Skip to main content
In this chapter
< Contents
Print

Set Up the Salesforce App

For mailfino to work permanently with Salesforce, an external client application must be set up in Salesforce. This application allows mailfino to access the Salesforce API and issues a refresh token so that the connection continues to work after a session expires.

1. Open application in Salesforce

Open in Salesforce in the top right Setup. Search for Application Manager and open the area.

Create a new external client application. Depending on the Salesforce interface, the name may vary slightly. The important thing is that the application supports OAuth flows.

2. Activate OAuth Flow

Enable the Authorization Code and Credentials flow. If Salesforce offers or requires PKCE, this option can remain active. mailfino sends a PKCE Code Challenge during OAuth login.

The JWT bearer flow and SAML are not required for this integration.

3. Set OAuth Permissions

Add these OAuth scopes:

  • Manage user data via APIs
  • Perform requests at any time (refresh_token, offline_access)

refresh_token and offline_access are usually displayed together in Salesforce. This permission is necessary for mailfino to renew an expired Salesforce session.

Avoid if possible Full access. For mailfino, API access is required, not blanket full access. Furthermore, it replaces full no refresh token.

4. Enter Callback URL

Enter the callback URL that mailfino displays when setting up the Salesforce integration. For mailfino Cloud, the callback URL is https://app.mailfino.de/api/v6/integrations/oauth/salesforce/callback.

If you operate mailfino in your own data center, use the same URL as the publicly accessible address of your installation. The callback URL must exactly match the address that mailfino uses when connecting to Salesforce.

5. Keep your Client ID and Client Secret ready

After saving, Salesforce displays a Consumer Key / Client ID and a Consumer Secret / Client Secret. These values are stored in the mailfino environment so that the OAuth login can be initiated.

Do not give the client secret to regular users. It belongs in the server configuration for mailfino.