SFDC Stop - Always the latest about Salesforce


Full Tutorial Series with videos, free apps, live sessions, salesforce consulting and much more.


Telegram logo   Join our Telegram Channel

Friday, 4 January 2019

How to connect to Salesforce with Postman ?

Ever tried to work with APIs ? In this post, I am going to tell you that how you can connect to your own salesforce org's with postman.

What is Postman ?

Postman is an API development environment which is used to test an API, create and run automated tests, examine responses and do a lot more stuff. As a Salesforce Developer or Admin, you can use postman to test APIs and their responses. So, let's see how to setup postman to test your APIs.

Setting up Salesforce

First of all, we need to setup a connected app in our org. To do so, follow the steps below:-

1. In your Salesforce org, go to setup and search for app. You'll have an option of apps under Build->Create as shown below:-


2. Click on apps and that will open a new page with Apps, Subtab Apps and Connected Apps. You need to go to the Connected Apps section and click New.


3. You'll see another page of New Connected App as shown below:-


4. In the form, enter Connected App Name, API Name and Contact Email. I am using Test Postman as the connected app name, the API name is automatically populated as Test_Postman and I have added my email id in the contact email field.

5. You don't need to fill any other information, In the API (Enable OAuth Settings) section click on:- Enable OAuth Settings checkbox. As you click on that, you'll see some more fields appear as shown below:-


6. This is quite similar to when we make a connected app at any 3rd party server which is used for server to server communication, as we're going to use postman so the Callback URL doesn't affect us. You can write any URL there. It is basically the URL where the authorization code will be sent in case of OAuth. I have used https://www.salesforce.com

7. Under the Selected OAuth Scopes section, choose Access and manage your data (api) and move it from the Available OAuth Scopes to the Selected OAuth Scopes section. It is basically a choice of which APIs you want to use like if you want to use chatter api, you need to add it to the Selected OAuth Scopes section and similar approach for any other api.

8. To access standard Salesforce APIs to deal with our data and for any custom APIs too that we make in apex, the Access and manage your data (api) is enough for us as I am going to use system administrator credentials.

9. Leave other options as it is and click on Save. You'll see the below screen:-


10. Click on Continue button and you'll be taken to the below page:-


11. As you can see in the above image, we've Consumer Key and Consumer Secret which is present in the API (Enable OAuth Settings) section. The consumer key will be visible to you directly and for the consumer secret click on Click to reveal link and it'll be displayed there.

You've completed the Salesforce part and now it's time to move on to our postman stuff.

Setting Up Postman

To setup postman, follow the below steps:-

1. Go to https://www.getpostman.com/apps and download postman for your operating system. Install it in your OS.


2. Once you've postman installed, open it and you'll have a screen as given below:-


3. To connect with our Salesforce org, we've two options:- Authorization Code Flow and Username Password Flow. We're going to use Username Password flow now.

4. Next step is to get the access token. If you're connecting with your developer org, use:- https://login.salesforce.com/services/oauth2/token as the URL to get the access token however, if you're using a sandbox, you can use https://test.salesforce.com/services/oauth2/token as the token URL.

5. Set the request method to POST and in the body tab, you need to enter some values as shown below:-


6. Make sure that the form-data radio button is selected. Now we need to add 5 key-value pairs as shown in the above image and given below:-

  • Key:- username | Value:- <your login username for org>
  • Key:- password | Value:- < your orgs login password>
  • Key:- grant_type | Value:- password
  • Key:- client_id | Value:- <consumer key of your salesforce org's connected app>
  • Key:- client_secret | Value:- <consumer secret of your salesforce org's connected app>
Add all the values and click on Send, you may or may not see the output as shown in the above image. It says:-

{
    "error": "invalid_grant",
    "error_description": "authentication failure"
}

If you got the successful response, you'll get the access_token in the JSON and you can skip to the Hitting the Standard Salesforce API section below. However if above is the case, you need to append your security token along with the password. If you have a security token, use that otherwise, to get a new security token, click on your username and click on My Settings. You'll be taken to the below page.


In the search bar on the left write:- reset and you'll see an option showing Reset My Security Token click on that and you'll be taken to the below page:-


Click on Reset Security Token button and you'll be taken to the below page:-


Check your email now which is associated with your salesforce org and you'll get the new security token there. The security token is case sensitive, so copy that from your mail and append it along with your password in postman. For ex:- if your password is iamawesome and your token is 123123123 then in the password key of your postman request, the value should be your password concatenated with security token i.e. iamawesome123123123. Click on the Send button again and you'll have the response as shown below:-


As you can see in the above image, you'll have a JSON response as follows:-

{
    "access_token": "<your-access-token>",
    "instance_url": "<your-org-base-url>",
    "id": "https://login.salesforce.com/id/<id>/<id>",
    "token_type": "Bearer",
    "issued_at": "<timestamp>",
    "signature": "<unique-signature-code>"
}

Copy the access token as we're going to use this in the subsequent requests to salesforce.

Hitting a standard Salesforce API

Now, for a demo, let's query our accounts from Salesforce Org using postman. This time, you need to make a request to your instance URL. The instance URL is basically the base URL of your org. For Ex:- My instance URL of developer org is:- https://ap5.salesforce.com/

You can explore the REST API developer guide for standard APIs. Like now I need to query, so I am able to find the documentation at:- https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_query.htm

API versions are continuously upgraded, I am using v42.0 and a simple query i.e. SELECT Name, Type FROM Account. This is going to be a GET request and in the header I'll set the key:- Authorization and Value:- Bearer<space><access-token> as we have the access token type of bearer (from the previous JSON response).

The URL I am going to hit is:- https://ap5.salesforce.com/services/data/v42.0/query/?q=SELECT+Name,Type+FROM+Account

So, we have the final request and response on clicking Send as given below:-


In the response, you can see in the image above that I have the records array that consists of the field I queried i.e. the name and type of Accounts present in the org.

Congratulations..!! You have successfully setup postman for your org.

Note:- The access token has a validity of few hours and in case it expires, you need to follow the same steps to get a new access token so it's better to save that request. You can use the new access token by replacing the previous one in the header to hit APIs and communicate with your salesforce org.

If you liked this blog, make sure to share it in your network and let me know your views in the comments section below.

Happy Trailblazing..!!

56 comments:

  1. Thank you for this. Great tutorial. Im new to Salesforce and especially this API thing. But this was an awesome tutorial. Very clear. Now I want to repeat the same thing, but just from my Java code :)

    ReplyDelete
    Replies
    1. Hi Simon,

      Great to see that you liked it :-) and sure, give it a try..!!

      Delete
  2. Thanks Rahul, this was very useful. I just wanted to know whether we can create custom apps, objects via REST API

    ReplyDelete
    Replies
    1. You can do that using the metadata api. It's the same case as we do deployments using Salesforce DX or ANT.

      Delete
  3. Can we Implement Through PHP Curl if Yes please let me know How are any resource with respect to that

    ReplyDelete
    Replies
    1. Hey Sowmya, you can simply make requests using php curl like you're doing here with postman. No difference will be there as such. However, you can also try guzzle which is a good php library for callouts. Hope that helps :-)

      Delete
  4. HI Rahul,

    Have you created any outbound call API's with any external systems?If yes, please share me the URL.

    thanks,
    Reddy

    ReplyDelete
    Replies
    1. Hi Reddy,

      I have published an integration tutorial series that may help you. Please have a look at that. If you're looking specifically for apex callout, you can have a look at this:- https://www.sfdcstop.com/2019/12/salesforce-integration-tutorial-part-8.html

      Delete
  5. Thank you Rahul. This is very useful. Can I use to connect Salesforce from Postman using just username and password. It can be found under the section called "basic auth".

    ReplyDelete
    Replies
    1. No, salesforce doesn't support basic authentication. In case of a custom implementation scenario you can implement that on your own using site.

      Delete
  6. Hi
    I am trying with sand box url https://test.salesforce.com/services/oauth2/token .
    I have passed all the five fields username, password(password+token), grant_type,client_id and client_secret but still getting error.
    {
    "error": "invalid_grant",
    "error_description": "authentication failure"
    }

    ReplyDelete
    Replies
    1. Hi, Please make sure there are no whitespaces in any of your inputs and try again.

      Delete
  7. Hi Rahul,
    I tried your steps. But even after with security access token it gives the same error. Could you please help me to fix this issue.

    ReplyDelete
    Replies
    1. Hi Kalpana, Which error are you talking about ? Can you please specify in detail ?

      Delete
  8. Hi,

    Generating security tokens takes more time(16 min) , how to avoid this scenario
    from salesforce any suggestions pls

    ReplyDelete
    Replies
    1. Hi Ashok, 16 minutes are you sure ? As usually even when we do callouts from salesforce there is a timeout after 2 minutes. What scenario are you talking about in which it's taking that much time ? Can you explain in detail ?

      Delete
  9. Hi Rahul and congratulations for the guide ... but I have a problem after receiving the authentication token, when I go to send your example query, the answer I get is always:
    "message": "Session expired or invalid",
    "errorCode": "INVALID_SESSION_ID".
    this both if i use ap5.salesforce.com and if i use test.salesforce.com ..... suggestions?
    Thanks a lot and congratulations again.

    ReplyDelete
    Replies
    1. Hi,

      Please make sure you're having the Authorization header with value:- Bearer[space][access_token] and also that you're sending the request to your instance url only. The instance url is also received in the response from the login request that you make.Check my login response, it's having the key [instance_url] in the second last image, in my case it's ap5.salesforce.com, your's may be different.

      Delete
  10. Hi,

    I receive this error:
    [
    {
    "errorCode": "METHOD_NOT_ALLOWED",
    "message": "HTTP Method 'GET' not allowed. Allowed are PUT,POST,DELETE"
    }
    ]

    I don't know why, I request it as a POST and the web service in salesforce has an HttpPost method. The same web service have HttpPut and HttpDelete and these do work well. What can be?

    ReplyDelete
    Replies
    1. Hi, this error usually means that you're sending a GET request to the endpoint like while fetching the token whereas you should send POST. Please DM me on telegram to share more details about this error with screenshots, only then I can help. You can post it in our group here:- https://t.me/sfdcstopdiscuss

      Delete
  11. Thanks Rahul! It's really helpful! Very clear steps with pictures and details.

    ReplyDelete
    Replies
    1. Glad to know that it helped :-) Do share it among others too..!!

      Delete
  12. Hi Rahul,

    Its great tutorial. you made it to so simple to understand. Appreciate your time on this.

    Regards
    Naveen

    ReplyDelete
    Replies
    1. Happy to know that you liked it Naveen. Thank you :-)

      Delete
  13. @rahulmalhotra....Its giving me error can you guide me in knowing my instance. I guess i have mydomain installed already in my org and cant find instance. Please guide here

    ReplyDelete
    Replies
    1. Hi, I think you can use your my domain instead of login.salesforce.com or test.salesforce.com and it should work fine. In other case you can use the nslookup command to find your instance. Have a look here for more info:- https://help.salesforce.com/articleView?id=000322728&language=en_US&type=1&mode=1

      Delete
  14. @rahulmalhotra Hello, thanks for your post. It's really helpful for me. But I notice one thing, which not working for me. In paragraph 6 You write: "Make sure that the form-data radio button is selected" But for me it's only work, when I switched to x-www-form-urlencoded. Can you explain, why it is happens?

    ReplyDelete
    Replies
    1. Hi, In particular there is not much difference but the urlencoded allow you to send only text data but the form-data will allow you to send even binary data when you're making a POST request that's why I insisted on using form-data and I guess it should work fine with both. Can you try with another org once and let me know if you're unable to use form-data in that too ?

      Delete
  15. Thanks Rahul, very descriptive blog.
    I followed step by step blog but getting below error, can you please help me:
    {
    "error": "unsupported_grant_type",
    "error_description": "grant type not supported"
    }

    ReplyDelete
    Replies
    1. Hi Vivek, please make sure you've set the grant type as password, you've appended the security token and also that you've no whitespaces in your inputs.

      Delete
  16. Iam getting
    [
    {
    "message": "Session expired or invalid",
    "errorCode": "INVALID_SESSION_ID"
    }
    ]

    ReplyDelete
    Replies
    1. Hi,

      Please make sure you're having the Authorization header with value:- Bearer[space][access_token] and also that you're sending the request to your instance url only. The instance url is also received in the response from the login request that you make.Check my login response, it's having the key [instance_url] in the second last image, in my case it's ap5.salesforce.com, your's may be different.

      Delete
  17. Hi Rahul,

    This is very useful. I am preparing for Platform Developer and getting to learn a lot from here.
    Thanks for making it simple to understand

    Regards,
    Kiran

    ReplyDelete
    Replies
    1. So happy to know that it's helping to prepare for your PD1 Kiaran :-) All the best and keep learning..!!

      Delete
  18. Hi Rahul,
    Thank you for this great tutorial in simple language with screenshots, it is really helpful for understanding.
    Regards
    Vijendra

    ReplyDelete
  19. Hi iam getting following error when we are posting Account to Salesforce via json format by using postman
    [{"errorCode":"APEX_ERROR","message":"System.NullPointerException: null argument for JSONGenerator.writeStringField()\n\nClass.System.JSONGenerator.writeStringField: line 178, column 1\nClass.GenerateResponseAccounts.createUpsertResponse: line 70, column 1\nClass.SyncAccounts.upsertAccountsList: line 40, column 1\nClass.AccountSync.createAccounts: line 42, column 1"}]

    ReplyDelete
    Replies
    1. Hi, seems like there is an issue with the JSON parsing in your apex class

      Delete
  20. Hi Rahul,
    You article really helped me out but i am getting this error when query

    [
    {
    "message": "The REST API is not enabled for this Organization.",
    "errorCode": "API_DISABLED_FOR_ORG"
    }
    ]

    Please let me know if you know this type of error

    ReplyDelete
    Replies
    1. Hi, please check the profile of the user you're using "API Enabled" checkbox should be checked.

      Delete
  21. Rahul, Thank you!
    This was very clear and helpful for me.

    ReplyDelete
  22. Hi Rahul,
    This blog is so informative and useful. It helps me to setup the Postman.
    Thanks a lot

    ReplyDelete
  23. @RestResource(urlMapping='/Customer/FileById/*') how to call this rest class

    ReplyDelete
  24. This is Very helpful Thank you!

    ReplyDelete
  25. This was a very helpful post. Thankyou!

    ReplyDelete
  26. thanks to you Rahul, that was a good and helpful tutorial

    ReplyDelete
  27. Hi Rahul,

    Great blogpost.This really helped me
    I have one question.. When we are giving the API to the third party, How do they get refresh token once the initial token expires?
    Thank you so much!

    ReplyDelete
    Replies
    1. Hi, This tutorial is using username password flow which is basically used for client-server communication, so there is no concept of refresh token. If you want a refresh token you need to implement authorization code flow which is used for server-server communication. You can learn more about that here: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_web_server_flow.htm&type=5

      Delete
  28. Thank you for your effort to put together this detailed tutorial!

    ReplyDelete
  29. Hi Rahul,
    Thanks for your blog.
    {
    "error": "invalid_grant",
    "error_description": "authentication failure"
    }

    I am getting above error, even I have followed all the steps.

    ReplyDelete
    Replies
    1. Can you try adding the security token to your password as well? Also, make sure you're performing a POST request

      Delete
  30. Thanks Rahul, this very helpful information step-by-step who new to the Salesforce like me. I tried this on my salesforce Developer Edition getting error like this
    {
    "message": "Session expired or invalid",
    "errorCode": "INVALID_SESSION_ID"
    }
    Any help would be much appreciated.

    ReplyDelete
    Replies
    1. Hi RD, can you try turning on Follow Authorization header in postman settings? Let me know if that works.

      Delete
  31. Very Nice tutorial and explanation, Thanks so much Rahul

    ReplyDelete
  32. Hi!
    From Summer '23 release User-Password authentication flow is disabled by default for new environments. You need to enable it before sending POST requests - otherwise you will get 'invalid_grant' error, obviously without any explanation (which is common for salesforce).

    Source and steps to enable this flow: https://help.salesforce.com/s/articleView?id=release-notes.rn_security_username-password_flow_blocked_by_default.htm&release=244&type=5

    ReplyDelete