Skip to main content
This guide shows you how to register your own app with Salesforce Sandbox to obtain your OAuth credentials (client id & secret). These are required to let your users grant your app access to their Salesforce Sandbox account.

Understanding Salesforce Sandbox

Salesforce Sandbox is a separate environment from Salesforce production accounts. If you or your end-users are authorizing a Salesforce sandbox account, you must use the salesforce-sandbox integration in Nango.
Your Salesforce Developer Edition account is not a Salesforce sandbox! Use it with the regular salesforce connector.

Getting Started with Salesforce

If you don’t already have a Salesforce account, you can get a free Salesforce Developer Edition here. This gives you a free Salesforce account to test your integration.

Creating a Connected App

To create a Connected App in Salesforce Sandbox and obtain your OAuth credentials, follow the same setup process as the regular Salesforce integration, but use the Salesforce Sandbox URL (https://test.salesforce.com) instead of the regular Salesforce URL. The key differences for Salesforce Sandbox:
  • Use https://test.salesforce.com as your base URL
  • Use the salesforce-sandbox integration in Nango
  • Your sandbox credentials are separate from production credentials

Connection Configuration in Nango

Salesforce uses a different API base URL, called the instance_url, for each customer. Nango automatically retrieves the instance_url (e.g. https://yourInstance.salesforce.com/) from Salesforce and stores it in the Connection config for you. If you use the Nango Proxy, it is automatically using the correct API base URL. But, if needed, you can retrieve the instance_url with the backend SDK or Connections API.

Important Considerations

OAuth Credentials Naming

Salesforce calls the client_id and client_secret as Consumer Key and Consumer Secret.

Enabling Offline Access

To enable offline data access with a refresh token, add the refresh_token (or its synonym, offline_access) scope. By default, access tokens expire in ~2h (but customers can configure this value). Also, check the “Introspect All Tokens” checkbox in your OAuth app settings on the Salesforce developer portal. Salesforce doesn’t share the expiration date of access tokens, so Nango needs to call the Salesforce API to check if access tokens are valid.

OAuth Scopes

For details on available OAuth scopes, see Salesforce’s overview of OAuth scopes.

Troubleshooting Invalid Client ID Errors

If you encounter an error in your flow that says invalid_client_id, make sure your (developer) User’s password does not contain any special characters (yes, really.)

Additional Resources

For more details on Salesforce’s OAuth implementation: