SFDC Stop - Always the latest about Salesforce

Full Tutorial Series with videos, free apps, live sessions, salesforce consulting and much more.

Friday, 4 January 2019

How to connect to Salesforce with Postman ?

Ever tried to work with APIs ? In this post, I am going to tell you that how you can connect to your own salesforce org's with postman.

What is Postman ?

Postman is an API development environment which is used to test an API, create and run automated tests, examine responses and do a lot more stuff. As a Salesforce Developer or Admin, you can use postman to test APIs and their responses. So, let's see how to setup postman to test your APIs.

Setting up Salesforce

First of all, we need to setup a connected app in our org. To do so, follow the steps below:-

1. In your Salesforce org, go to setup and search for app. You'll have an option of apps under Build->Create as shown below:-

2. Click on apps and that will open a new page with Apps, Subtab Apps and Connected Apps. You need to go to the Connected Apps section and click New.

3. You'll see another page of New Connected App as shown below:-

4. In the form, enter Connected App Name, API Name and Contact Email. I am using Test Postman as the connected app name, the API name is automatically populated as Test_Postman and I have added my email id in the contact email field.

5. You don't need to fill any other information, In the API (Enable OAuth Settings) section click on:- Enable OAuth Settings checkbox. As you click on that, you'll see some more fields appear as shown below:-

6. This is quite similar to when we make a connected app at any 3rd party server which is used for server to server communication, as we're going to use postman so the Callback URL doesn't affect us. You can write any URL there. It is basically the URL where the authorization code will be sent in case of OAuth. I have used https://www.salesforce.com

7. Under the Selected OAuth Scopes section, choose Access and manage your data (api) and move it from the Available OAuth Scopes to the Selected OAuth Scopes section. It is basically a choice of which APIs you want to use like if you want to use chatter api, you need to add it to the Selected OAuth Scopes section and similar approach for any other api.

8. To access standard Salesforce APIs to deal with our data and for any custom APIs too that we make in apex, the Access and manage your data (api) is enough for us as I am going to use system administrator credentials.

9. Leave other options as it is and click on Save. You'll see the below screen:-

10. Click on Continue button and you'll be taken to the below page:-

11. As you can see in the above image, we've Consumer Key and Consumer Secret which is present in the API (Enable OAuth Settings) section. The consumer key will be visible to you directly and for the consumer secret click on Click to reveal link and it'll be displayed there.

You've completed the Salesforce part and now it's time to move on to our postman stuff.

Setting Up Postman

To setup postman, follow the below steps:-

1. Go to https://www.getpostman.com/apps and download postman for your operating system. Install it in your OS.

2. Once you've postman installed, open it and you'll have a screen as given below:-

3. To connect with our Salesforce org, we've two options:- Authorization Code Flow and Username Password Flow. We're going to use Username Password flow now.

4. Next step is to get the access token. If you're connecting with your developer org, use:- https://login.salesforce.com/services/oauth2/token as the URL to get the access token however, if you're using a sandbox, you can use https://test.salesforce.com/services/oauth2/token as the token URL.

5. Set the request method to POST and in the body tab, you need to enter some values as shown below:-

6. Make sure that the form-data radio button is selected. Now we need to add 5 key-value pairs as shown in the above image and given below:-

  • Key:- username | Value:- <your login username for org>
  • Key:- password | Value:- < your orgs login password>
  • Key:- grant_type | Value:- password
  • Key:- client_id | Value:- <consumer key of your salesforce org's connected app>
  • Key:- client_secret | Value:- <consumer secret of your salesforce org's connected app>
Add all the values and click on Send, you may or may not see the output as shown in the above image. It says:-

    "error": "invalid_grant",
    "error_description": "authentication failure"

If you got the successful response, you'll get the access_token in the JSON and you can skip to the Hitting the Standard Salesforce API section below. However if above is the case, you need to append your security token along with the password. If you have a security token, use that otherwise, to get a new security token, click on your username and click on My Settings. You'll be taken to the below page.

In the search bar on the left write:- reset and you'll see an option showing Reset My Security Token click on that and you'll be taken to the below page:-

Click on Reset Security Token button and you'll be taken to the below page:-

Check your email now which is associated with your salesforce org and you'll get the new security token there. The security token is case sensitive, so copy that from your mail and append it along with your password in postman. For ex:- if your password is iamawesome and your token is 123123123 then in the password key of your postman request, the value should be your password concatenated with security token i.e. iamawesome123123123. Click on the Send button again and you'll have the response as shown below:-

As you can see in the above image, you'll have a JSON response as follows:-

    "access_token": "<your-access-token>",
    "instance_url": "<your-org-base-url>",
    "id": "https://login.salesforce.com/id/<id>/<id>",
    "token_type": "Bearer",
    "issued_at": "<timestamp>",
    "signature": "<unique-signature-code>"

Copy the access token as we're going to use this in the subsequent requests to salesforce.

Hitting a standard Salesforce API

Now, for a demo, let's query our accounts from Salesforce Org using postman. This time, you need to make a request to your instance URL. The instance URL is basically the base URL of your org. For Ex:- My instance URL of developer org is:- https://ap5.salesforce.com/

You can explore the REST API developer guide for standard APIs. Like now I need to query, so I am able to find the documentation at:- https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_query.htm

API versions are continuously upgraded, I am using v42.0 and a simple query i.e. SELECT Name, Type FROM Account. This is going to be a GET request and in the header I'll set the key:- Authorization and Value:- Bearer<space><access-token> as we have the access token type of bearer (from the previous JSON response).

The URL I am going to hit is:- https://ap5.salesforce.com/services/data/v42.0/query/?q=SELECT+Name,Type+FROM+Account

So, we have the final request and response on clicking Send as given below:-

In the response, you can see in the image above that I have the records array that consists of the field I queried i.e. the name and type of Accounts present in the org.

Congratulations..!! You have successfully setup postman for your org.

Note:- The access token has a validity of few hours and in case it expires, you need to follow the same steps to get a new access token so it's better to save that request. You can use the new access token by replacing the previous one in the header to hit APIs and communicate with your salesforce org.

If you liked this blog, make sure to share it in your network and let me know your views in the comments section below.

Happy Trailblazing..!!


  1. Thank you for this. Great tutorial. Im new to Salesforce and especially this API thing. But this was an awesome tutorial. Very clear. Now I want to repeat the same thing, but just from my Java code :)

    1. Hi Simon,

      Great to see that you liked it :-) and sure, give it a try..!!

  2. Thanks Rahul, this was very useful. I just wanted to know whether we can create custom apps, objects via REST API

    1. You can do that using the metadata api. It's the same case as we do deployments using Salesforce DX or ANT.

  3. Can we Implement Through PHP Curl if Yes please let me know How are any resource with respect to that

    1. Hey Sowmya, you can simply make requests using php curl like you're doing here with postman. No difference will be there as such. However, you can also try guzzle which is a good php library for callouts. Hope that helps :-)

  4. HI Rahul,

    Have you created any outbound call API's with any external systems?If yes, please share me the URL.


    1. Hi Reddy,

      I have published an integration tutorial series that may help you. Please have a look at that. If you're looking specifically for apex callout, you can have a look at this:- https://www.sfdcstop.com/2019/12/salesforce-integration-tutorial-part-8.html

  5. Thank you Rahul. This is very useful. Can I use to connect Salesforce from Postman using just username and password. It can be found under the section called "basic auth".

    1. No, salesforce doesn't support basic authentication. In case of a custom implementation scenario you can implement that on your own using site.

  6. Hi
    I am trying with sand box url https://test.salesforce.com/services/oauth2/token .
    I have passed all the five fields username, password(password+token), grant_type,client_id and client_secret but still getting error.
    "error": "invalid_grant",
    "error_description": "authentication failure"

    1. Hi, Please make sure there are no whitespaces in any of your inputs and try again.

  7. Hi Rahul,
    I tried your steps. But even after with security access token it gives the same error. Could you please help me to fix this issue.

    1. Hi Kalpana, Which error are you talking about ? Can you please specify in detail ?

  8. Hi,

    Generating security tokens takes more time(16 min) , how to avoid this scenario
    from salesforce any suggestions pls

    1. Hi Ashok, 16 minutes are you sure ? As usually even when we do callouts from salesforce there is a timeout after 2 minutes. What scenario are you talking about in which it's taking that much time ? Can you explain in detail ?

  9. Hi Rahul and congratulations for the guide ... but I have a problem after receiving the authentication token, when I go to send your example query, the answer I get is always:
    "message": "Session expired or invalid",
    "errorCode": "INVALID_SESSION_ID".
    this both if i use ap5.salesforce.com and if i use test.salesforce.com ..... suggestions?
    Thanks a lot and congratulations again.

    1. Hi,

      Please make sure you're having the Authorization header with value:- Bearer[space][access_token] and also that you're sending the request to your instance url only. The instance url is also received in the response from the login request that you make.Check my login response, it's having the key [instance_url] in the second last image, in my case it's ap5.salesforce.com, your's may be different.