Skip to content
Postman API Testing Tips

How To Test Connected App In Salesforce Using Postman

API Testing Blog

Understanding Connected Apps and Salesforce API

Connected Apps are essentially the bridge between your Salesforce org and external applications. They allow you to securely expose Salesforce functionality to third-party apps, making your data and processes accessible from outside your organization.

To test a Connected App, you need to interact with its API, retrieving data, creating records, and performing other actions. This is where tools like Postman come in, enabling you to send and receive HTTP requests to your Salesforce Connected App’s endpoints.

How to Test Your Salesforce Connected App with Postman

1. Setting Up Your Salesforce Connected App

Before you can start testing with Postman, you need to have a Connected App set up in your Salesforce org.

Here’s how to create a Connected App:

  1. Navigate to Setup: Login to your Salesforce org and go to Setup.
  2. Find the Connected App: Search for “Connected App” in the Quick Find bar and click on App Manager.
  3. Create a New Connected App: Click “New” to create a new Connected App.
  4. Configure the App:
    • Basic Information: Provide a name, API name, and contact email for your app.
    • API (Enable OAuth Settings): Enable OAuth settings and specify the callback URL (where your app will redirect after authentication). This is crucial for secure communication.
    • Profiles: Select the profiles (user permission sets) that can access your app. This grants access to specific Salesforce objects and functionalities.
  5. Save the App: Save your Connected App.
  6. Obtain the Client ID and Secret: This information is what your app uses to authenticate. You can find them in the “Connected App” details page.

Important Note:

  • Keep your Client Secret confidential! It’s a critical security element, so never share it with anyone.
  • Use a dedicated sandbox environment for testing. This helps prevent unintended changes to your production data.

2. Preparing Postman for Testing

Now, let’s set up Postman for testing your Connected App.

  1. Install Postman: If you haven’t already, download and install Postman from https://www.postman.com/.
  2. Create a New Request: Open Postman and create a new request by clicking on the “New” button.
  3. Select HTTP Verb: Choose the appropriate HTTP verb for your API interaction (GET, POST, PUT, DELETE).
  4. Specify the Endpoint URL: Insert the base URL provided in your Connected App settings and append the specific endpoint you want to target.
    • Example: If your Connected App provides a REST API endpoint for fetching contacts, your endpoint URL may look like: https://yourInstance.salesforce.com/services/data/v50.0/sobjects/Contact/

3. Configuring Authorization in Postman

Postman requires you to configure authorization to access your Salesforce API securely.

  1. Click the “Authorization” Tab: In the request window, navigate to the “Authorization” tab.
  2. Select “OAuth 2.0”: Choose the “OAuth 2.0” option from the dropdown menu.
  3. Provide OAuth Details:
    • Grant Type: Specify the grant type you’re using (e.g., “Authorization Code”).
    • Callback URL: Enter the Callback URL configured in your Connected App.
    • Client ID: Fill in the Client ID provided in your Connected App settings.
    • Client Secret: Paste the Client Secret (keeping it secure!).
    • Scope: Add the necessary scopes (permissions) to access your Salesforce data (e.g., api for basic access, refresh_token for longer-lasting access).
    • Auth URL: This is usually the Salesforce OAuth endpoint: https://login.salesforce.com/services/oauth2/authorize
    • Token URL: This is also provided in your Connected App and typically looks like: https://login.salesforce.com/services/oauth2/token

4. Get the Access Token: * Click “Get New Access Token”: This initiates the authentication flow. * Log in with Salesforce credentials: You’ll be redirected to the Salesforce login page to provide your credentials. * Authorize the App: Grant access to your Connected App. * Obtain the Access Token: Postman will automatically store the access token.

4. Sending and Testing Your Salesforce API Request

With authorization set up, you can start sending API requests to your Salesforce Connected App.

Example: Retrieving Contacts with GET Request:

  • Endpoint URL: https://yourInstance.salesforce.com/services/data/v50.0/sobjects/Contact/
  • HTTP Verb: GET
  • Authorization: OAuth 2.0 (Configured as described above)
  • Headers:
    • Content-Type: application/json
    • Authorization: Bearer [your_access_token]

Sending the Request: Click “Send” in Postman to execute your request.

Inspecting the Response:

  • Response Body: The response body contains the data returned by your Salesforce Connected App.
  • Status Code: The HTTP status code (e.g., 200 for successful requests) indicates the outcome of your API interaction.

5. Testing Various API Operations

You can use Postman to test various API operations, including:

  • Creating New Records: Use a POST request to create new Salesforce records (e.g., Contacts, Accounts, Opportunities).
  • Updating Existing Records: Use PUT or PATCH requests to modify record data.
  • Deleting Records: Use DELETE requests to remove records from Salesforce.
  • Retrieving Specific Records: Append an ID to your endpoint URL to fetch specific Salesforce records (e.g., https://yourInstance.salesforce.com/services/data/v50.0/sobjects/Contact/0031T0000000001AAA).
  • Custom Apex Web Services: If your Connected App utilizes custom Apex Web Services, you can test those through Postman as well.

Remember:

  • Each Salesforce API endpoint has its own specific format for request bodies and response structures. Check the Salesforce API documentation for detailed information about your target endpoints.
  • Use the appropriate HTTP verbs for each operation (GET for retrieving, POST for creating, PUT/PATCH for updating, DELETE for deleting).

6. Advanced Postman Features for Testing

Postman offers features that enhance your testing process.

  • Collections: Organize your API requests into collections for better organization and reusability.
  • Environments: Store variables (like your API endpoint URLs, client IDs, secrets) in environments to easily switch between different testing environments.
  • Tests: Add tests to your requests to verify expected responses and perform assertions.
  • Mock Servers: Simulate API responses to test your app’s behavior in different scenarios.

Example Postman Test Script:

pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});


pm.test("Response body contains 'success'", function () {
    pm.expect(pm.response.text()).to.include('success');
});
  • Pre-request Scripts: Execute code before sending a request to modify headers, parameters, or perform other actions.

Example Pre-request Script:

var accessToken = pm.environment.get("accessToken");
pm.globals.set("accessToken", accessToken);

This script retrieves the access token from an environment variable (accessToken) and stores it as a global variable.

Conclusion

By leveraging Postman for testing your Salesforce Connected Apps, you can ensure that your integrations are working correctly, securely, and seamlessly. This approach promotes robust testing and helps you identify and resolve potential integration issues before they affect your users.

API Testing Blog