API using a connected app.

Don’t forget to check out: Salesforce to Salesforce Integration using Rest API Callouts

Salesforce implements the OAuth in order to authenticate soap and rest calls with the client. So I will describe with the simple steps, how to create a Salesforce app that exposes outside clients to authenticate and call rest methods.

First, you need to create a Salesforce developer account if you don’t have a developer account or sandbox account. If you don’t have a developer account go with the following link and create an account. It’s free. Salesforce Developer

Once you create the developer account go to Salesforce Login and login with your credentials. Navigate to Setup and type app and you will be able to find Apps section and click the link. So now you will be able to find the Connected Apps section and click New. What we doing here is creating a connected app and that app will be exposed to outside to authenticate and call rest API.

So you can insert Connected App Name, API Name, Contact Email and make sure you have checked Enable OAuth Settings in API (Enable OAuth Settings). We can ignore other fields for the moment since we are going to make a basic app to call rest API. Once you click the Enable OAuth Settings checkbox you have to fill Callback URL, that value will return if the request success.

So you can set Salesforce Login for the Callback URL. For the Selected OAuth Scopes Give Full access(full). If you need to set the permission for the API requests you can set it here. And click Save, it will take 2- 10 minutes to make those changes take effect.

creating app

Once you click Continue you will be able to see a screen the same as below screen.

connecte app2

We have created the Connected App. So now we can make rest calls to Salesforce from outside via the connected app. Here we are using Username-Password OAuth Authentication Flow to authenticate with our connected app, therefore we need to send grant_type, client_id, client_secret, username, password parameters with the request. We have created a Connected App, so now we need to make requests through the rest API.So as I mentioned earlier we need grant_type, client_id, client_secret, username, password parameters to authenticate with the Salesforce in order to call to the endpoint And that request should be a POST request.

What will happen here is once we send that POST request with the parameters if it is a successful authentication it will return an access token. This access token is the same as the session id. After that each and every request we need to attach the access token in the header. Then each request Salesforce validates the access token and if it is validated successfully it will return the requested data. If the validate fails salesforce returning 401 unauthorized response. As you know the session has expired time. As same as the Salesforce access token has expired time. You can change access token settings by clicking the Connected App's manage button then the edit button.

Here you can customize the Refresh Token Policy and it including the refresh token time out and many more. If the access token expires, then that access token is no more valid, so we need to request for a refresh token via OAuth endpoint along with the old access token/refresh token. Once you authenticate with the salesforce you will be able to do lots of things via the rest API. As an example we can call GET, POST, PUT, PATCH, DELETE, HEAD Http methods on the rest ap. I have mentioned some get services exposed in Salesforce REST API.


So now I will show you how to call for a Salesforce Rest API through the postman chrome extension. Here I choose postman because it is really easy to test rest API. There are many more great tools to make requests.

You can download postman rest clients by clicking the following link. Postman
Once you download then go the postman page by clicking postman extension. And paste below URL in the place holder called Enter request URL here and set HTTP method to POST. Then click the URL params button and add the following parameters.

  • grant_type: password
  • client_id: 'Connected app's Consumer Key'
  • client_secret: 'Connected app's Consumer Secret'
  • username: 'your salesforce username'
  • password: 'your salesforce password + security token'

Please see below the screen to get client_id and client_secret. You need to get a security token by clicking My settings -> Personal -> Reset Security Token. This will send the security token by email.

select_secret Now you got everything to call to salesforce OAuth endpoint. So you need to set all parameters as below screen in postman.


So click send, If the endpoint name and method, parameters are correct you will receive an access token.


Common Issues:

When you coping client-secret or client_id you will copy the text with some spaces. So make sure client-secret or client_id has no spaces. Didn't append security token with the password. Make sure you have paste security token after the password in the password parameter. Didn't change the HTTP method to POST. Make sure you are sending a POST HTTP request after receiving the access token we will be able to make requests and get data from the salesforce via the rest API.

When we making a request we need to add Authorization header in each and every request that including the access token. If the access token is missing, invalid, or expired we will get a 401 Unauthorized response. The header value should be as below. There should be a space between OAuth and access token.

Authorization OAuth access_token

Salesforce Rest API has another very useful service to make queries through the request. So we will try to make a select query to get all the accounts in salesforce.

Sample service:

            Destination URL not reset. The URL returned from login must be set

Now I’m going to get all accounts in Salesforce by using ‘SELECT Id, Name FROM Account LIMIT 10’ query. Here getting only 10 records because considering the salesforce governor limits and best practices.

Therefore I need to send the below request to get data with the Authorization header:

            Destination URL not reset. The URL returned from login must be set

Below the screen, you can see the related postman request.


So you will be able to do lots of things through the rest API. As an example If you need to make pagination, Salesforce supports the offset keyword to return data with the pagination. refer below link for that.

SOQL and SOSL Reference

You will be able to do crud operations and many more with the rest API and its lightweight and easy to use.

Please send me your suggestions, any comments or any clarification on this.



  1. Hi,

    Thank you for your post.
    i can access it by postman but when i directly calling the url on browser then i am getting error

    <error_description>must use HTTP POST</error_description>

    Can we directly access it by url in brower or not? if yes then what i need to do next?

    Thanks in advance!


    Rahul kumar

Comments are closed.

Popular Salesforce Blogs