Define an External Credential and a Named Credential
First, create an external credential to specify an authentication protocol and permission set or profile to use when authenticating to an external system. Second, in order for External Services to authenticate, create a named credential and specify it as the callout endpoint.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available in: All Editions |
| User Permissions Needed | |
|---|---|
| To view named credentials: | View Setup and Configuration |
| To create, edit, or delete named credentials: | Customize Applications |
Ensure that you have the OpenAPI endpoint information for the service that you’re
registering. You use the endpoint information to set up a named credential. A named credential
is the method External Services uses for authentication. A named credential specifies the URL of
a callout endpoint (the service you want to access) and its authentication parameters. For
example, https://my_endpoint.example.com.
If you use OpenAPI 2.0, your endpoint is relative to the base URL. So if your named credential
URL is https://my_endpoint.example.com and the basePath is
/basepath, they combine as the final endpoint of https://my_endpoint.example.com/basepath.
If you use OpenAPI 3.0, the named credential URL is composed of the spec’s server URL’s root
path. The server’s URL relative path is combined with the named credential’s endpoint. If your
named credential URL is https://my_endpoint.example.com and
the server URL is https://my_endpoint.example.com/relative/path, then the server URL’s relative path
relative/path is combined with the named credentials
endpoint https://my_endpoint.example.com. You can reuse the
same named credentials for external services with the same domain.
External Services supports all named credential authoring schemes. OpenAPI security schemes are ignored.
-
Create and Edit an External Credential.
An external credential represents the details of how Salesforce authenticates to an external system via an authentication protocol. It also links to a user’s permission set. Before creating a named credential, create one or more external credentials for it to link to.
-
Create and Edit a Named Credential.
A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. A named credential can be specified as an endpoint to simplify the setup of authenticated callouts. Named credentials connect to external credentials.
-
Set up a named credential for the BankService examples in this document.
If you’re creating a Named Credential to follow the BankService examples, use "legacy" Named Credentials. For these examples, there's no need to set up an External Credential. When creating the Named Credential, select New Legacy from the dropdown menu next to the New button instead of clicking New. Create the Name and enter the URL. Don't change any of the other default settings. For more information, see Define a Legacy Named Credential.
For additional information and configuration details such as per-user authorization, custom headers, and user External Credentials, see Named Credentials and External Credentials.
