Skip to main content
The Salesforce (JWT) connector authenticates using the OAuth 2.0 JWT Bearer Flow instead of the standard Authorization Code flow. This is a headless, server-to-server flow that is well suited for long-running, unattended integrations where an interactive OAuth login is impractical. Please note that the standard Salesforce connector is a more convenient experience for your customers; it uses a standard OAuth 2.0 authentication scheme, and prompts your users for their Salesforce username and password. We recommend it for most use cases.

What’s Supported

Supported Actions

This connector supports:

Supported Modules & Objects

The Salesforce (JWT) connector currently supports the CRM module (referred to as crm in amp.yaml). The same standard and custom objects supported by the standard Salesforce connector are available — see the Supported CRM objects section of the Salesforce provider guide for the full list. The Account Engagement (Pardot) module is not currently supported under JWT Bearer authentication. 
specVersion: 1.0.0
integrations:
  - name: salesforce-jwt-integration
    provider: salesforceJWT
    ...

Before You Get Started

This connector uses OAuth 2.0 JWT Bearer authentication with an RSA key pair. There is no interactive login — your customer’s Salesforce administrator will pre-authorize a designated integration user on an External Client App, and Ampersand will sign JWT assertions on their behalf to obtain access tokens. To integrate Salesforce (JWT) with Ampersand, your customer’s Salesforce administrator will need to complete the setup steps in the customer guide and provide you with the following credentials:
  • Consumer Key (from the External Client App)
  • Salesforce Username (the integration user)
  • RSA Private Key (base64-encoded PEM)
  • Salesforce My Domain subdomain (workspace)

Creating the Salesforce app for JWT Bearer

Your customer’s Salesforce administrator creates an External Client App with JWT Bearer flow enabled, uploads an X.509 certificate, and associates a Permission Set that pre-authorizes the integration user. The full steps are documented in the customer guide.
Salesforce requires an RSA key (2048-bit minimum). ECDSA keys are not supported for the JWT Bearer flow.

Using the connector

To start integrating with Salesforce (JWT):
  • Create a manifest file like the Salesforce example, using salesforceJWT as the provider instead of salesforce.
  • Deploy it using the amp CLI.
  • If you are using Read Actions or Subscribe Actions, create a destination.
  • Collect your customer’s credentials (Consumer Key, Username, Private Key, Subdomain) and create a connection.
  • Start using the connector!

Customer guide

The Salesforce (JWT) customer guide is a guide that can be shared with your customers to help them be successful in using your integration.