Configure the Salesforce Synapse Using OAuth 2.0 Authentication

This guide provides step-by-step instructions for connecting your Salesforce account to Syncari using OAuth 2.0 authentication.

The Salesforce Synapse uses the Salesforce API to synchronize data between Salesforce objects (including custom objects) and Syncari entities. After completing this setup, Syncari will replicate your Salesforce schema to the Unified Data Model, allowing you to map Salesforce objects and fields to Syncari entities.

Why OAuth 2.0? OAuth provides secure, token-based authentication without requiring password storage, and offers permission control.

If you want to authenticate using user credentials, see Configure the Salesforce Synapse Using User Credentials.

Prerequisites

• Prior to configuring Syncari with production data, we recommend that you first connect a sandbox or test environment.
• If your Salesforce security requires you to allowlist an IP address, see Allowlist an IP Address.
• Your Salesforce edition must have API Access so that Syncari can communicate with it. Salesforce Enterprise and Unlimited include API Access, and you can purchase API access for the Professional edition. Check out this Salesforce help article to be sure you have a supported edition.
• OAuth authentication requires a connected app. To set up a connected app, you must have Administrator privileges. Contact your system administrator if you do not have those privileges.
• Salesforce API documentation
• Salesforce Help: Authorization Through Connected Apps and OAuth 2.0
• Salesforce Help: Connected Apps

Supported Synapse Capabilities

• Schema discovery of standard objects
• Schema discovery of custom objects
• Bidirectional sync of standard objects
• Bidirectional sync of custom objects
• Schema Sync
• If you audit attributes in Salesforce updates made Syncari are logged to the user who created the connected app.

Steps for Setup

Salesforce Setup for OAuth 2.0 Authentication

To configure the Salesforce synapse using OAuth 2.0 authentication, you’ll need the following information about your Salesforce instance and the OAuth-configured connected app:

• Salesforce Endpoint URL
• Client ID
• Client Secret

Keep this information handy. You'll need it to Configure the Salesforce Synapse in Syncari.

Locate the Salesforce Endpoint URL

You'll need your Salesforce instance URL to complete the Syncari configuration. In order to get the URL:

1. Login to your Salesforce account.

2. Click the profile icon in the top-right corner.

3. Copy the URL under your name. When you enter this in Syncari later, you’ll need to prepend https://  

Create a Connected App in Salesforce

To create a connected app in Salesforce:

1. Log in to your Salesforce account,  and based on your Salesforce experience, navigate to the Setup page.
If you are in Lightning experience click ⚙️ symbol in the top-right corner and then click Open Advanced Setup button.

2. In the menu on the left side in the search box type “Apps”, in the search results locate and click on Apps  and then click on Apps Manager.

3. Click New External Client App button.

4. In the External Client App Manager Page Complete the Basic Information section, fill in all the Required Information *.

5. Scroll down to API (Enable OAuth Settings) section and select Enable OAuth.

6. After enabling OAuth, you'll configure three sections: App Settings, Flow Enablement, and Security.

App Settings Section

• Callback URL: Enter a placeholder callback URL, like “https://temp.com”. 
  Note: Syncari will generate the actual callback URL during authentication in Part 2. You'll return to this field to update it with Syncari's generated URL. The placeholder is required to save the External Client App initially.

• OAuth Scopes: Move the following three scopes from Available OAuth Scopes to Selected OAuth Scopes using the arrow buttons:
  1. Manage user data via APIs (api)
  2. Manage user data via Web browsers (web)
  3. Perform requests at any time (refresh_token, offline_access)

Flow Enablement Section

• Leave all checkboxes Unchecked. 

Security Section

• Uncheck the Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows option.

• Keep these boxes checked:
  1. Require secret for Web Server Flow
  2. Require secret for Refresh Token Flow

7. Now click Create at the bottom of the screen, after which the External Client App management page will open.

8. Click Settings tab.

9. Scroll down to the OAuth Settings Section and Click Consumer Key and Secret.

10. Once you click Consumer Key and Secret, a new page opens displaying your Consumer Details. 
Copy your Consumer Key and Consumer Secret to use when authenticating the Salesforce synapse in Syncari. Store these securely.

11. After copying your credentials, close the Consumer Details popup window and keep the External Client App Settings page open, you’ll return to it later and edit the Callback URL.

Configure the Salesforce Synapse in Syncari

Now you'll connect Syncari to your Salesforce org using the OAuth credentials you created in Part 1.

1. Login to your Syncari account and go to Synapse Studio in the left navigation menu.

2. Locate Salesforce in Synapse Library panel on the right side and, drag it to the canvas.

3. After dragging Salesforce onto the canvas, a configuration window appears. Configure the Synapse by filling in the following details:

• Synapse Name: Enter a descriptive name for the Synapse.
  Note: For the Synapse name use only letters and numbers. The name must begin with a letter. The only special characters we allow are spaces, hyphens (-), and underscores (_).
• Endpoint URL: Enter your Salesforce Endpoint URL with https:// prefix, it was identified in Part 1, Step 1. Example: “https://orgfarm-74730e411c-dev-ed.develop.my.salesforce.com” 
• Authentication Method: Select OAuth from the dropdown.
• Enable Contacts to Multiple Account Merge (Optional): Leave Unchecked (default). Only check this if your Salesforce org uses the "Contacts to Multiple Accounts" feature to associate one contact with multiple account records.
• Schema Refresh: Determines how frequently schema of the entity used as a source, is refreshed during sync. For example, setting this to 5 will refresh the schema after every 5 sync cycles.

Once completed click Autheticate to proceed to authentication.

4. Complete the Authentication setup using the Consumer Details you saved from Salesforce in Part 1:

• Client ID: Paste the Consumer Key for your External Client app.
• Client Secret: Paste the Consumer Secret for your External Client app.
• Generate and register the below OAuth redirect URL: Click Generate to create the Callback URL you need to add to your External Client app in Salesforce.

5. Once the URL is generated, click Copy and then and then navigate to your Manage External Client Apps section in Salesforce.

6. Switch to Salesforce browser tab, Manage External Client Apps section 
If you closed the tab, navigate to: Setup → Apps → External Client Apps → External Client App Manager → Your App.

7. On the app management page, click the Settings tab and then click Edit button at the right corner.

8. Scroll to the OAuth Settings section and replace the Callback URL from https://temp.com to Syncari's generated callback URL. 

9. Return to Syncari authentication window and click Authenticate.

10.  When prompted to give access by Salesforce, click Allow.

11. Once authentication is completed in Syncari, Click Finish. The screen appears with "Synapse Created" confirmation.

Note: If you receive any error messages after authenticating, click Previous and confirm each of the parameters is configured properly. If the error persists, contact one of Syncari’s Onboarding and Support team members.

12. Select Make Synapse Active. 

What the other options do:

Map Entities in Sync Studio: Takes you to Sync Studio to map the entities before activating the Synapse. 

Activate and Create Pipelines: Auto-creates draft pipelines in Syncari unified data model. 
Note: We don't recommend using this option except in specific use cases (e.g., this is your first synapse, and you want your schema to match that of the synapse). Contact one of our Onboarding and Support team members before using this option. 

13. Click Close. Now you can see your active Salesforce Synapse in Synapse Studio.

Error Troubleshooting

If you encounter issues connecting your Salesforce Synapse, use this guide to diagnose and resolve common problems.

1. Synapse shows "Error" status

Solution: 
Check these settings in Salesforce:

• Verify Client ID and Client Secret in Syncari match your Consumer Key and Consumer Secret exactly (check for extra spaces)
• Verify callback URL in Salesforce matches Syncari's generated URL exactly
• Make sure to add https:// in front of your Endpoint URL while adding it in the Syncari synapse configuration
• Verify Salesforce OAuth policies (Setup → External Client Apps → Your app → Settings →  Edit):
  • "Require Proof Key for Code Exchange (PKCE) Extension" for Supported Authorization Flows must be UNCHECKED
  • "Require secret for Web Server Flow" must be CHECKED
  • "Require secret for Refresh Token Flow" must be CHECKED

2. Expired Token Error
If you receive an expired token error, Salesforce may have exceeded the 5-token limit for your External Client App. 

Solution: 
Create a new External Client App in Salesforce with a different name and use the new Consumer Key and Secret in Syncari

3. Data not Syncing after Connection

Solution:
If connection succeeded but data isn't syncing:

• Verify all three OAuth scopes are selected in Salesforce:
• “Manage user data via APIs (api)”
• “Manage user data via Web browsers (web)”
• “Perform requests at any time (refresh_token)”
• Check that your Salesforce user has API access enabled.
• If your org uses IP restrictions, ensure Syncari's IP addresses are allowlisted.

Need help? Contact Syncari Support with error and configuration details.