2025 Growth Unified Hits Major Growth Milestones with 6.5x usage & 4.5x revenue growth
Unified.to
All articles

How to Integrate with the Salesforce API: A Step-by-Step Guide for B2B SaaS Teams

February 20, 2026

Salesforce provides a comprehensive set of APIs that allow you to read, write, query, and subscribe to CRM data programmatically. But integrating Salesforce into a production B2B SaaS product involves more than sending a single REST request.

You must handle OAuth 2.0 authentication, token lifecycle management, API limits, pagination, and real-time change notifications.

This guide covers:

  1. How to integrate directly with the Salesforce REST API
  2. What you'll own in production
  3. How to integrate Salesforce using Unified's CRM API
  4. When to build direct vs use an integration layer

If you're also evaluating other CRMs, you can compare this with our guide on how to integrate with the HubSpot API.

Direct Salesforce REST API Integration

Step 1: Create an OAuth Client in Salesforce

Before calling Salesforce APIs, you must register an OAuth-enabled application.

In Salesforce Setup:

  1. Navigate to App Manager
  2. Create a new OAuth-enabled app (Connected App or External Client App, depending on your org configuration)
  3. Enable OAuth settings
  4. Provide a Callback URL, for example:
https://yourapp.com/oauth/salesforce/callback
  1. Select required OAuth scopes such as api and refresh_token if your integration requires offline access.

Salesforce documents this setup process in their guide on creating OAuth-enabled apps in Setup.

After saving, Salesforce provides:

  • Consumer Key (client_id)
  • Consumer Secret (client_secret)

These credentials are required for authentication.

Step 2: Implement the OAuth 2.0 Web Server Flow

For customer-facing SaaS products, Salesforce documents the Web Server Flow (authorization code grant) as the standard OAuth pattern.

The high-level flow works as follows:

  1. Redirect the user to Salesforce's authorization endpoint
  2. The user logs in and grants consent
  3. Salesforce redirects back to your callback URL with an authorization code
  4. Your backend exchanges that code for an access token at Salesforce's token endpoint

Salesforce provides full documentation for the Web Server Flow and OAuth endpoints in their official OAuth guide.

The token response includes:

  • access_token
  • instance_url
  • Optionally refresh_token

You are responsible for securely storing tokens and implementing refresh logic when needed.

Step 3: Make REST API Requests

Use the instance_url returned from the token exchange as your base URL.

Example SOQL query:

GET {instance_url}/services/data/vXX.X/query?q=SELECT+Id,Name+FROM+Account
Authorization: Bearer ACCESS_TOKEN

SOQL query behavior is documented in Salesforce's REST API Query resource reference.

To inspect object metadata:

GET {instance_url}/services/data/vXX.X/sobjects/Account/describe
Authorization: Bearer ACCESS_TOKEN

The Describe resource allows you to retrieve fields, relationships, and required field information for an object.

Step 4: Monitor API Usage

Salesforce enforces per-org API limits. Production integrations should actively monitor usage.

You can retrieve current allocations and remaining capacity using the REST Limits resource:

GET {instance_url}/services/data/vXX.X/limits
Authorization: Bearer ACCESS_TOKEN

Salesforce documents the Limits resource and overall API allocation model in their API Limits reference.

Monitoring limits is essential when running batch imports, background sync jobs, or large SOQL queries.

Real-Time Change Signals in Salesforce

Salesforce does not use traditional webhook endpoints by default. Instead, it provides event-driven change signals through its event bus.

Change Data Capture (CDC)

Change Data Capture publishes events when supported records are created, updated, deleted, or undeleted.

CDC subscription is supported through the Pub/Sub API. Salesforce documents CDC behavior in their Change Data Capture guide.

Platform Events

Platform Events allow you to define custom event schemas and publish business events from Salesforce or external systems.

Salesforce documents Platform Events in their official Platform Events overview.

Pub/Sub API

Salesforce recommends the Pub/Sub API for subscribing to CDC and Platform Events.

The Pub/Sub API uses gRPC over HTTP/2 and Apache Avro for event payload encoding. Salesforce provides an overview of Pub/Sub and a comparison with the legacy Streaming API in their developer documentation.

Implementing event-driven integration in Salesforce requires additional setup compared to simple REST-based polling.

Where Salesforce Integrations Become Operationally Complex

A direct Salesforce integration requires you to manage:

  • OAuth lifecycle and refresh logic
  • Per-tenant token storage
  • API limit monitoring and alerting
  • SOQL pagination and query locator handling
  • Object-level required fields that vary across customer orgs
  • CDC or Platform Events infrastructure
  • Regional login endpoints and sandbox vs production environments

For a single internal integration, this may be manageable.

For a multi-tenant SaaS product supporting many Salesforce customers, this becomes long-term infrastructure work.

Integrating Salesforce via Unified's CRM API

If your roadmap includes multiple CRM platforms, maintaining separate OAuth, rate-limit handling, and event infrastructure for each provider increases complexity quickly.

Unified provides a CRM-focused integration layer that abstracts:

  • OAuth exchange
  • Token refresh
  • Scope mapping
  • Multi-tenant connection isolation
  • Standardized CRM object models
  • Webhook-style event delivery

When integrating Salesforce through Unified, your Salesforce OAuth client's callback URL is set to:

https://api.unified.to/oauth/code

After activating Salesforce in your Unified workspace and entering your client credentials, you authorize a customer account and receive a connection_id.

Example Unified CRM request:

GET https://api.unified.to/crm/{connection_id}/company?limit=100
Authorization: Bearer YOUR_UNIFIED_API_KEY

Unified routes requests directly to Salesforce in real time and does not cache customer records.

If you want to understand how this unified CRM approach works across multiple providers, see our Unified APIs overview for SaaS integrations and AI copilots.

Direct vs Unified — When to Choose Each

Build directly with Salesforce if:

  • Salesforce is your only CRM target
  • You need deep Salesforce-specific platform capabilities
  • You want full control over OAuth and event infrastructure

Use Unified if:

  • You plan to support multiple CRM platforms
  • You want a single CRM integration surface
  • You prefer not to build and maintain OAuth infrastructure
  • You want consistent CRUD patterns across providers
  • You want usage-based pricing instead of per-connection billing

Final Thoughts

Integrating with the Salesforce API is straightforward at the endpoint level.

Operating a production-grade Salesforce integration across many customer orgs is where complexity appears: authentication, limits, schema variability, and event-driven synchronization.

Choosing the right integration architecture early determines how quickly you can ship, how safely you can scale, and how much infrastructure you'll maintain over time.

→ Start your 30-day free trial

→ Book a demo

All articles