Integrating Postman with Salesforce is a 2-step process:
- Create a connected app in Salesforce. This will generate a client ID and client secret that you will need to authenticate Postman to Salesforce. To create a connected app, go to Setup > App Manager > Create a new Connected App. Give the app a name and enable the OAuth settings. You will also need to choose the scopes that you want the app to have access to. Once you have created the connected app, you will be able to find the client ID and client secret in the app details.
- Authenticate Postman to Salesforce. To do this, you will need to create a new request in Postman and use a POST call to the following URL:
https://login.salesforce.com/services/oauth2/token
In the body of the request, you will need to include the following parameters:
Grant Type: password
Client ID: The client ID from your connected app
Client Secret: The client secret from your connected app
Username: Your Salesforce username
Password: Your Salesforce password
Once you have made the request, Postman will return an access token. You can then use this access token to call Salesforce REST APIs.
Error (API security token required)
The error “Failed: API security token required” indicates that you’re trying to access a Salesforce API endpoint but your request lacks the necessary security token. Here are a couple of solutions to resolve this:
Solutions:
- Use a Security Token:
- If your Salesforce organization requires security tokens for API access, you’ll need to obtain and include it in your request.
- Login to Salesforce with your username and password.
- Go to your Personal Setup (gear icon) and search for “Reset My Security Token”.
- Reset your security token. You’ll receive a new token via email.
- When making API calls through Postman or any other tool, include the security token along with your username and password.
- If your Salesforce organization requires security tokens for API access, you’ll need to obtain and include it in your request.
- Add Your IP to Trusted Networks (if applicable):
- Salesforce allows specifying trusted IP addresses that can access the API without requiring a security token.
- If you’re making API calls from a consistent location (e.g., your office IP), you can ask your Salesforce admin to add that IP address to the trusted network list.
- Go to Setup > Security > Network Access.
- The admin can add your IP address here.
- This approach might not be suitable if you’re making API calls from various locations.
- Salesforce allows specifying trusted IP addresses that can access the API without requiring a security token.
Error (Username, Password flow disabled in Login History)
The error “Failed: Username, Password flow disabled in Login History” indicates that you tried to log in using your username and password, but this method is disabled for your Salesforce organization due to security reasons. Here’s how to address this:
Solutions:
- Use a More Secure Login Method (Recommended):
- It’s strongly recommended to switch to a more secure OAuth 2.0 flow for logins. These flows involve creating a connected app in Salesforce and using access tokens for authentication. This approach offers better security compared to username and password.
- Here are the steps: a. Create a Connected App: Go to Setup > App Manager > New Connected App. Provide a name, enable OAuth settings, and choose the access levels your app needs. You’ll get a client ID and client secret. b. Use OAuth in Your Tool: Refer to the documentation for your specific tool (e.g., Postman) on how to configure OAuth with the client ID and client secret obtained from the connected app. This typically involves configuring an OAuth 2.0 authorization code grant or password grant flow.
- Enable Username-Password Flow (with Caution):
Not recommended: If you’re an administrator and absolutely must use the username-password flow (avoid if possible due to security concerns), you can enable it, but proceed with caution: a. Go to Setup > Security > Remote Access Settings. b. Locate the setting Allow OAuth Username-Password Flows. c. Enable the setting (remember, this is not secure).
Get in touch with us if you have further questions. Zivoke helps organizations with Salesforce integration on a daily basis. For any Integration questions or support, our super smart tech team at Zivoke will be happy to help you.