Loading
Salesforce now sends email only from verified domains. Read More
Agentforce Contact Center
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up and Configure Your Own OAuth App for Bring Your Own Channel

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce Contact Center

            Set Up and Configure Your Own OAuth App for Bring Your Own Channel

            Certain Messaging partners and CCaaS providers require you to set up and manage your own external client app (ECA) or connected app to provide authentication for the integration between their platform and the Salesforce Interaction Service API. Check with your provider whether setting up your own app is a required setup step for their Bring Your Own Channel for Messaging or Bring Your Own Channel for CCaaS integration. First create the ECA or connected app and edit policies for it, and then update the Conversation Channel Definition (CCD).

            Required Editions

            View supported editions.
            Checkmark This article applies to: Bring Your Own Channel for Messaging and Bring Your Own Channel for CCaaS
            X icon This article doesn’t apply to: Enhanced In-App Chat, Enhanced Web Chat v1, Enhanced Web Chat v2, Enhanced WhatsApp, Standard and Enhanced Facebook Messenger, Standard and Enhanced SMS, Enhanced Apple Messages for Business, and Enhanced LINE channels
            User Permissions Needed
            To create local external client apps: Create, edit, and delete External Client Apps
            To read, create, update, or delete connected apps:

            Customize Application AND either Modify All Data OR Manage Connected Apps
            To update all fields except Profiles, Permission Sets, and Service Provider SAML Attributes:

            Customize Application AND either Modify All Data OR Manage Connected Apps
            To update Profiles, Permission Sets, and Service Provider SAML Attributes: Customize Application AND Modify All Data AND Manage Profiles and Permission Sets
            Tip
            Tip
            • To check whether your Messaging or CCaaS provider requires you to set up your own external client app or connected app, from Setup, go to Messaging Settings and select the Bring Your Own Channel Messaging channel you created. In the Conversation Channel Definition section, if you see Modify Conversation Channel Definition, you must create your own ECA or connected app. Otherwise, the partner provider manages the app for you.
            • We recommend using an external client app for Interaction Service authentication instead of a connected app. Starting in Spring ’26, customers can’t create a connected app unless they request the ability to create connected apps from Salesforce Support. To migrate a preexisting connected app, see Create an External Client App from a Connected App.

            Create an External Client App for OAuth

            In Salesforce, set up an external client app (ECA) to provide authentication for the integration between your Messaging or CCaaS provider’s platform and the Salesforce Interaction Service API.

            1. If you don’t have a self-signed certificate, follow the steps to Create a Private Key and Self-Signed Digital Certificate. Make sure you have the certificate saved in your system. You upload the file when you create the ECA.
            2. Create an external client app and set Distribution State set to Local.
            3. In the OAuth Settings area of the page, select Enable OAuth.
              The OAuth Settings area expands and the OAuth settings fields are visible.
            4. Add a callback URL (endpoint), which is the same as the OAuth redirect URI. We recommend you use https://login.salesforce.com to start with.
            5. Add the OAuth scopes Access Interaction API resources (interaction_api) and Perform Requests at any time (refresh_token, offline_access).
            6. In the Flow Enablement section, select Enable JWT Bearer Flow.
            7. Upload your self-signed certificate.
            8. To create the ECA, click Create.
            9. In your external client app’s Policies tab, click Edit.
            10. Under OAuth policies, from the Permitted Users dropdown, select Admin approved users are pre-authorized. If you see a warning message, click OK.
            11. Under App Policies, add the System Administrator profile.
            12. Save your changes.

            Create a Connected App for OAuth

            Starting in Spring ’26, we recommend creating an external client app to provide authentication for the integration between your partner provider’s platform and Salesforce instead of creating a connected app.

            If you choose to create a connected app, before you begin, contact Salesforce Support to request the ability to create connected apps.

            1. If you don’t have a self-signed certificate, follow the steps to Create a Private Key and Self-Signed Digital Certificate. Make sure you have the certificate saved in your system. You upload the file when you create the connected app.
            2. From Setup, in the Quick Find box, enter External Client Apps, and then select Settings.
            3. Under Connected Apps, click New Connected App.
            4. In the Connected App Name field, enter a unique name for the connected app. The name you enter automatically appears in the API Name field. Don’t change the API Name.
            5. In the Contact Email field, enter the email address of the person for Salesforce to contact if needed.
            6. Select the Enable OAuth Settings checkbox, and configure these settings:
              1. Add a callback URL (endpoint), which is the same as the OAuth redirect URI. We recommend you use https://login.salesforce.com to start with.
              2. Select Use digital signatures, then click Choose File and select the public key file in your system to upload it.
              3. Add the OAuth scopes: Access Interaction API resources (interaction_api) and Perform Requests at any time (refresh_token, offline_access)
            7. Save your changes, then click Continue.

            Manage Access to Your Connected App for OAuth

            If you created a connected app, configure access to it.

            1. From Setup, in the Quick Find box, enter Manage Connected Apps, and then select Manage Connected Apps.
            2. Click the name of the connected app you created.
            3. To open the Connected App Edit page, click Edit Policies.
            4. In the OAuth Policies section, set Permitted Users to Admin approved users are pre-authorized. If you see a warning message, click OK.
            5. Save your changes.
            6. To open the Application Profile Assignment page, click Manage Profiles.
            7. Select System Administrator.
            8. Save your changes.

            Update the Conversation Channel Definition with Your External Client App or Connected App

            After setting up your ECA or connected app, update the Conversation Channel Definition for your Messaging channel to reference the app you created.

            1. From Setup, in the Quick Find box, enter Messaging Settings, and then select Messaging Settings.
            2. Select the Messaging channel you created.
            3. In the Conversation Channel Definition section, click Manage Conversation Channel Definition. If this button isn’t available, your CCaaS provider manages the connected app, and you don’t need to create one and associate it with the Conversation Channel Definition.
            4. Select the external client app or connected app you created.
            5. Save your changes.

            See Also

             
            Loading
            Salesforce Help | Article