How to Connect Salesforce to n8n

Connecting Salesforce to n8n requires three components: a Salesforce Connected App with OAuth credentials, proper callback URL configuration, and credential setup in n8n. This guide covers production-grade setup for both cloud and self-hosted n8n instances.

Before starting, verify you have:

• Salesforce account with System Administrator or equivalent permissions
• Access to Setup menu (gear icon in top right)
• n8n instance URL (cloud: https://app.n8n.io or self-hosted: your domain)
• 15 minutes for initial setup

1. Log into Salesforce and click the gear icon, then Setup
2. In Quick Find box, type "App Manager" and select App Manager
3. Click New Connected App (top right)
4. Fill Basic Information:

   • Connected App Name: n8n Workflow Automation
   • API Name: Auto-fills to n8n_Workflow_Automation
   • Contact Email: Your admin email
5. Check Enable OAuth Settings
6. Enter Callback URL based on your n8n instance:

   • n8n Cloud: https://app.n8n.io/rest/oauth2-credential/callback
   • Self-hosted: https://[YOUR-DOMAIN]/rest/oauth2-credential/callback
7. Add Selected OAuth Scopes (move from Available to Selected):

   • Access and manage your data (api)
   • Perform requests on your behalf at any time (refresh_token, offline_access)
   • Access unique user identifiers (openid)
8. Leave Require Secret for Web Server Flow checked
9. Click Save
10. Click Continue on the warning screen

Salesforce takes 2-10 minutes to activate the Connected App. You'll see "Your connected app has been registered" confirmation.

1. From the Connected App detail page, click Manage Consumer Details
2. Verify your identity (Salesforce sends verification code to your email)
3. Copy and save these values:

   • Consumer Key (looks like: 3MVG9...long string...)
   • Consumer Secret (looks like: A1B2C3...16 characters...)

Store these in a password manager. You cannot retrieve the Consumer Secret again without resetting it.

1. On the Connected App page, click Edit Policies
2. Under OAuth Policies:

   • Permitted Users: Select "Admin approved users are pre-authorized"
   • IP Relaxation: Select "Relax IP restrictions"
   • Refresh Token Policy: Select "Refresh token is valid until revoked"
3. Click Save

This prevents authentication failures when n8n makes requests from different IP addresses.

1. From the Connected App page, click Manage
2. Click Manage Permission Sets (or Manage Profiles for older orgs)
3. Select System Administrator (or create a custom permission set)
4. Click Save

Without this step, users will see "user is not admin approved" errors during OAuth flow.

1. Open n8n and navigate to Credentials (left sidebar)
2. Click Add Credential
3. Search for and select Salesforce OAuth2 API APIApplication Programming Interface. The connection point that lets two pieces of software exchange data. How n8n talks to your CRM.
4. Fill the credential form:

   • Credential Name: Salesforce Production (or your org name)
   • Grant Type: Authorization Code
   • Authorization URL: https://login.salesforce.com/services/oauth2/authorize
   • Access Token URL: https://login.salesforce.com/services/oauth2/token
   • Client ID: Paste Consumer Key from Step 2
   • Client Secret: Paste Consumer Secret from Step 2
   • Scope: api refresh_token
   • Auth URI Query Parameters: Leave empty
   • Authentication: Body

For Salesforce Sandbox environments, replace login.salesforce.com with test.salesforce.com in both URLs.

5. Click Connect my account
6. Salesforce login window opens - enter your credentials
7. Click Allow to grant n8n access
8. Window closes automatically - you'll see "Connection tested successfully"
9. Click Save

1. Create a new workflow in n8n
2. Add a Salesforce node
3. Select your saved credential from the dropdown
4. Configure a simple test:

   • Resource: Contact
   • Operation: Get All
   • Return All: Toggle ON
   • Limit: 5
5. Click Execute Node

You should see 5 contact records returned. If you get an error, see Troubleshooting below.

Query Records with SOQL

For complex queries, use the Execute SOQL Query operation:

1. Resource: Search
2. Operation: Query
3. Query: Enter SOQL directly:

SELECT Id, Name, Email, Phone, Account.Name 
FROM Contact 
WHERE CreatedDate = LAST_N_DAYS:30 
AND Email != null 
ORDER BY CreatedDate DESC 
LIMIT 100

This returns contacts created in the last 30 days with email addresses, including their Account name via relationship query.

Create Records with Field Mapping

1. Resource: Contact (or any object)
2. Operation: Create
3. Fields to Send: Select Define Below
4. Click Add Field for each field:

   • FirstName: {{$json.first_name}}
   • LastName: {{$json.last_name}}
   • Email: {{$json.email}}
   • AccountId: {{$json.account_id}}

Use expressions to map data from previous nodes. Always include required fields (check Salesforce object documentation).

Update Records in Bulk

1. Resource: Contact
2. Operation: Update
3. Contact ID: ={{$json.Id}}
4. Update Fields: Define fields to change
5. Connect to a Loop Over Items node to process multiple records

n8n processes updates one at a time. For true bulk operations (2000+ records), use the Salesforce Bulk API via HTTP Request node.

Upsert with External ID

1. Resource: Lead
2. Operation: Upsert
3. External ID Field Name: Email__c (your custom external ID field)
4. External ID Value: ={{$json.email}}
5. Fields to Send: Define fields

Upsert creates the record if the external ID doesn't exist, updates if it does. External ID fields must be marked as "External ID" in Salesforce field settings.

Error: "invalid_grant: authentication failure"

• Verify Consumer Key and Secret are correct (no extra spaces)
• Check OAuth Policy is set to "Relax IP restrictions"
• Confirm user is assigned to Permission Set
• Try disconnecting and reconnecting the credential

Error: "INVALID_FIELD: No such column 'FieldName'"

• Field name is case-sensitive and must match API name exactly
• Check field API name in Salesforce Setup > Object Manager
• Custom fields end with __c (e.g., Custom_Field__c)

Error: "REQUIRED_FIELD_MISSING"

• Check Salesforce object's required fields in Object Manager
• Add all required fields to your Create/Update operation
• Some fields are required by validation rules, not just field settings

Credential expires after 2 hours

• This is normal for security. n8n automatically refreshes the token
• If refresh fails, check that Refresh Token Policy is set to "valid until revoked"
• Reconnect the credential if refresh continues to fail

Rate limit errors (REQUEST_LIMIT_EXCEEDED)

• Salesforce limits API calls per 24 hours based on license type
• Check usage: Setup > System Overview > API Usage
• Implement Wait nodes between operations (1-2 seconds)
• Use bulk operations for large datasets

Create a dedicated Salesforce integration user instead of using your personal account:

1. Setup > Users > New User
2. Assign a Salesforce Integration license (if available) or minimum required license
3. Create a custom Permission Set with only required object and field access
4. Use this user's credentials for the OAuth flow
5. Set Password Never Expires in user settings

This isolates integration activity in audit logs and prevents workflow breaks when personal accounts change.

For self-hosted n8n, store the Consumer Secret in environment variables instead of the n8n database:

export SALESFORCE_CLIENT_SECRET="your_secret_here"

Reference it in credentials as ={{$env.SALESFORCE_CLIENT_SECRET}}.

With Salesforce connected, build workflows that:

• Sync new leads from web forms directly to Salesforce
• Update opportunity stages based on external system events
• Export reports to Google Sheets on a schedule
• Send Slack notifications when high-value deals close
• Enrich contact records with data from Clearbit or similar services

The Salesforce node supports all standard and custom objects. Check the n8n node documentation for the complete list of operations and parameters.