Salesforce Query authentication guide
This is a step-by-step guide to acquiring credentials for authorizing the Salesforce Query component for use in Matillion ETL.
This guide covers both Salesforce Lightning and Salesforce Classic.
While component properties may differ between cloud data warehouses, the authentication process remains the same.
Prerequisites
- The Salesforce Query component uses either a username and password or an OAuth for third-party authentication. This guide only explains the OAuth method. Begin the OAuth entry process as described in Manage OAuth. You should then configure this OAuth entry using your Salesforce credentials, obtained as described below.
- The callback URL, and therefore the Matillion ETL instance, must be HTTPS, not HTTP.
- It is recommended that the callback URL be a fully qualified domain name (FQDN) and not an IP address.
Acquiring third-party credentials in Salesforce Lightning
- Navigate to the Salesforce website. In the top-right of the homepage, hover over Login, and select Salesforce to navigate to the login page. Enter valid login credentials to continue.
- After you have logged in to the Salesforce dashboard, click ⚙, in the top-right, then click Setup.
- Use the sidebar on the left to click Apps, then App Manager. In the top-right of Lightning Experience App Manager, click New Connected App.
- A New Connected App configuration dialog will open. Give details for the following fields:
- Connected App Name: Give a name for the app.
- API Name: Give a filename for the app (alternatively, use the name automatically generated from the Connected App Name).
- Contact Email: Give an email address to be used as a point of contact for the app.
-
Scroll down to the API (Enable OAuth Settings) section, and tick the checkbox next to Enable OAuth Settings. This will reveal a new section. Give details for the following fields:
- Callback URL: Paste the callback URL (copied from the Manage OAuth dialog in Matillion ETL earlier).
- Selected OAuth Scopes: Select Access and manage your data (api), Perform requests on your behalf at any time (refresh_token, offline_access), and Provide access to your data via the Web (web). Click ►, then click Save.
Note
The Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows setting is enabled by default. You will need to disable this setting to prevent any issues occurring when completing the OAuth configuration for your Matillion ETL instance.
-
If the app is created successfully, the browser will redirect to the newly created app's information page. In the API (Enable OAuth Settings) section, copy the strings next to Consumer Key and Consumer Secret as they will be required later, when you authorize the Salesforce Query component for use in Matillion ETL.
Note
- To view and copy the Consumer Secret, click Click to reveal.
- Additionally, when copying these strings, some browsers may add a space to the end of the strings. Watch out for this, as it will cause the credentials to fail.
-
Return to the Manage OAuth dialog in Matillion ETL to complete the OAuth configuration.
- When you complete the authorization process in Matillion ETL, you will be directed back to Salesforce, where you must complete a few basic steps before the OAuth is fully authorized. When completed, the Salesforce page will close, and you will return to your Matillion ETL instance.
Acquiring third-party credentials in Salesforce Classic
- Navigate to the Salesforce website. In the top-right of the homepage, hover over Login, and select Salesforce to navigate to the login page. Enter valid login credentials to continue.
- In the Salesforce dashboard, click Setup in the top-right.
- Scroll down to the Quick Links section, and click Manage Apps.
- On the Apps page, scroll down to Connected Apps. Above the app list, click New.
- The New Connected App configuration dialog will open. Give details for the following fields:
- Connected App Name: Give a name for the app.
- API Name: Give a filename for the app (alternatively, use the name automatically generated from the Connected App Name).
- Contact Email: Give an email address to be used as a point of contact for the app.
-
Scroll down to the API (Enable OAuth Settings) section, and tick the checkbox next to Enable OAuth Settings. This will reveal a new section. Give details for the following fields:
- Callback URL: Paste the callback URL (copied from the Manage OAuth dialog in Matillion ETL earlier).
- Selected OAuth Scopes: Select Access and manage your data (api), Perform requests on your behalf at any time (refresh_token, offline_access), and Provide access to your data via the Web (web). Click ►, then click Save.
Note
The Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows setting is enabled by default. You will need to disable this setting to prevent any issues occurring when completing the OAuth configuration for your Matillion ETL instance.
-
If the app is created successfully, a message will appear stating, "Allow from 2-10 minutes for your changes to take effect on the server before using the connected app". Click Continue to be redirected to the newly created app's information page.
-
In the API (Enable OAuth Settings) section, copy the strings next to Consumer Key and Consumer Secret as they will be required later, when you authorize the Salesforce Query component for use in Matillion ETL.
Note
- Allow 2-10 minutes before using these credentials in Matillion ETL.
- To view and copy the Consumer Secret, click Click to reveal.
- Additionally, when copying these strings, some browsers may add a space to the end of the string. Watch out for this, as it will cause the credentials to fail.
-
Now return to the Manage OAuth dialog in Matillion ETL to complete the OAuth configuration.
- When you complete the authorization process in Matillion ETL, you will be directed back to Salesforce, where you must complete a few basic steps before the OAuth is fully authorized. When completed, the Salesforce page will close, and you will return to your Matillion ETL instance.