Get Authentication Token
Generate an OAuth 2.0 access token for API authentication.
Note: Auth token is valid for 24 hours.
Request Body
Content type: application/x-www-form-urlencoded
Required5 fields
grant_typestringenumLiteral "password" text
client_idstringDifferent for each sandbox/org (provided by SE)
client_secretstringDifferent for each sandbox/org (provided by SE)
usernamestringDifferent for each sandbox/org
passwordstringPassword + Security Token (provided by secure email). Security Token is not always required depending on the org configuration
Enums (1)
grant_type
password
Responses
200
Successful authentication. Returns an OAuth 2.0 access token valid for 24 hours.
Successful authentication. Returns an OAuth 2.0 access token valid for 24 hours.
Common3 fields
access_tokenstringOAuth 2.0 access token (valid for 24 hours)
instance_urlstringtoken_typestringWhen Provided3 fields
idstringissued_atstringsignaturestringExample response
access_token: 00Dxx0000000000!AQ0AQMxKzI5ODU3NzQ3NDI5OjE3MTAwMDAwMDAwMDA6cjo6OkFRRUFJUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ instance_url: https://merchante-solutions.my.salesforce.com id: https://login.salesforce.com/id/00Dxx0000000000/005xx0000000000 token_type: Bearer issued_at: "1710000000000" signature: 0Cmx9lKp3hA9FJCz8V2TZxF6q8Y5bH3xZ1pN4mK7sR9dQ6wE2tL8jF3vN5cX0aB1
400
Bad request
Bad request
Common2 fields
errorstringerror_descriptionstringExample response
{}
Important Notes
- Auth token is valid for 24 hours
- Password field should contain: password + security token (concatenated)
- Security token may not be required depending on org configuration
- Use the returned
access_tokenfor subsequent API calls
Code samples
Copy-paste ready code in your preferred language.
API call
Copy/paste friendly
curl -X POST "https://test.salesforce.com/services/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=password" \
--data-urlencode "client_id=YOUR_CLIENT_ID" \
--data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
--data-urlencode "username=partnerportalapi@merchante.com.cert" \
--data-urlencode "password=YOUR_PASSWORD_AND_SECURITY_TOKEN"Tip: After getting a successful response, copy the
access_token value and use it as a Bearer token in the Authorization header for all subsequent API calls.