OAuth 2.0

Setup
Reference

What You'll Need

Credential	What it is
Client ID	Consumer Key from Connected App
Client Secret	Consumer Secret from Connected App
My Domain	Your Salesforce My Domain subdomain (e.g., `acme` — the `acme` part of `acme.my.salesforce.com`)

Overview

Connect Parable to Salesforce using a Connected App with the OAuth 2.0 Client Credentials flow. This server-to-server flow lets Parable authenticate directly without interactive user login.

CRM Data

Users, accounts, contacts, opportunities

Metadata & Reports

Object schemas, reports, dashboards

Prerequisites

Setup access in . These steps require , or a colleague with equivalent permissions who can create credentials for you.If that is not you, ask your administrator.

System Administrator profile or equivalent permissions
Permission to create Connected Apps
API access enabled for your organization
My Domain enabled (required for client credentials flow)

Setup Guide

Navigate to App Manager

Log in to Salesforce
Click the gear icon → Setup
Search for “App Manager” in Quick Find
Click App Manager

Create Connected App

Click New Connected App
Fill in basic information:

Field	Value
Connected App Name	`Parable Integration`
API Name	`Parable_Integration`
Contact Email	Your admin email

Enable OAuth Settings

Check Enable OAuth Settings
Set Callback URL: https://login.salesforce.com/services/oauth2/callback (placeholder — not used by client credentials flow)
Under Selected OAuth Scopes, add only:
- Manage user data via APIs (api)

Only the api scope is required and sufficient. Do not add Full access (full) or Perform requests at any time (refresh_token, offline_access) — the client credentials flow never issues a refresh token, and as of Salesforce Winter ‘26 (Sept 2025), a missing or invalid-only scope set returns invalid_grant: no valid scopes defined.

Enable Client Credentials Flow

After saving, go back to your Connected App
Click Manage → Edit Policies
Under Client Credentials Flow, check Enable Client Credentials Flow
Set the Run As user to a dedicated Integration User (not a personal admin) — see required permissions below
Click Save

The “Run As” user determines the permissions for all API calls. Use a dedicated integration user, not a personal admin account.

Run-As User — required object permissions (Read on each):

Object	Purpose
User	User directory
LoginHistory	Login audit
Event	Calendar / activity events
Account, Contact, Opportunity, OpportunityLineItem, OpportunityFieldHistory	CRM core
Task	Activities
Product2	Product catalog
Contract, ContractHistory	Contract lifecycle

The user profile / permission set must also have API Enabled and View Setup and Configuration system permissions.

Save and Wait

Click Save
Wait 2-10 minutes for the app to activate

Salesforce may take several minutes to propagate the new Connected App.

Get Consumer Credentials

Return to App Manager
Find your app → Click the dropdown → View
Click Manage Consumer Details (may require re-authentication)
Copy:
- Consumer Key (Client ID)
- Consumer Secret (Client Secret)
Find your My Domain subdomain: go to Setup → My Domain. Under My Domain Details, note the value before .my.salesforce.com (e.g., acme from acme.my.salesforce.com).

Enter values in the form

Client ID, Client Secret, and My Domain: Paste the Consumer Key, Consumer Secret, and My Domain subdomain from Salesforce.
Click Save & test connection.

Verify Your Setup

curl -X POST https://YOUR-DOMAIN.my.salesforce.com/services/oauth2/token \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"

Parable’s connector posts to your My Domain URL (https://your-org.my.salesforce.com/services/oauth2/token). Make sure My Domain is enabled and that you have provided the correct subdomain to Parable. (Salesforce also supports login.salesforce.com for this flow, but Parable does not use it.)

Success! If you received a 200 OK response with valid data, your credentials are configured correctly. You can now proceed to configure this connector in Parable.

Paste Consumer Key and Consumer Secret into the Parable connector form, complete OAuth if prompted, then click Save & test connection.

Rate Limits: enforces rate limits of .Parable handles rate limiting automatically with exponential backoff, but initial syncs of large datasets may take longer due to these limits.

Troubleshooting

Error	Meaning	Solution
`INVALID_CLIENT_ID`	Wrong Consumer Key	Verify Client ID from Connected App
`INVALID_CLIENT`	Client credentials flow not enabled	Enable “Client Credentials Flow” in app policies
`INACTIVE_USER`	Run As user deactivated	Ensure the Run As integration user is active
`API_CURRENTLY_DISABLED`	API not enabled	Contact Salesforce admin to enable API

Common Issues

”Connected App not yet available”

Newly created Connected Apps can take up to 10 minutes to become active. Wait and retry.

”unsupported_grant_type”

Parable posts to your My Domain URL (https://your-org.my.salesforce.com/services/oauth2/token). Verify My Domain is enabled on your org and that you provided the correct subdomain to Parable. (Salesforce also supports login.salesforce.com for this flow, but Parable does not use it.)

IP restrictions blocking access

Either add your server’s IP to the trusted ranges or set IP Relaxation appropriately.

What You'll Need

Overview

CRM Data

Metadata & Reports

Prerequisites

Setup Guide

Verify Your Setup

Troubleshooting

”Connected App not yet available”

”unsupported_grant_type”

IP restrictions blocking access

Additional Resources

Salesforce REST API

Client Credentials Flow

What You'll Need

​Overview

CRM Data

Metadata & Reports

​Prerequisites

​Setup Guide

​Verify Your Setup

​Troubleshooting

​”Connected App not yet available”

​”unsupported_grant_type”

​IP restrictions blocking access

​Additional Resources

Salesforce REST API

Client Credentials Flow

Overview

Prerequisites

Setup Guide

Verify Your Setup

Troubleshooting

”Connected App not yet available”

”unsupported_grant_type”

IP restrictions blocking access

Additional Resources