Salesforce
Connect to Salesforce orgs with OAuth 2.0 for CRM data and Chatter API access.
Auth Model
Installation + User OAuth
Dual-credential model. An App is first installed into an organization or workspace (yielding an installation credential), then individual users authorize within that installation context (yielding user credentials). Authpipe manages both lifecycles.
Connection Flow
// Get the bot/app token (installation-level) const { credential: botToken } = await authpipe.getCredential({ provider: 'salesforce', tenantId: 'org_acme', credentialFor: 'installation', }); // Get a user-level token const { credential } = await authpipe.getCredential({ provider: 'salesforce', tenantId: 'org_acme', userId: 'user_123', credentialFor: 'user', });
// Both credentials are always valid — Authpipe handles refresh // Install the App into a workspace <InstallButton provider="salesforce" onInstall={(inst) => console.log('Installed!', inst)} />
Available Scopes
Permissions you can request when connecting to Salesforce.
api Access to Salesforce REST, SOAP, Bulk, and Streaming APIs
refresh_token Allow refresh tokens for offline access (alias: offline_access)
full Full access to all Salesforce data accessible by the user
chatter_api Access to the Chatter REST API for social collaboration
id Access to the identity URL service for user profile info
profile Access to the user's profile information (name, email, photo)
email Access to the user's email address
openid OpenID Connect authentication; access to the user's unique identifier
web Access to the web UI via the access token (allows web-based login)
custom_permissions Access to the user's custom permissions in the connected app
visualforce Access to Visualforce pages
content Access to Salesforce CRM Content data
cdp_query_api Access to the Data Cloud Query API
wave_api Access to the Analytics (Wave) REST API
eclair_api Access to the Einstein Analytics API
pardot_api Access to the Pardot API for marketing automation
api Access to Salesforce REST, SOAP, Bulk, and Streaming APIs
refresh_token Allow refresh tokens for offline access (alias: offline_access)
full Full access to all Salesforce data accessible by the user
chatter_api Access to the Chatter REST API for social collaboration
id Access to the identity URL service for user profile info
profile Access to the user's profile information (name, email, photo)
email Access to the user's email address
openid OpenID Connect authentication; access to the user's unique identifier
web Access to the web UI via the access token (allows web-based login)
custom_permissions Access to the user's custom permissions in the connected app
What Authpipe handles for Salesforce
OAuth Orchestration
PKCE, state validation, callback handling, and provider-specific quirks — all automatic.
Encrypted Vault
AES-256-GCM encryption with per-tenant key isolation. OAuth tokens, API keys, and webhook secrets — never exposed to the frontend.
Silent Refresh
Proactive token refresh before expiry. SDK returns from local cache with zero latency.
Health Monitoring
Scheduled checks detect revoked tokens and expired credentials before users notice.
More CRM providers
Apollo
Access prospect data and manage sales engagement through Apollo using API key authentication.
Attio
Manage contacts, companies, and deals through Attio CRM using OAuth authentication.
Capsule CRM
Manage contacts, sales opportunities, and cases through Capsule CRM.
Close
Manage leads, contacts, and sales activities through Close CRM.
Ready to connect Salesforce?
Get your first 100 connections free. Set up in minutes with our SDK.