In this blog post you will be learning about what is Named Credential, it’s usage and where to use and after how it will helps connecting two salesforce orgs.

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. To simplify the setup of authenticated callouts, specify a named credential as the callout endpoint. If you instead specify a URL as the callout endpoint, you must register that URL in your org’s remote site settings and handle the authentication yourself. For example, for an Apex callout, your code handles authentication, which can be less secure and especially complicated for OAuth implementations.
To understand more about Named Credentials Refer


Security is the one which every customer concern about while implementing SF application and integrating with external system. So if we want to hide the external url, username, password while connecting external system, then Named Credential is something that you need to implement.

Named credential specifies the call out end point url and authentication in one definition. It doesn’t require to add end point URL in Remote Site settings. Named credential support two types of authentication protocol Basic User Name/Password Authentication and OAuth 2.0 protocol.

Named credentials are supported in these types of callout definitions:

  • Apex callouts
  • External data sources of these types:
    • Salesforce Connect: OData 2.0
    • Salesforce Connect: OData 4.0
    • Salesforce Connect: Custom (developed with the Apex Connector Framework)
  • External Services

To Connect two salesforce orgs using Named credentials we need to follow below 4 main steps.

Step 1: Create connected App in destination org

Step 2: Create AuthProvider in source Org

Step 3: Create named Credential in source Org

Step 4: Write apex in source Org to fetch data from destination Org.

1. Have 2 salesforce orgs. Source Org(myfirstsite99-dev) and Destination Org(ap16)
2. Have few records on Account or any object in Source Org.
ap16 & myfirstsite99-dev are my developer orgs. in your case you have to use orgs you created.

Step 1: Create connected App in destination org

  • Navigate to “Setup | Build | Create | Apps | Connected Apps” and click on New
  • Provide all necessary information
  • In “Callback URL” enter the temporary Salesforce URL. We will come back again on this step later to provide Callback URL (for example ( as callback URL.
  • Check “Enable OAuth Settings” checkbox to use OAuth
  • Select the scope. Remain fields leave as it is.
  • Save

“Consumer Key” and “Consumer Secret” will be provided once you save this. We need this information on the next step.

After Click on Save and Continue, you will Connected App Created and also with Consumer Key and Secret.

Step 2: Create AuthProvider in source Org

  • Go to Source Org(myfirstsite99)
  • Navigate to “Setup | Administer | Security Controls | Auth. Providers | Create New”.
  • Select “Salesforce” as Provider Type
  • Provide “Consumer Key” and “Consumer Secret” from the previous step
  • In “Default Scope” enter the value as “api” and “refresh_token, offline_access” should be separated by space
  • Finally, Save

Once you save, it will provide you the set of URLs in “Salesforce Configuration” section on the same page. Copy “Callback URL” and edit Connected App we created in the previous step and set this URL as Callback URL.

Step 3: Create named Credential in source Org

  • Go to Source Org(myfirstsite99)
  • Navigate to “Setup | Administer | Security Controls | Named Credentials | New Named Credential “.
  • Provide the name (label)
  • In URL, provide URL of Salesforce instance where we want to Connect
  • Select “Named Principal” as Identity Type
  • In our example select “Authentication Protocol” as OAuth 2.0
  • Select the “Auth Provider” created in the previous step
  • In scope, enter the value as “api refresh_token”
  • Check “Start Authentication Flow on Save” (this is important)
  • Save

After clicking on “Save” a new page will open to authenticate Salesforce Org using OAuth2 connected App. Log in using the credentials of the Salesforce instance that you want to connect to. If authentication is a success, you can see a message like “Authenticated as “.

Step 4: Write apex in source Org to fetch data from destination Org.

No user name, No password, No end point URL. You only need to specify the named credential name which will take care the authentication.

We’ve set the endpoint as:- callout:ap16/services/data/v48.0/query/ where ap16is the name of my named credential. As, I am going to query some records from my source org, so I have setup that URL as the endpoint here. In the URL parameters, I have:- q:<query> therefore, I’ll update the URL parameter with key q and set it’s value to my actual query before calling out and the final URL will be similar to this:- callout:ap16/services/data/v49.0/query/?q=SELECT+Id,Name+FROM+Account

HttpRequest req = new HttpRequest();
String query='select+Id,Name+from+Account';
Http http = new Http();
HTTPResponse resp = http.send(req);

Open Dev console in Source org and execute above.

Thanks for Reading.

Please click here to read the original article as posted on Jayakrishna Ganjikunta.

We source the web to bring you best Salesforce articles for our reader’s convenience. If you want to have this article removed, please follow guidelines at Digital Millennium Copyright Act (DMCA)..