N8N & Salesforce Integration - The Complete Setup Guide

This guide shows you how to integrate n8n with Salesforce using two secure methods :-

1. OAuth 2.0
2. JSON Web Token (JWT)

You’ll create a Connected App in Salesforce, configure credentials in n8n, and run a first workflow to confirm everything works.

• What is n8n?
  • n8n is an automation tool. It lets you connect services, build flows visually, and run them on a schedule or when something happens.
• Why connect n8n with Salesforce?
  • Because you can orchestrate Salesforce with hundreds of other apps, call AI models, build lightweight agents, and automate cross-system tasks without writing heavy glue code. Salesforce Flows are great inside Salesforce; with n8n you step outside the wall and still act on your org. The possibilities are open-ended.

To do that, you first need to connect n8n and Salesforce, and in this post I’ll show you how to do it.

Prerequisites

• Salesforce org (Production or Sandbox) with permission to create a Connected App.
  • API enabled on your profile.
  • My Domain deployed (recommended for OAuth).
• n8n (Cloud or self-hosted) with access to Credentials and Workflows.
  • If you don't have one you can create one.
• For JWT: ability to generate and store a private key securely.

Part 1 — Create a Connected App in Salesforce

You will use the same Connected App for both OAuth 2.0 and JWT (you’ll enable settings for each).

1. Go to Setup → App Manager → New Connected App.
2. Basic Info
   • Connected App Name: n8n Integration
   • Contact Email: your email
3. Enable OAuth Settings
   • ✅ Enable OAuth Settings
   • Callback URL: use the Redirect URL that n8n shows for Salesforce OAuth2 credentials (you’ll copy it from n8n in Part 2).
     Tip: you can paste a placeholder for now and update later.
   • Selected OAuth Scopes (minimum):
     • Access and manage your data (api)
     • Perform requests on your behalf at any time (refresh_token, offline_access) (for long-lived access)
     • Optionally: Manage user data via APIs (refresh_token, offline_access) if listed; add others you truly need.
   • Require Secret for Web Server Flow: ✅ (recommended)
4. Digital Signatures (for JWT)
   • ✅ Use digital signatures
   • Upload your public certificate (you’ll generate it in Part 3).
5. Save. Wait a minute for the app to propagate.
6. Open the app’s Manage page → Edit Policies:
   • Permitted Users: “Admin approved users are pre-authorized” (optional, but gives you control)
   • Relax IP restrictions if your n8n host changes IPs often (you can tighten later).
7. Copy the Consumer Key (Client ID) and Consumer Secret.

(Image) Suggested: “Connected App settings with scopes highlighted”

Part 2 — Method A: Connect with OAuth 2.0

This is the classic, interactive sign-in flow. Good for Cloud and self-hosted.

Step A1 — Create Salesforce OAuth Credentials in n8n

1. In n8n, go to Credentials → create Salesforce OAuth2 (or “Salesforce OAuth2 API”) credentials.
2. Fill:
   • Environment / Login URL:
     • Production: https://login.salesforce.com
     • Sandbox: https://test.salesforce.com
   • Client ID (Consumer Key): from the Connected App
   • Client Secret (Consumer Secret): from the Connected App
   • OAuth Scopes: include api and refresh_token/offline_access equivalents (match what you set in Salesforce).
3. n8n will show an OAuth Redirect URL. Copy it.

Step A2 — Add Callback URL in Salesforce

1. Back in Connected App → Edit, paste the Exact Redirect URL into Callback URL.
2. Save.

Step A3 — Finish the OAuth handshake

1. Return to n8n credentials, click Connect / Authorize.
2. You’ll be redirected to Salesforce to log in and grant access.
3. On success, n8n stores the token and refresh token.

(Image) Suggested: “n8n credential screen with Redirect URL callout”

Part 3 — Method B: Connect with JWT (Server-to-Server)

JWT is ideal for headless/service automations. No interactive login after setup.

Step B1 — Generate Keys (locally)

Keep your private key safe. Never commit it to a repo.

# Generate a 2048-bit private key
openssl genrsa -out n8n-salesforce.key 2048

# Generate a public certificate (valid 1 year)
openssl req -x509 -new -key n8n-salesforce.key -days 365 -out n8n-salesforce.crt -subj "/CN=n8n-integration"

You now have:

• Private key: n8n-salesforce.key (keep in n8n secret storage)
• Public cert: n8n-salesforce.crt (upload to Salesforce)

Step B2 — Upload Certificate to Connected App

1. In Salesforce Connected App → Edit, tick Use digital signatures.
2. Upload n8n-salesforce.crt. Save.

Step B3 — Create Salesforce JWT Credentials in n8n

1. In n8n, create Salesforce JWT credentials (or “Salesforce JWT API”).
2. Fill:
   • Login URL: Production or Sandbox as above.
   • Client ID (Consumer Key): from Connected App.
   • User (Username/Email): the Salesforce username that the JWT will impersonate.
   • Private Key: paste contents of n8n-salesforce.key.
   • Audience: usually your Login URL (n8n handles this, but ensure it matches).
3. Save and Test. n8n will sign a JWT, exchange it for an access token, and store it.

(Image) Suggested: “JWT flow diagram: n8n → JWT → Salesforce token endpoint”

Part 4 — Run Your First Workflow (Quick Sanity Check)

Let’s confirm access works with a simple read.

1. Create a new workflow in n8n.
2. Add a Salesforce node.
   • Authentication: select the credentials you created (OAuth or JWT).
   • Resource: Record
   • Operation: Get All
   • SObject: Account
   • Limit: 1
3. Execute Node. You should see one Account record.
   If your org has no Accounts, switch to User and fetch 1.

(Image) Suggested: “n8n canvas with a single Salesforce node returning data”

Common Use Cases (Quick Ideas)

• Orchestrate Salesforce with other apps and AI models.
• Build agents that fetch, decide, and act.
• Schedule tasks that keep your org clean and in sync.

(Image) Suggested: “High-level capabilities map (Salesforce in the loop with apps/AI)”

Troubleshooting

redirect_uri_mismatch during OAuth
Make sure the Callback URL in Salesforce exactly matches the Redirect URL shown by n8n.

invalid_grant (OAuth or JWT)

• Wrong environment URL (Production vs Sandbox).
• User doesn’t have API Enabled.
• In JWT, the Username must be the exact Salesforce username.
• Connected App not fully propagated yet (wait a minute and retry).

insufficient_scope
Add the required OAuth scopes to the Connected App and re-authorize.

signature_invalid (JWT)

• The certificate uploaded to Salesforce must match the private key in n8n.
• Check for extra spaces when pasting the key.
• Ensure the key is RSA 2048+ and not password-protected.

IP / Session errors
If you restrict IPs at the Connected App level, whitelist your n8n host or relax IP restrictions.

(Image) Suggested: “Callout screenshot of a typical error and where to fix it”

Security Notes

• Limit scopes to what you truly need.
• Store the private key only inside n8n credentials/secret storage.
• Consider a dedicated Integration User in Salesforce with the least privileges required.
• Review Connected App policies (session timeout, refresh token policy).

Quick Checklist

• Connected App created with OAuth enabled and correct Callback URL
• Scopes include api and refresh-token/ offline access (for OAuth)
• Digital signature (cert) uploaded for JWT
• n8n credentials saved and tested (OAuth or JWT)
• First workflow runs and returns data