Home
IT Hub
Using Named Credentials in Salesforce for Secure API Calls

Using Named Credentials in Salesforce for Secure API Calls

Salesforce
Reco Security Experts
Updated
November 8, 2024
November 8, 2024

Named Credentials in Salesforce simplify managing API calls to external services by securely storing the required authentication details. By leveraging Named Credentials, you can securely access external systems without hard-coding sensitive information like usernames, passwords, or OAuth tokens. This article will guide you through setting up and using Named Credentials in Salesforce for secure API calls.

What Are Named Credentials in Salesforce?

Named Credentials provide a straightforward way to define the parameters needed to authenticate and call an external API from Salesforce. With Named Credentials, Salesforce manages the authentication for you, allowing you to focus on the integration logic without worrying about securely storing or handling sensitive data.

Benefits of Using Named Credentials

  • Simplified Authentication Management: No need to manually handle OAuth tokens or credentials.
  • Enhanced Security: Salesforce securely stores and manages credentials.
  • Seamless Integration: Use Named Credentials in Apex code, external services, and more.

Step-by-Step Guide to Setting Up Named Credentials in Salesforce

1. Create an External Credential

External Credentials allow you to define authentication parameters and link them with Named Credentials.

1. Navigate to Setup: In Salesforce, go to the Setup menu.

2. Search for Named Credentials: Enter Named Credentials in the Quick Find box and select it.

3. Click New External Credential: To create a new external credential, click the New External Credential button.

This screenshot shows the steps to create an external credential in Salesforce, access Named Credentials, and select New External Credential.

4. Configure the External Credential

  •  Name: Enter a meaningful name for the credential.
  • Authentication Protocol: Select the protocol (e.g., OAuth 2.0, Password Authentication) depending on your use case.

5. Save the External Credential.

2. Set Up a Named Credential in Salesforce

Once the External Credential is created, you can set up the Named Credential:

1. Go to Named Credentials: In the Quick Find box, type Named Credentials and select it.

2. Click on New Named Credential: Click the button to create a new Named Credential.

This screenshot shows how to create a Named Credential in Salesforce by going to Named Credentials and clicking 'NEW.’

3. Fill in the Details for the Named Credential:

  • Label: Enter a name that identifies the external system.
  • Name: This will auto-populate based on the label.
  • URL: Enter the base URL of the external system you want to connect to.
  • Certificate: If required, you can upload a certificate for mutual authentication.

4. Link the Named Credential to the External Credential:

  • Identity Type: Choose "Named Principal" (if all users access the external system with a single credential) or "Per User" (if each user has their credentials).
  • Authentication Protocol: Choose “OAuth 2.0” or another protocol, depending on the external service.
  • External Credential: Select the external credential you created in Step 1.

5. Save the Named Credential.

3. Authorize the Named Credential (if using OAuth 2.0)

If you selected OAuth 2.0 as the authentication protocol, you will need to authorize the Named Credential:

  1. Click on “Start Authentication Flow on Save”: After saving the Named Credential, click the “Start Authentication Flow on Save” checkbox.
  2. Save Again: This will trigger the OAuth authorization flow. Follow the prompts to authorize the connection.

4. Use the Named Credential External Services

This screenshot outlines how to add an external service in Salesforce by accessing Setup and using the Quick Find box to find External Services.

  • Navigate to External Services in Setup.
  • Use the Named Credential as the authentication provider when configuring your service.

5. Test Your Named Credential Setup

  1. Create an Apex Class or Trigger: Write a simple Apex class or use an existing one to test the connection using the Named Credential.
  2. Run the Test: Use the Salesforce Developer Console or your preferred tool to run the test.

6. Monitor Named Credential Usage and Logs

  1. Check Named Credential Logs: Go to Setup >> Named Credentials Logs to view logs and monitor API usage.
  2. Review and Troubleshoot: Look for any errors or unauthorized access attempts to ensure the integration is working correctly.

Best Practices for Using Named Credentials

  1. Use OAuth 2.0 When Possible: OAuth 2.0 is more secure than basic authentication methods.
  2. Limit API Scope: Only grant the minimum permissions needed for the external service.
  3. Monitor and Rotate Credentials: Regularly check logs and rotate credentials to maintain security.

Troubleshooting Common Issues with Named Credentials

  1. Authorization Errors: Ensure the correct OAuth settings and callback URL are configured in Salesforce.
  2. Endpoint Errors: Verify that the URL entered in the Named Credential matches the external service's base URL.
  3. Permission Denied: Check that the user or integration has the correct permissions to use the Named Credential.

Conclusion

Using Named Credentials in Salesforce simplifies making secure API calls to external services. By following the steps outlined above, you can set up, authorize, and use Named Credentials efficiently while maintaining high security. Regularly monitor and review your Named Credentials usage to detect and address any issues proactively.

How to Recover Your GitHub Account
Managing access to GitHub is a critical task, especially for IT admins who deal with multiple accounts and security measures, and often find themselves troubleshooting issues. In this guide, we'll cover how to recover a GitHub account in case of lost credentials, forgotten passwords, or two-factor authentication (2FA) failures.
Google Workspace 2-Step Verification: Set-Up & How to Manage
Ensuring the security of your digital accounts is more critical than ever, and Google Workspace provides robust tools to help protect user data. One essential feature is 2-Step Verification (2SV), an added layer of security designed to prevent unauthorized access.
GitHub Security Checklist: 9 Must-Follow Best Practices
Did you know that over 83% of organizations experienced at least one successful application exploit in the last 12 months? This statistic from a recent cybersecurity report highlights the critical importance of securing our code repositories and development workflows.
Get the Latest SaaS Security Insights
Subscribe to receive weekly updates, the latest attacks, and new trends in SaaS Security
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Explore More
How to Recover Your GitHub Account
Managing access to GitHub is a critical task, especially for IT admins who deal with multiple accounts and security measures, and often find themselves troubleshooting issues. In this guide, we'll cover how to recover a GitHub account in case of lost credentials, forgotten passwords, or two-factor authentication (2FA) failures.
Google Workspace 2-Step Verification: Set-Up & How to Manage
Ensuring the security of your digital accounts is more critical than ever, and Google Workspace provides robust tools to help protect user data. One essential feature is 2-Step Verification (2SV), an added layer of security designed to prevent unauthorized access.
GitHub Security Checklist: 9 Must-Follow Best Practices
Did you know that over 83% of organizations experienced at least one successful application exploit in the last 12 months? This statistic from a recent cybersecurity report highlights the critical importance of securing our code repositories and development workflows.
See more articles from our Hub

Start Securing Your Entire SaaS Lifecycle

Request a demo