Salesforce
Salesforce CRM via OAuth — one-click redirect, or username-password with your own Connected App.
Fields
| Field | Description | Required |
|---|---|---|
| Consumer Key | The Connected App’s OAuth consumer key (client ID). | Yes |
| Consumer Secret | The Connected App’s OAuth consumer secret (client secret). | Yes |
| Username | The Salesforce login username (an email). | Yes |
| Password | The Salesforce login password. | Yes |
| Security Token | Appended to the password. From Salesforce → Settings → Reset My Security Token. Not needed if your IP is in the org’s trusted range. | No |
| Sandbox | Toggle on to authenticate against test.salesforce.com instead of login.salesforce.com. | No |
Two ways to connect
- Connect with Salesforce (recommended) — a one-click OAuth redirect. Click Connect Salesforce, log in, and approve. Falcon Builder stores a refresh token and mints access tokens automatically. Toggle sandbox before connecting for a sandbox org. (Requires the deployment to have a Salesforce Connected App configured.)
- Username & password (advanced) — bring your own Connected App and use the username-password OAuth flow. Use this if the redirect flow isn't available for your org. Steps below.
Username-password setup
- Step 1: In Salesforce, go to Setup → App Manager → New Connected App. Enable OAuth settings, set any callback URL (it's unused by this flow), and add the OAuth scopes
apiandrefresh_token, offline_access. - Step 2: Save, then copy the Consumer Key and Consumer Secret from the app's API section.
- Step 3: Get your Security Token from Settings → Reset My Security Token (emailed to you). Skip this if your IP is in the org's trusted range.
- Step 4: In Falcon Builder, go to Dashboard → Credentials → Add Credential, pick Salesforce, and enter the consumer key/secret, username, password, and security token. Toggle Sandbox for a sandbox org.
- Step 5: Click Test Connection — we perform a real token exchange to confirm everything works.
How authentication works
OAuth (redirect): after you authorize, Falcon Builder stores a refresh token and the instance URL. On each execution it mints a short-lived access token from the refresh token using the platform Connected App — access tokens are never persisted.
Username-password: on each execution Falcon Builder POSTs your Connected App credentials plus username and (password + security token) to the org's token endpoint and receives a short-lived access token and instance URL. Nothing token-related is stored.
Sandbox & My Domain
Turn on Sandbox to authenticate against test.salesforce.com. If your org enforces a My Domain login host, set the optional Login URL to that domain (e.g. https://yourco.my.salesforce.com).
Troubleshooting
invalid_granton test usually means a wrong password/security token, or the org has the username-password flow disabled. Reset the security token, or have an admin allow the flow (or relax IP restrictions for the Connected App).- If you rotated your password, regenerate and update the security token too — it changes with each password reset.