Learn What’s New with Integration for Winter ’24

Learning Objectives

After completing this unit, you’ll be able to:

Edit POST, PUT, PATCH, and DELETE in HTTP Callout.
Simplify authentication and storage with named credentials.
Enable JSON Web Token (JWT)-based access tokens.

Important!

In order to maintain your certification, you must complete all five units of this module.

Salesforce Certification

If you hold a Salesforce Architect certification, keep in mind that you need to complete this unit and the other 4 units in this module by the due date to maintain your certification. Another important part of maintaining your certification is ensuring your Trailhead and Webassessor accounts are linked.

Interested in learning more about getting certified? Check out all the Salesforce Architect certifications.

Edit POST, PUT, PATCH, and DELETE in HTTP Callout

Use declarative tools to edit the parameters, sample request, and sample response body for HTTP Callout methods POST, PUT, PATCH, and DELETE. Previously, you could only edit the GET method, and you manually edited the API specification for the other HTTP methods.

The HTTP Callout configuration uses External Services to make the action reusable and invocable in Flow Builder and across your Salesforce org. Before you configure an integration with HTTP Callout, you set up authentication in Setup > Named Credentials so that the external service can connect to the API.

Where: This change applies to Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions.

How: Create an HTTP Callout in Flow. In External Services, to edit an operation, go to the external service’s Details page, and select Edit HTTP Callout.

Simplify Authentication and Storage with Named Credentials

Configure external credentials for server-to-server integration using OAuth 2.0 client credentials or JWT authentication protocols. Assign the new Manage Named Credentials permission so that users can modify named credentials and external credentials. Control how guest users can make callouts with named credentials. Give users the ability to make callouts with named credentials without authenticating.

Authenticate Named Credential Callouts with Client Credentials Flow

You can now configure named credentials to use OAuth 2.0 client credentials flow for server-to-server integration. If you want to directly share information between two applications and eliminate the need for explicit user interaction, use the OAuth 2.0 client credentials flow. In this flow, the client app exchanges its client credentials defined in a client secret or JWT assertion.

Use JWT Authentication Protocol with Named Credentials

Configure external credentials to use JWT authentication protocol for server-to-server integration. JWT supports authenticating a wide range of integration use cases and offers lower costs by making fewer trips across the network. You can choose from RS256 and RS512 JWT signing algorithms, define custom claims, and specify an expiration time for the JWT-based access tokens.

Grant Permission to Manage Named Credentials and External Credentials

Assign the new Manage Named Credentials administrative permission so that users can create, edit, or delete named credentials and external credentials. Previously, you assigned the Customize Applications permission.

Grant Guest Users Access to Make Callouts Using Named Credentials

You now have better control of how to configure access to guest users who are unauthenticated so that they can make callouts with named credentials. Give guest user profiles access to the principals of the external credentials, and authorize these users to perform authenticated callouts.

Access Public Information with No Authentication Protocol

You can now make callouts to endpoints without any authentication configuration using named credentials. When you create an external credential from the Salesforce UI, select No Authentication as the authentication protocol and access endpoints that require no authentication.

Enable JSON Web Token (JWT)-Based Access Tokens

To improve compatibility with external systems, enable your connected apps to issue JSON Web Token (JWT)-based access tokens instead of opaque tokens. JWT-based access tokens are now supported for access to Salesforce REST APIs. Unlike opaque access tokens, JWT-based access tokens have a format that your apps can understand. With a transparent format, you can parse and validate tokens on your app instead of calling a Salesforce endpoint.

Where: This change applies to Lightning Experience and Salesforce Classic in all editions.

How: If you’re a connected app developer, enable JWT-based access tokens in your connected app OAuth settings. You must then enable this feature in your connected app policies. Both settings are required to opt in. If you installed the connected app as part of a managed package, this feature is available only if the connected app developer enabled it. If so, you must explicitly opt in from your connected app policies to avoid service disruptions.

Compared to opaque tokens, JWT-based access tokens have different functionality and limitations. Make sure you understand these differences before you implement JWT-based access tokens.