Search

Connecting to Salesforce in FME

Desiree Marsden
Desiree Marsden
  • Updated

Introduction

To unleash insights from your Salesforce data in FME, you first need to configure your connection.

The FME SalesforceConnector uses the OAuth 2.0 authorization code grant to authenticate with Salesforce. Before connecting, you will need to register a Salesforce External Client App and create a Web Connection in FME. This article walks through those steps for FME Form and FME Flow.

Requirements

  • Salesforce Admin with Permissions to create an External Client App
  • An FME Flow instance configured for HTTPS (required for Flow web connections)

As of Spring 2026, Salesforce is disabling the creation of new Connected Apps, therefore, this article goes over setting up an External Client App for FME: Salesforce Platform: New Connected Apps Can No Longer Be Created in Spring '26

Step-by-Step Instructions

Part 1: Create an App in Salesforce

Your app configuration may vary depending on your organization's needs. This article covers the settings required for FME.

1. Create a New External Client App

In your Salesforce organization, click the gear icon in the upper-right corner, then select Setup.

In the sidebar, navigate to Platform Tools > Apps > External Client Apps, then click New External Client App.

2. Configure the App Settings for OAuth

Enter the required details:

  • External Client App Name (for example: FME_Salesforce_OAuth)
  • API Name
  • Contact email
  • Distribution state


Scroll down, expand API (Enable OAuth Settings), and check Enable OAuth.

Enter the Callback URL:

  • For FME Form 2025.2 and later, use the Proxy Redirect URL: https://fmeauth.safe.com/v1/oauth2
  • For earlier versions of FME Form: https://localhost
  • For FME Flow: https://<your-FME-Flow-URL>/fmeoauth

Salesforce only allows one callback URL per app registration. If you need to support both FME Form and FME Flow, either create a separate External Client App for each, or if you’re using FME 2025.0.2+, consider having FME Flow as a Connection Storage for a shared connection across the FME platform. This article will use the first option.

Select OAuth Scopes:

The default FME Salesforce web service uses full and refresh_token scopes. If your organization requires more restrictive scopes, include at a minimum:

  • Manage user data via APIs (api) - required to read and write Salesforce records
  • Perform requests at any time (refresh_token, offline_access) - required so FME can silently refresh access without prompting you to log in again

Under Flow Enablement, check:

  • Enable Authorization Code and Credentials Flow

Under Security, the following are enabled by default and should be left as-is

Leave all other Security settings at their defaults unless your Salesforce administrator requires otherwise.

Click Create

This will redirect you to the Policies page of your newly created External Client App

3. Obtain your Client ID and Client Secret

From the Policies page, navigate to the Settings tab

Scroll to OAuth Settings, and click Consumer Key and Secret. 

You will be prompted to authenticate before the Consumer Details page loads.

Save the following in a secure location before exiting:

  • Consumer Key (Client ID)
  • Consumer Secret (Client Secret)

 

Part 2: Configure the Web Service and Test the Connection in FME Form

1. Create a Salesforce Web Service

In FME Workbench, go to Utilities (Tools in earlier versions of FME) > FME Options > Web Connections click Manage Services.

Click the + button, select Create From, then select Salesforce. This creates a new web service using the included Salesforce template.

2. Configure the Web Service

A pre-populated form called “Salesforce - Child Web Service (Created From Salesforce)” will appear. Update the following fields:

  • Web Service Name - something identifiable, like Salesforce_FME_OAuth
  • Client Information:
    • Client ID - your Consumer Key from Part 1
    • Client Secret - your Consumer Secret from Part 1
    • Redirect Strategy - select Proxy Redirect
  • Authorization Parameters:
    • Authorization URL (optional) - if your organization uses a custom Salesforce domain, replace the default with: https://<MyDomainName>.my.salesforce.com/services/oauth2/authorize?response_type=code&scope=refresh_token full
  • Enable PKCE (if required) 
    • Set to SHA-256 and ensure Code Verifier Length and State Length are set to non-zero values in the slider
  • Retrieve Token Parameters:
    • Token URL (optional) - if your organization uses a custom Salesforce domain: 
      https://<MyDomainName>.my.salesforce.com/services/oauth2/token

The web service should look something like this:

Scroll down in the web service form and click Test. On FME 2025.2 and later, this opens a login page in your external browser. 


 

On earlier FME versions, an embedded browser window would open within FME for login.

Enter your Salesforce credentials to authenticate. You’ll know the authentication is successful if you’re redirected to FME Form.

If successful, click Apply and Close.

3. Create and Authenticate the Web Connection

In FME Options > Web Connections, click the + icon. Select the web service created above, enter a connection name (for example: Salesforce_User_Connection), and click OK to proceed with authenticating the connection, similar to when you were testing the web service. 

Your Salesforce web connection is now ready to use with the SalesforceConnector.


 

Part 3: Configure the Web Connection for FME Flow (Optional)

1. Ensure the Salesforce App is Configured for the Flow Redirect URI

In your Salesforce External Client App, ensure that your Flow redirect URI is added to the Callback URL field:

https://<your-FME-Flow-URL>/fmeoauth 


The web connection for Form and Flow is different, so verify that you are using the correct redirect URI for each.

2. Upload the Web Service to FME Flow

In FME Workbench, go to Utilities > FME Options > Web Connections. Locate the Salesforce web connection created in Part 2. Right-click on the web connection, then select Upload

Select your FME Flow Connection, or if prompted, enter your FME Flow Connection details (server URL, a connection name, username, and password). Once complete, you will see a confirmation of Upload Successful.

3. Update the Web Service in FME Flow

In your browser, log in to your FME Flow web interface and navigate to Connections & Parameters > Web Connections > Manage Web Services page.

Locate the uploaded Salesforce web service and click it to open its configuration.

Confirm the following fields to match your Flow environment:

  • Client ID - your Consumer Key
  • Client Secret - your Consumer Secret
  • Redirect URI - https://<your-FME-Flow-URL>/fmeoauth

Click Save.

4. Re-Authenticate the Web Connection

In the Flow UI, return to the Web Connections page, select the Salesforce connection, and click Authorize. Your browser will redirect to Salesforce's login page. Log in to complete the OAuth flow. You will see a success banner and a green checkmark to confirm that the connection was authorized successfully.

Your Salesforce web connection is now available for use across FME Flow, like Automations, Schedules, and Flow Apps.

Troubleshooting

Error: error=invalid_request&error_description=missing%20required%20code%20challenge

Salesforce is enforcing PKCE for this app. Return to your web service definition in FME (Part 2, Step 2), enable PKCE, set the method to SHA-256, and ensure the Code Verifier Length and State Length sliders are set to non-zero values (43 and 16 are recommended).

Error: Unable to retrieve access token / invalid code verifier

PKCE is enabled in FME, but the Code Verifier Length or State Length is set to zero. Open the web service definition and set both sliders to non-zero values.

Error: redirect_uri_mismatch

The callback URL in your Salesforce app does not match the redirect URI configured in FME. Confirm the callback URL in Salesforce matches exactly what is set in the FME web service (including trailing slashes).

Loopback and HTTP redirect URIs do not work with Salesforce/FME

This should look like the redirect page failing to open. Use the Proxy Redirect URL (https://fmeauth.safe.com/v1/oauth2) for FME Form 2025.2+ rather than the redirect loopback address.

Additional Resources

Was this article helpful?

We're sorry to hear that.

Please tell us why.

As of January 14th, 2026, comments on knowledge base articles have been closed. To make sure questions don’t get missed and to enable more community support, we’ve moved discussions to the FME Community. If you have a question or a comment about this article, please create a new post or create a support ticket.