Member-only story
Salesforce API — JWT Authentication
Salesforce JWT Authentication with Python and Postman example
Using JWT to connect to the Salesforce API seems tricky and the official Salesforce documentation is not very beginner-friendly. Don’t worry — it's not that hard. I will show you all the details below. This story contains the following steps.
- Basic introduction
- How to create a certificate?
- Creation of a Connected App in Salesforce
- Construct the JWT
- Working example with Postman
- Working implementation with Python
Basic introduction
JWT — short for JSON Web Token — is an Internet Standard and often used for authentication. It’s basically a string that holds information in a JSON-based structure, divided into different segments: header, payload & signature.
The Header contains information about the cryptographic algorithm used to generate the signature.
The Payload is a set of claims that contain the details. The JWT specification defines seven standard claims that are commonly included in tokens. Additionally, custom claims can be used, depending on the purpose of the token.
The Signature validates the token. The signature is calculated by encoding header and payload, and concatenating the two together with a period separator. That string is then run through the cryptographic algorithm specified in the header.
Salesforce allows using JWT for authentication to their APIs as well. Let’s see how.
How to create a Certificate?
Salesforce only accepts RSA SHA256-signed JWTs, so you need an X509 Certificate and its private key. Sounds complex, but it’s not. Just follow the following steps.
- Download & Install OpenSSL
OpenSSL is a full-featured toolkit for cryptography and secure communication. You can download & use it for free. As the installation on windows can be tricky, you can also install git — which contains OpenSSL under the hood.
- Create X509 Certificate & Key
