This guide walks a Salesforce administrator through creating an External Client App in Salesforce so that EdgeTier can access Salesforce objects via the API. External Client Apps are Salesforce's replacement for Connected Apps and offer an improved security model with a closed security posture by default.

Prerequisites

• Salesforce System Administrator access
• A dedicated integration user account in Salesforce (recommended) that EdgeTier will use to make API calls
• Your Salesforce organisation's My Domain URL (e.g. https://mycompany.my.salesforce.com)

Step 1 – Enable OAuth Globally (if not already enabled)

Before creating an External Client App, confirm that OAuth is enabled at the org level.

1. In Salesforce Setup, enter OAuth in the Quick Find box and select OAuth and OpenID Connect Settings.
2. Click Save if you made any changes.

Step 2 – Create a New External Client App

1. In Salesforce Setup, enter External Client App in the Quick Find box and select External Client App Manager.

2. Click New External Client App in the top-right corner.

3. Fill in the required details on the Settings tab:

   Field	Value
   External Client App Name	EdgeTier Integration
   API Name	EdgeTier_Integration (auto-populated)
   Contact Email	Your Salesforce admin email address
   Distribution State	Local
   Description	Allows EdgeTier to access Salesforce objects via the REST API

4. Do not change the Distribution State from Local — this app is for use within your org only.

Step 3 – Configure OAuth Settings

1. On the same page, scroll down to the OAuth Settings section and click Enable OAuth to expand it.

2. Tick the Enable OAuth checkbox.

3. In the Callback URL field, you can leave the default.

4. Under OAuth Scopes, add the following scopes by selecting them from the Available Scopes list and moving them to Selected Scopes:

   Scope Label	API Name	Purpose
   Manage user data via APIs	api	Allows access to Salesforce REST API and Bulk API
   Perform requests at any time	refresh_token, offline_access	Allows EdgeTier to maintain access without re-authentication
   Access unique user identifiers (OpenID)	openid	Allows the app to receive a signed ID token

5. Under Flow Enablement, tick Enable Client Credentials Flow (recommended for server-to-server integrations). See Step 4 for completing the Client Credentials configuration.