Salesforce Salesforce APIs and Integration Basics

No business runs on a single software system. A company might use Salesforce for CRM, SAP for finance, Workday for HR, and a custom app for inventory. Connecting these systems so they share data automatically is called integration. Salesforce provides a rich set of APIs — Application Programming Interfaces — that make this possible. Understanding Salesforce APIs is essential for developers and architects working on enterprise implementations.

What Is an API?

An API is a defined way for one software system to talk to another. Think of it like a restaurant menu: the menu (API) tells you exactly what you can order (which operations you can perform), and the kitchen (the system) prepares and delivers it. You do not need to know how the kitchen works — you just follow the menu.

The Power Grid Analogy

  POWER GRID:
  Power plants (Salesforce) generate electricity.
  Standardized sockets (API) let any appliance connect.
  Appliances (external systems) plug in and use power.

  SALESFORCE API:
  Salesforce stores data.
  API provides a standard connection point.
  External apps (SAP, websites, mobile apps) plug in and exchange data.

The Main Salesforce APIs

REST API

The REST API is the most widely used Salesforce API. It uses standard HTTP methods — GET, POST, PATCH, DELETE — to perform CRUD operations on Salesforce records. Data is exchanged in JSON or XML format. REST API is ideal for mobile apps, websites, and lightweight integrations that need to read or update individual records.

  READ an Account:
  GET /services/data/v59.0/sobjects/Account/001Hs00000XaBC1

  CREATE a new Lead:
  POST /services/data/v59.0/sobjects/Lead
  Body: {"FirstName":"Arjun","LastName":"Rao","Company":"TechCo","Email":"arjun@techco.in"}

  UPDATE an Opportunity:
  PATCH /services/data/v59.0/sobjects/Opportunity/006Hs00000YbDE2
  Body: {"StageName":"Closed Won","CloseDate":"2025-06-30"}

  DELETE a record:
  DELETE /services/data/v59.0/sobjects/Contact/003Hs00000ZcEF3

SOAP API

The SOAP API uses XML messages and follows a strict contract-based communication standard. It is older than REST and more verbose, but it is highly reliable and still used in enterprise environments — particularly when integrating with systems like SAP or legacy banking platforms that already speak SOAP. SOAP is better suited for complex transactions that require guaranteed delivery and detailed error handling.

Bulk API

The Bulk API is designed for processing large volumes of data — thousands or millions of records — asynchronously. Instead of processing records one at a time (like REST API), Bulk API sends them in batches and processes them in the background. The Data Loader application uses the Bulk API under the hood. Use it when you need to insert, update, upsert, or delete more than a few thousand records at a time.

Streaming API

The Streaming API delivers real-time notifications when Salesforce data changes. Instead of your external system repeatedly asking "has anything changed?" (polling), Salesforce pushes the notification to the subscriber the moment the change happens.

  • PushTopic Streaming — monitors SOQL query results and pushes notifications when matching records change
  • Platform Events — a publish-subscribe messaging system for custom events; highly scalable and the modern standard for event-driven integration
  • Change Data Capture (CDC) — streams every field-level change to Salesforce records in real time; useful for keeping external databases in sync

Metadata API

The Metadata API works with configuration and code — not data. You use it to deploy custom objects, fields, page layouts, Apex classes, and Flows from one org to another. The Salesforce CLI and developer tools like VS Code use the Metadata API extensively for deployments.

Tooling API

The Tooling API provides access to Salesforce development components — Apex classes, triggers, debug logs, and test results. Developer tools and IDEs use the Tooling API to compile and deploy code, run tests, and retrieve diagnostic information.

Authentication: Connected Apps and OAuth

Before an external system can call Salesforce APIs, it must prove its identity. Salesforce uses OAuth 2.0 — an industry-standard authentication protocol — for this purpose.

The process involves a Connected App: a configuration in Salesforce Setup that defines the external application and what it is allowed to do. The external app uses the Connected App's credentials to obtain an Access Token — a temporary key that authorizes API calls.

  EXTERNAL SYSTEM              SALESFORCE
  ─────────────────────────────────────────
  Step 1: "I am the Inventory App.
           Here are my credentials."  →  Connected App validates
  Step 2:                            ←   "Here is your Access Token."
  Step 3: GET /Account/001...        →   Salesforce returns Account data
          Authorization: Bearer [token]

Common OAuth Flows

  • Username-Password Flow — sends credentials directly; simple but less secure. Use only for server-to-server integrations in controlled environments.
  • Web Server Flow — the most secure flow; user is redirected to Salesforce login, grants permission, and receives a token. Used for apps where a human logs in.
  • JWT Bearer Flow — server-to-server integration without a user. Uses a digital certificate instead of a password. Ideal for scheduled automated integrations.

Integration Patterns

PatternDescriptionExample
Request-ReplySalesforce calls external system and waits for responseLook up shipping status from courier API when Case is opened
Fire-and-ForgetSalesforce sends data and does not wait for replySend Closed Won data to ERP system to trigger invoice
Batch Data SyncPeriodic bulk transfer of records between systemsNightly sync of new Leads from marketing database to Salesforce
Event-DrivenSystems react to events published by Salesforce in real timeInventory system updates stock when Order is created in Salesforce

Calling External APIs from Salesforce (Callouts)

Salesforce can also call external APIs from Apex code using HTTP Callouts. The external endpoint must be registered in Setup under Remote Site Settings before Salesforce allows the connection. In Apex, you use the HttpRequest and HttpResponse classes:

HttpRequest req = new HttpRequest();
req.setEndpoint('https://api.weatherservice.com/v1/current?city=Mumbai');
req.setMethod('GET');
req.setHeader('Authorization', 'Bearer myApiKey123');

Http http = new Http();
HttpResponse res = http.send(req);

System.debug('Response: ' + res.getBody());

Key Points

  • Salesforce provides REST, SOAP, Bulk, Streaming, Metadata, and Tooling APIs — each suited to a specific integration need.
  • REST API is the most common choice for modern integrations — lightweight, JSON-based, and widely supported.
  • Bulk API handles large data volumes asynchronously — it powers tools like Data Loader.
  • Platform Events and Change Data Capture enable real-time, event-driven integrations.
  • All API access requires authentication via OAuth 2.0 using a Connected App configured in Salesforce Setup.
Previous lessons
Back to courses
Next lessons

Leave a Comment

Your email address will not be published. Required fields are marked *