# salesforce > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [connect-full.txt](https://docs.redpanda.com/connect-full.txt) --- title: salesforce latest-connect-version: 4.93.0 latest-operator-version: v26.1.4 latest-console-tag: v3.7.3 latest-redpanda-tag: v26.1.9 docname: inputs/salesforce page-component-name: connect page-version: master page-component-version: master page-component-title: Connect page-relative-src-path: inputs/salesforce.adoc page-edit-url: https://github.com/redpanda-data/rp-connect-docs/edit/main/modules/components/pages/inputs/salesforce.adoc description: Runs a SOQL query against the Salesforce REST API, paginates through all result pages, and emits one message per record. page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-26" --- **Available in:** Self-Managed **License**: This component requires an [enterprise license](https://docs.redpanda.com/redpanda-connect/get-started/licensing/). You can either [upgrade to an Enterprise Edition license](https://www.redpanda.com/upgrade), or [generate a trial license key](http://redpanda.com/try-enterprise) that's valid for 30 days. Runs a SOQL query against the Salesforce REST API, paginates through all result pages, and emits one message per record. When results are exhausted the input shuts down, letting the pipeline terminate gracefully (or the next input in a [sequence](https://docs.redpanda.com/connect/components/inputs/sequence/) to take over). Introduced in version 4.90.3. ## [](#when-to-use-this-input)When to use this input Use `salesforce` for: - One-shot extracts (e.g. dump all Accounts into a warehouse). - Periodic full-table refreshes via a scheduled pipeline or [sequence](https://docs.redpanda.com/connect/components/inputs/sequence/). - Backfills and ad-hoc queries. - Warming up a downstream pipeline before switching to CDC. Use a different Salesforce input instead if: - You need continuous change events — use [`salesforce_cdc`](https://docs.redpanda.com/connect/components/inputs/salesforce_cdc/). - You need a GraphQL query (cross-object in one request) — use [`salesforce_graphql`](https://docs.redpanda.com/connect/components/inputs/salesforce_graphql/). ### Common ```yml inputs: label: "" salesforce: org_url: "" # No default (required) client_id: "" # No default (required) client_secret: "" # No default (required) api_version: v65.0 object: "" # No default (required) columns: [] # No default (required) where: "" # No default (optional) args_mapping: "" # No default (optional) auto_replay_nacks: true ``` ### Advanced ```yml inputs: label: "" salesforce: org_url: "" # No default (required) client_id: "" # No default (required) client_secret: "" # No default (required) api_version: v65.0 object: "" # No default (required) columns: [] # No default (required) where: "" # No default (optional) args_mapping: "" # No default (optional) prefix: "" # No default (optional) suffix: "" # No default (optional) auto_replay_nacks: true http: timeout: 5s tls: enabled: false skip_cert_verify: false enable_renegotiation: false root_cas: "" root_cas_file: "" client_certs: [] proxy_url: "" disable_http2: false tps_limit: 0 tps_burst: 1 backoff: initial_interval: 1s max_interval: 30s max_retries: 3 tcp: connect_timeout: 0s keep_alive: idle: 15s interval: 15s count: 9 tcp_user_timeout: 0s http: max_idle_conns: 100 max_idle_conns_per_host: 0 max_conns_per_host: 64 idle_conn_timeout: 1m30s tls_handshake_timeout: 10s expect_continue_timeout: 1s response_header_timeout: 0s disable_keep_alives: false disable_compression: false max_response_header_bytes: 1048576 max_response_body_bytes: 10485760 write_buffer_size: 4096 read_buffer_size: 4096 h2: strict_max_concurrent_requests: false max_decoder_header_table_size: 4096 max_encoder_header_table_size: 4096 max_read_frame_size: 16384 max_receive_buffer_per_connection: 1048576 max_receive_buffer_per_stream: 1048576 send_ping_timeout: 0s ping_timeout: 15s write_byte_timeout: 0s access_log_level: "" access_log_body_limit: 0 ``` ## [](#fields)Fields ### [](#api_version)`api_version` Salesforce REST API version to target, prefixed with `v`. Affects endpoint paths (`/services/data/{api_version}/…​`) and available fields/objects. Must be supported by your org — check Setup → Company Information. Older versions may lack recent fields. **Type**: `string` **Default**: `v65.0` ```yaml # Examples: api_version: v65.0 # --- api_version: v62.0 ``` ### [](#args_mapping)`args_mapping` Optional [Bloblang mapping](https://docs.redpanda.com/connect/guides/bloblang/about/) whose result must be an array of values matching the count of `?` placeholders in `where`. Values are SOQL-escaped: strings become quoted literals, timestamps become ISO-8601, booleans and numbers pass through. The mapping is evaluated once at startup with no message context — use `now()`, `env()`, or `cache()`. **Type**: `string` ```yaml # Examples: args_mapping: root = [ (now() - "1h").ts_format("2006-01-02T15:04:05Z") ] # --- args_mapping: root = [ "Active", (now() - "24h").ts_format("2006-01-02T15:04:05Z") ] ``` ### [](#auto_replay_nacks)`auto_replay_nacks` Whether messages that are rejected (nacked) at the output level should be automatically replayed indefinitely, eventually resulting in back pressure if the cause of the rejections is persistent. If set to `false` these messages will instead be deleted. Disabling auto replays can greatly improve memory efficiency of high throughput streams as the original shape of the data can be discarded immediately upon consumption and mutation. **Type**: `bool` **Default**: `true` ### [](#client_id)`client_id` Consumer Key of the Salesforce Connected App authorized for the OAuth Client Credentials flow. Create the Connected App under Setup → App Manager → New Connected App, enable OAuth settings, enable the Client Credentials Flow under `Flow Enablement`, then copy the Consumer Key from `Manage Consumer Details`. **Type**: `string` ### [](#client_secret)`client_secret` Consumer Secret of the Salesforce Connected App, paired with `client_id`. Sensitive — prefer environment variable interpolation (`${SALESFORCE_CLIENT_SECRET}`) over inlining. > ⚠️ **CAUTION** > > This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see [Secrets](https://docs.redpanda.com/connect/configuration/secrets/). **Type**: `string` ### [](#columns)`columns[]` Ordered list of field API names to retrieve. SOQL does not accept `*` — every field must be listed explicitly. Standard fields use their documented names; custom fields end with `__c`. Relationship fields traverse parents via dot notation (`Account.Name`, `Owner.Manager.Email`) up to 5 levels deep. Requesting a non-existent or non-queryable field fails at Connect time with a SOQL compile error. **Type**: `array` ```yaml # Examples: columns: - Id - Name - LastModifiedDate # --- columns: - Id - Account.Name - Owner.Email # --- columns: - Id - MyCustom__c ``` ### [](#http)`http` HTTP client configuration for Salesforce REST calls (OAuth token endpoint and, where applicable, data queries). **Type**: `object` ### [](#http-access_log_body_limit)`http.access_log_body_limit` Maximum bytes of request/response body to include in logs. 0 to skip body logging. **Type**: `int` **Default**: `0` ### [](#http-access_log_level)`http.access_log_level` Log level for HTTP request/response logging. Empty disables logging. **Type**: `string` **Default**: `""` **Options**: `` `, `TRACE ``, `DEBUG`, `INFO`, `WARN`, `ERROR` ### [](#http-backoff)`http.backoff` Adaptive backoff configuration for 429 (Too Many Requests) responses. Always active. **Type**: `object` ### [](#http-backoff-initial_interval)`http.backoff.initial_interval` Initial interval between retries on 429 responses. **Type**: `string` **Default**: `1s` ### [](#http-backoff-max_interval)`http.backoff.max_interval` Maximum interval between retries on 429 responses. **Type**: `string` **Default**: `30s` ### [](#http-backoff-max_retries)`http.backoff.max_retries` Maximum number of retries on 429 responses. **Type**: `int` **Default**: `3` ### [](#http-disable_http2)`http.disable_http2` Disable HTTP/2 and force HTTP/1.1. **Type**: `bool` **Default**: `false` ### [](#http-http)`http.http` HTTP transport settings controlling connection pooling, timeouts, and HTTP/2. **Type**: `object` ### [](#http-http-disable_compression)`http.http.disable_compression` Disable automatic decompression of gzip responses. **Type**: `bool` **Default**: `false` ### [](#http-http-disable_keep_alives)`http.http.disable_keep_alives` Disable HTTP keep-alive connections; each request uses a new connection. **Type**: `bool` **Default**: `false` ### [](#http-http-expect_continue_timeout)`http.http.expect_continue_timeout` Maximum time to wait for a server’s 100-continue response before sending the body. 0 means the body is sent immediately. **Type**: `string` **Default**: `1s` ### [](#http-http-h2)`http.http.h2` HTTP/2-specific transport settings. Only applied when HTTP/2 is enabled. **Type**: `object` ### [](#http-http-h2-max_decoder_header_table_size)`http.http.h2.max_decoder_header_table_size` Upper limit in bytes for the HPACK header table used to decode headers from the peer. Must be less than 4 MiB. **Type**: `int` **Default**: `4096` ### [](#http-http-h2-max_encoder_header_table_size)`http.http.h2.max_encoder_header_table_size` Upper limit in bytes for the HPACK header table used to encode headers sent to the peer. Must be less than 4 MiB. **Type**: `int` **Default**: `4096` ### [](#http-http-h2-max_read_frame_size)`http.http.h2.max_read_frame_size` Largest HTTP/2 frame this endpoint will read. Valid range: 16 KiB to 16 MiB. **Type**: `int` **Default**: `16384` ### [](#http-http-h2-max_receive_buffer_per_connection)`http.http.h2.max_receive_buffer_per_connection` Maximum flow-control window size in bytes for data received on a connection. Must be at least 64 KiB and less than 4 MiB. **Type**: `int` **Default**: `1048576` ### [](#http-http-h2-max_receive_buffer_per_stream)`http.http.h2.max_receive_buffer_per_stream` Maximum flow-control window size in bytes for data received on a single stream. Must be less than 4 MiB. **Type**: `int` **Default**: `1048576` ### [](#http-http-h2-ping_timeout)`http.http.h2.ping_timeout` Timeout waiting for a PING response before closing the connection. **Type**: `string` **Default**: `15s` ### [](#http-http-h2-send_ping_timeout)`http.http.h2.send_ping_timeout` Idle timeout after which a PING frame is sent to verify connection health. 0 disables health checks. **Type**: `string` **Default**: `0s` ### [](#http-http-h2-strict_max_concurrent_requests)`http.http.h2.strict_max_concurrent_requests` When true, new requests block when a connection’s concurrency limit is reached instead of opening a new connection. **Type**: `bool` **Default**: `false` ### [](#http-http-h2-write_byte_timeout)`http.http.h2.write_byte_timeout` Timeout for writing data to a connection. The timer resets whenever bytes are written. 0 disables the timeout. **Type**: `string` **Default**: `0s` ### [](#http-http-idle_conn_timeout)`http.http.idle_conn_timeout` How long an idle connection remains in the pool before being closed. 0 disables the timeout. **Type**: `string` **Default**: `1m30s` ### [](#http-http-max_conns_per_host)`http.http.max_conns_per_host` Maximum total connections (active + idle) per host. 0 means unlimited. **Type**: `int` **Default**: `64` ### [](#http-http-max_idle_conns)`http.http.max_idle_conns` Maximum total number of idle (keep-alive) connections across all hosts. 0 means unlimited. **Type**: `int` **Default**: `100` ### [](#http-http-max_idle_conns_per_host)`http.http.max_idle_conns_per_host` Maximum idle connections to keep per host. 0 (the default) uses GOMAXPROCS+1. **Type**: `int` **Default**: `0` ### [](#http-http-max_response_body_bytes)`http.http.max_response_body_bytes` Maximum bytes of response body the client will read. The response body is wrapped with a limit reader; reads beyond this cap return EOF. 0 disables the limit. **Type**: `int` **Default**: `10485760` ### [](#http-http-max_response_header_bytes)`http.http.max_response_header_bytes` Maximum bytes of response headers to allow. **Type**: `int` **Default**: `1048576` ### [](#http-http-read_buffer_size)`http.http.read_buffer_size` Size in bytes of the per-connection read buffer. **Type**: `int` **Default**: `4096` ### [](#http-http-response_header_timeout)`http.http.response_header_timeout` Maximum time to wait for response headers after writing the full request. 0 disables the timeout. **Type**: `string` **Default**: `0s` ### [](#http-http-tls_handshake_timeout)`http.http.tls_handshake_timeout` Maximum time to wait for a TLS handshake to complete. 0 disables the timeout. **Type**: `string` **Default**: `10s` ### [](#http-http-write_buffer_size)`http.http.write_buffer_size` Size in bytes of the per-connection write buffer. **Type**: `int` **Default**: `4096` ### [](#http-proxy_url)`http.proxy_url` HTTP proxy URL. Empty string disables proxying. **Type**: `string` **Default**: `""` ### [](#http-tcp)`http.tcp` TCP socket configuration. **Type**: `object` ### [](#http-tcp-connect_timeout)`http.tcp.connect_timeout` Maximum amount of time a dial will wait for a connect to complete. Zero disables. **Type**: `string` **Default**: `0s` ### [](#http-tcp-keep_alive)`http.tcp.keep_alive` TCP keep-alive probe configuration. **Type**: `object` ### [](#http-tcp-keep_alive-count)`http.tcp.keep_alive.count` Maximum unanswered keep-alive probes before dropping the connection. Zero defaults to 9. **Type**: `int` **Default**: `9` ### [](#http-tcp-keep_alive-idle)`http.tcp.keep_alive.idle` Duration the connection must be idle before sending the first keep-alive probe. Zero defaults to 15s. Negative values disable keep-alive probes. **Type**: `string` **Default**: `15s` ### [](#http-tcp-keep_alive-interval)`http.tcp.keep_alive.interval` Duration between keep-alive probes. Zero defaults to 15s. **Type**: `string` **Default**: `15s` ### [](#http-tcp-tcp_user_timeout)`http.tcp.tcp_user_timeout` Maximum time to wait for acknowledgment of transmitted data before killing the connection. Linux-only (kernel 2.6.37+), ignored on other platforms. When enabled, keep\_alive.idle must be greater than this value per RFC 5482. Zero disables. **Type**: `string` **Default**: `0s` ### [](#http-timeout)`http.timeout` HTTP request timeout. **Type**: `string` **Default**: `5s` ### [](#http-tls)`http.tls` Custom TLS settings can be used to override system defaults. **Type**: `object` ### [](#http-tls-client_certs)`http.tls.client_certs[]` A list of client certificates to use. For each certificate either the fields `cert` and `key`, or `cert_file` and `key_file` should be specified, but not both. **Type**: `object` **Default**: `[]` ```yaml # Examples: client_certs: - cert: foo key: bar # --- client_certs: - cert_file: ./example.pem key_file: ./example.key ``` ### [](#http-tls-client_certs-cert)`http.tls.client_certs[].cert` A plain text certificate to use. **Type**: `string` **Default**: `""` ### [](#http-tls-client_certs-cert_file)`http.tls.client_certs[].cert_file` The path of a certificate to use. **Type**: `string` **Default**: `""` ### [](#http-tls-client_certs-key)`http.tls.client_certs[].key` A plain text certificate key to use. > ⚠️ **CAUTION** > > This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see [Secrets](https://docs.redpanda.com/connect/configuration/secrets/). **Type**: `string` **Default**: `""` ### [](#http-tls-client_certs-key_file)`http.tls.client_certs[].key_file` The path of a certificate key to use. **Type**: `string` **Default**: `""` ### [](#http-tls-client_certs-password)`http.tls.client_certs[].password` A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. > ⚠️ **CAUTION** > > This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see [Secrets](https://docs.redpanda.com/connect/configuration/secrets/). **Type**: `string` **Default**: `""` ```yaml # Examples: password: foo # --- password: ${KEY_PASSWORD} ``` ### [](#http-tls-enable_renegotiation)`http.tls.enable_renegotiation` Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you’re seeing the error message `local error: tls: no renegotiation`. Requires version 3.45.0 or later. **Type**: `bool` **Default**: `false` ### [](#http-tls-enabled)`http.tls.enabled` Whether custom TLS settings are enabled. **Type**: `bool` **Default**: `false` ### [](#http-tls-root_cas)`http.tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. > ⚠️ **CAUTION** > > This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see [Secrets](https://docs.redpanda.com/connect/configuration/secrets/). **Type**: `string` **Default**: `""` ```yaml # Examples: root_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ``` ### [](#http-tls-root_cas_file)`http.tls.root_cas_file` An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. **Type**: `string` **Default**: `""` ```yaml # Examples: root_cas_file: ./root_cas.pem ``` ### [](#http-tls-skip_cert_verify)`http.tls.skip_cert_verify` Whether to skip server side certificate verification. **Type**: `bool` **Default**: `false` ### [](#http-tps_burst)`http.tps_burst` Maximum burst size for rate limiting. **Type**: `int` **Default**: `1` ### [](#http-tps_limit)`http.tps_limit` Rate limit in requests per second. 0 disables rate limiting. **Type**: `float` **Default**: `0` ### [](#object)`object` The sObject API name to SELECT from. Case-sensitive; uses the API name, not the display label. Standard objects use the noun (`Account`, `Opportunity`); custom objects end with `_c_`_; Big Objects end with_ `b`; External Objects end with `__x`. Confirm the exact API name in Setup → Object Manager. **Type**: `string` ```yaml # Examples: object: Account # --- object: Contact # --- object: MyCustom__c ``` ### [](#org_url)`org_url` Salesforce instance base URL for your org, protocol included and no trailing slash. Used as the base for both the OAuth token endpoint and REST queries. Production orgs use `[https://{my-domain}.my.salesforce.com](https://{my-domain}.my.salesforce.com)`; sandboxes use `[https://{my-domain}.sandbox.my.salesforce.com](https://{my-domain}.sandbox.my.salesforce.com)`. Legacy instance URLs (`[https://na123.salesforce.com](https://na123.salesforce.com)`) still work but My Domain URLs are strongly recommended by Salesforce. **Type**: `string` ```yaml # Examples: org_url: https://acme.my.salesforce.com # --- org_url: https://acme--staging.sandbox.my.salesforce.com ``` ### [](#prefix)`prefix` Optional SOQL fragment inserted before the SELECT keyword. Rarely needed — provided for forward compatibility with future SOQL extensions or Bulk API framing. **Type**: `string` ### [](#suffix)`suffix` Optional SOQL fragment appended after the WHERE clause. Typical uses: `ORDER BY` for deterministic pagination, `LIMIT` to cap result size, `FOR REFERENCE` / `FOR VIEW` to mark records for Chatter tracking. **Type**: `string` ```yaml # Examples: suffix: ORDER BY LastModifiedDate DESC # --- suffix: ORDER BY Id LIMIT 1000 # --- suffix: ORDER BY CreatedDate DESC LIMIT 10000 ``` ### [](#where)`where` Optional SOQL WHERE body, without the `WHERE` keyword. `?` placeholders are substituted client-side from `args_mapping` with SOQL literal escaping (quoted strings, ISO-8601 datetimes). Supports the full WHERE grammar: `AND`/`OR`/`NOT`, `LIKE`, `IN`, date literals (`TODAY`, `LAST_N_DAYS:7`), subqueries. Date/datetime comparisons require ISO-8601 with explicit timezone. **Type**: `string` ```yaml # Examples: where: LastModifiedDate > ? # --- where: Status__c = ? AND CreatedDate > ? # --- where: OwnerId IN (?, ?) ```