Skip to main content

Connect to Salesforce

You can connect to Salesforce using Retool's built-in Salesforce integration and make it available as a resource. Once complete, you can write queries to interact with the Salesforce API.


All users for Retool organizations on Free or Team plans have global Edit permissions and can add, edit, and remove resources. If your organization manages user permissions for resources, you must be a member of a group with Edit all permissions.

Salesforce uses OAuth authentication. If you self-host Retool, you must create an OAuth 2.0 client application that Retool uses to perform authentication. Refer to the Salesforce documentation to learn how to create a client application and obtain the required credentials.

If Salesforce is behind a firewall, you must also allow access from Retool's IP addresses. Add these IP addresses to your firewall's allowlist before you create the resource.

1. Create a new resource

Retool can connect to almost any API or database and has built-in integrations for popular data sources. Sign in to your Retool organization and create a new Salesforce resource.

2. Configure the resource

Provide the necessary details to configure the resource so Retool can connect to Salesforce.


These settings configure the name and location of the resource within Retool.


The name to use for the resource (e.g., Salesforce).


A brief description of the resource (e.g., Customer data).


These settings configure how Retool authenticates with Salesforce.

API version

Select the API version. Retool defaults to using Salesforce API version 42.0.

Connect to a sandbox organization

Use this setting only if you want to connect to a developer sandbox organization in Salesforce.

Share credentials between users

For resources using the OAuth 2.0 authentication scheme, Retool provides the option to share credentials between users or to require each user to authenticate using their own credentials. The Salesforce resource defaults to sharing credentials between users. If you want each app user to log in with their own account, uncheck Share credentials between users.

To learn more about how OAuth 2.0 credentials work in Retool, refer to our API Authentication docs.

Custom connected apps


On self-hosted Retool deployments, Salesforce resources require Retool to be a connected app. On Retool Cloud, select Use custom connected app to use a connected app.

  1. Create a connected app in Salesforce.
  2. After you select Enable OAuth Settings, enter the OAuth callback URL from Retool's resource settings.
  3. In Selected OAuth Scopes, enter the following scopes:
  • Full access (full)
  • Manage user data via APIs (api)
  • Perform requests at any time (refresh_token, offline_access)

These scopes refer to permissions given by the user running the connected app.

  1. Save the app to create the Consumer Key and Secret. Add these to the Salesforce consumer key and Salesforce consumer secret in Retool.
  2. Enter your Salesforce URL in the Salesforce instance URL field in Retool. This URL must end in, so if your URL ends in, you must update it to use

Customize Salesforce OAuth URLs

Enable this setting to customize the OAuth endpoints used for your OAuth authorization requests. When enabled, you can configure the Salesforce authorization url and Salesforce access token url.

3. Connect with OAuth

After you've finished setting up your Salesforce app and resource, click the Connect with OAuth → button on the resource settings page to authenticate.

4. Save the resource

Click Create resource to complete the setup. You can then click either Create an app to immediately start building a Retool app or Back to resources to return to the list of resources.

Wrap up

Your Salesforce resource is now ready to use. You write queries to make API requests by specifying the request method and endpoint, additional parameters to include, and the request body. See the guide to querying Salesforce for more detail on queries and troubleshooting.