MuleSoft Connector for Salesforce Pardot

Build 21.0.7930

Creating a Custom OAuth App

If you do not have access to the user name and password or do not wish to require them, you can use OAuth authentication. Salesforce Pardot uses the OAuth authentication standard, which requires the authenticating user to interact with Salesforce Pardot via the browser. The connector facilitates the OAuth exchange in various ways, as described in this section.

Create a Connected App

To obtain the OAuth client credentials, consumer key, and consumer secret:

  1. Log in to Salesforce.com.
  2. From Setup, enter Apps in the Quick Find box and then click the link to create an app. In the Connected Apps section of the resulting page, click New.
  3. Enter a name to be displayed to users when they log in to grant permissions to your app, along with a contact Email address.
  4. Click Enable OAuth Settings and enter a value in the Callback URL box. If you are making a desktop application, set the Callback URL to http://localhost:33333 or a different port number of your choice. If you are making a web application, set the Callback URL to a page on your Web app you want the user to be returned to after they have authorized your application.
  5. Select the scope of permissions that your app should request from the user. At least the "pardot_api" and "api" scopes and/or "full" scope must be among the selected OAuth scopes. Otherwise, only the username-password OAuth flow can be used with the Pardot API. Also, the "refresh_token" scope must be selected to return a refresh token in the OAuth request.
  6. Click your app name to open a page with information about your app. The OAuth client credentials, the consumer key, and consumer secret are displayed.

Authenticate to Salesforce Pardot from a Desktop Application

After setting the following connection properties, you are ready to connect:

  • OAuthClientId: Set to the consumer key in your app settings.
  • OAuthClientSecret: Set to the consumer secret in your app settings.
  • CallbackURL: Set to the callback URL in your app settings.
  • InitiateOAuth: Set to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.

When you connect, the connector opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The connector then completes the following OAuth process:

  1. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
  2. Exchanges the returned refresh token for a new, valid access token.

Authenticate to Salesforce Pardot from a Web Application

To obtain the access token, set the following connection properties:

  • OAuthClientId: Set to the consumer key in your app settings.
  • OAuthClientSecret: Set to the consumer secret in your app settings.
  • CallbackURL: Set to the callback URL in your app settings.

When connecting via a web application, or if the connector is not authorized to open a browser window, you need to exchange temporary verification values for the access token:

  1. Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint.
  2. Log in and authorize the application. You are redirected back to the callback URL. If you set the GrantType parameter to Implicit, the callbackURL contains the OAuthAccessToken in a query string parameter. If you set the GrantType parameter to code, the callback URL contains the verifier code in the query string parameter named "code". Extract the verifier code and call GetOAuthAuthorizationURL.

To connect to data, set the following connection properties:

  • OAuthAccessToken

To automatically refresh the access token when it expires, set InitiateOAuth to REFRESH and set OAuthRefreshToken. Alternatively, call the RefreshOAuthAccessToken stored procedure when the access token expires. Given a refresh token as input, the procedure returns a valid OAuth access token.

As an alternative to retrieving the authorization URL and having the user log in to Salesforce, you can set up a password grant type by calling GetOAuthAccessToken, setting GrantType to PASSWORD. Here, you need to ensure that the user name and password are both set in the connection string, in addition to the client ID and secret of your application. Note that InitiateOAuth must be set to OFF for the password grant type to work. You cannot refresh the token obtained this way. This method has the advantage of removing the login step for users that cannot open a web browser, but it has the disadvantage of the user's credentials being exchanged in plain text between the server and Salesforce.

Note: You can configure the session timeout in Salesforce by navigating to Setup > Administration Setup > Security Controls > Session Settings.

Authenticate with OAuthJWT Certificate Authentication

To obtain the OAuthJWT consumer key:

  1. Log in to Salesforce.com.
  2. From Setup, enter Apps in the Quick Find box and then click the link to create an app. In the Connected Apps section of the resulting page, click New.
  3. Enter a name to be displayed to users when they log in to grant permissions to your app, along with a contact Email address.
  4. Click Enable OAuth Settings and enter a value in the Callback URL box. Set this value only to create the Connected App as it is required. It will not actually be needed for this type of authentication. The Callback URL is in the format:
    http://localhost:8019/src/oauthCallback.rst
  5. Enable Use digital signatures.
  6. Upload your certificate.
  7. Select the scope of permissions that your app should request from the user. At least the "pardot_api" and "api" scopes or "full" scope must be among the selected OAuth scopes.
  8. Click your app name to open a page with information about your app. The OAuth consumer key is displayed.

Note: This flow never issues a refresh token.

Copyright (c) 2021 CData Software, Inc. - All rights reserved.
Build 21.0.7930