Creating a Custom OAuth Application

Salesloft requires you to create and use your own OAuth application credentials. Salesloft supports multiple OAuth flows, and the steps to create a custom OAuth application depend on which flow you plan to use:

• Authorization Code (interactive sign-in; requires a Redirect URI / CallbackURL)
• Client Credentials (server-to-server; does not require a Redirect URI / CallbackURL)

Authorization Code Flow (OAuth)

To create a custom OAuth application for the Authorization Code flow and obtain the OAuthClientId, OAuthClientSecret, and CallbackURL:

1. Go to https://accounts.salesloft.com/oauth/applications/.
2. Create a new OAuth application and specify a name for your application.
3. Specify a Redirect URI.
   The Salesloft console displays the Client Id and Client Secret in the App Credentials section, under Application Information.
4. Define your application's CallbackURL:
   • In your new application settings, go to OAuth & Permissions > Redirect URLs.
   • Click Add a New Redirect URL.
   • Set the callback URL to http://localhost:33333, or another port of your choice.

Save the Client Id, Client Secret, and Callback URL for future use.

Client Credentials Flow (OAuthClient)

The Client Credentials flow is a server-to-server flow for private OAuth applications and does not require end-user authentication. In this flow, the access granted to the application uses the permissions of the admin user who created the OAuth application.

To create a custom OAuth application for Client Credentials and obtain the OAuthClientId and OAuthClientSecret:

1. Go to https://accounts.salesloft.com/oauth/applications/.
2. Create a new OAuth application.
3. Set Application Type to No (private application / internal use).
4. Set Grant Type to Client Credentials.
5. Select the Scopes required for the data/actions you want to access.
6. Save the application and copy the Client Id and Client Secret.

To connect using Client Credentials:

• Set AuthScheme to OAuthClient,
• Set the OAuthClientId and OAuthClientSecret

Notes

• This flow does not use an authorization URL and does not require a CallbackURL / Redirect URI for the driver.
• If the OAuth application does not include the requested scopes, the token request can fail. Ensure the scopes selected for the application match the scopes required for your use case. By default, the driver requests the full set of scopes that you would get by clicking Select All when creating the application.
• If you select only a subset of scopes when creating the OAuth application, specify the same subset in the Scope connection property (space-delimited) so the driver requests only the scopes enabled for your application (e.g. accounts:delete accounts:read).