Salesforce REST API: The Login Request (Authentication Step)

Salesforce REST API Authentication

Working with REST APIs is similar to working with REST APIs. We will start by authenticating the REST API Requests and gradually move on to other operations as well.

In this article, we will discuss the detailed steps on how to authenticate REST-based requests against Salesforce Org. We will explore the REST payloads for the Request & Response cycle for the request.


This article is more focused on the Authentication mechanism for Salesforce REST-based services. If you have not already gone through my earlier articles on this, I would strongly recommend referring to the article How to Prepare Environment for Salesforce API Based Development as this article is acting as a prerequisite for API Development scenarios.

Launch the Postman and run through the following steps-

Preparing Request Object

Step 1. To start with authenticating the REST API Request, we will use OAuth Endpoint to request authentication tokens pertaining to the Salesforce Org. It will always be a POST Request.

Step 2. Select “Body”

Step 3. Select “form-data”

Step 4. Specify the following request input parameters.

  • client_id: Get the value from Connected App.
  • client_secret: Get the value from Connected App
  • username: User Name for Salesforce Org>
  • password: Password + Security Token for Salesforce Org>

Step 5. Once you have prepared the login request as specified above, we can click on the “Send” button to submit the request to Salesforce Org

Salesforce Org

Analyzing Response Object

If the request was successful, we can see the response object coming in.

Step 6. If we inspect the response object carefully, we would notice the following set of information coming in-


"access_token": "<Access Token Value>”,
"instance_url": "<Salesforce Instance URL>",
"id": "<Access Token Request ID>",
"token_type": "Bearer",
"issued_at": "<Date Time Stamp>",
"signature": "<Signature for Valid API Request>"


While you are working within REST Universe for Salesforce, you must keep the value of “access_token” handy at all times, and should be issued with all the REST API calls to Salesforce going forward for authentication.

Salesforce Org


Salesforce REST API framework supports authentication based on information associated with the Connected Apps, so before starting REST API-based development, we should be having a Connected App configured. Connected Apps provide information about Client ID & Client Secret that we can use to query for the Access Token later on.

Hope you enjoyed this article. Please leave your comments to let me know how you like the content and how you find it helpful to learn the topic.

Similar Articles