How to Use Salesforce REST API

The Salesforce REST API gives you a lightweight, HTTP-based way to access and manipulate Salesforce data from external systems (or from custom clients). It’s ideal when you need to integrate with web/mobile apps, perform CRUD (Create, Read, Update, Delete) operations, run queries, or build automation that touches Salesforce data but lives outside the Salesforce UI. Learn how to use Salesforce REST API to connect, query, and manage data efficiently. Explore authentication, CRUD operations, and integration tips.

Since you’re working as a “fresher” – learning how things fit together (you’ve done admin-projects, you’re learning LWC/JS, etc) – this blog will walk you through how to get started, what the key pieces are, how to make your first calls, and then some best-practices/considerations.

What is a REST API in Salesforce?

• • It uses HTTP verbs (GET, POST, PATCH/PUT, DELETE) to work with “resources” in Salesforce (such as records, queries, metadata etc). 
• • It is stateless: each request is independent and must provide required headers/authentication each time. 
• • The base endpoint typically looks like:
• • https://yourInstance.salesforce.com/services/data/vXX.X/…

where vXX.X is the API version (for example v64.0). 
• It returns data mostly in JSON format (though XML might also be supported) and you operate on “sObjects” (Salesforce objects like Account, Contact, etc) and other resources. 

Why use it?

Because it allows you to:

• • Perform CRUD operations on data in Salesforce from external apps (web/mobile) without needing the full Salesforce UI. 
• • Run queries (SOQL) or searches (SOSL) via HTTP. 
• • Integrate third-party systems with Salesforce for data sync, automation, custom workflows. 
• • Extend Salesforce with custom REST endpoints (via Apex) when standard endpoints are not enough.

Key pieces you’ll need

• • A Salesforce org (Developer Edition is fine) to test with.
• • A Connected App in Salesforce (to enable OAuth) so you can obtain an access token. 
• • Understanding of HTTP methods, request headers (especially Authorization: Bearer <token>), request body/payload, status codes.
• • Understanding of resource URLs in Salesforce (for example, /sobjects/Account/Id, /query/?q=…, etc) and how to handle responses.

Step-by-step: Making your first REST API calls

Let’s walk through the practical steps from zero to calling the API.

Step 1: Create a Connected App & get credentials

1. 1. Log into your Salesforce org, go to Setup → App Manager.
2. 2. Click New Connected App. Fill in a name (e.g., “API Integration App”), API name will auto-fill, contact email.
3. 3. Enable OAuth Settings (check “Enable OAuth Settings”). Provide a Callback URL (for example https://localhost/callback if you’re testing). Choose OAuth Scopes (for example “Full access (full)”, “Access and manage your data (api)”). Save. 
4. 4. After saving, note the Consumer Key and Consumer Secret shown in the Connected App detail. These will be used for authentication.
5. 5. Make sure you relax IP restrictions or set permitted IPs for testing if needed.)

Step 2: Get an access token (authenticate)

You need to authenticate via OAuth 2.0 so that you get a token to include in your API calls. For example, you might use the password flow (in a developer/test scenario) or one of the more secure flows for production (web-server flow, JWT bearer, etc). 

An example using cURL might be:

POST https://login.salesforce.com/services/oauth2/token

Content-Type: application/x-www-form-urlencoded

grant_type=password

&client_id=<ConsumerKey>

&client_secret=<ConsumerSecret>

&username=<YourUsername>

&password=<YourPassword+SecurityToken>

You’ll receive a JSON response with fields including access_token, instance_url, token_type etc. Use this access_token in subsequent requests.

Step 3: Make your first REST API call

Once you have an access_token and an instance_url, you can call endpoints. Here’s how to retrieve a record:

Request

GET {instance_url}/services/data/v64.0/sobjects/Account/001XXXXXXXXXXXX

Authorization: Bearer <access_token>

Response
You’ll get back JSON with fields like Id, Name, Phone, etc.

To create a record, you might do:

POST {instance_url}/services/data/v64.0/sobjects/Account/

Authorization: Bearer <access_token>

Content-Type: application/json

{

  "Name": "New Account via REST",

  "Phone": "1234567890"

}

And you’ll receive back a JSON response with id of the new record (and success: true). 

To update a record, you use PATCH (or sometimes PUT) on the URL of the specific record. To delete, you use DELETE. 

Step 4: Querying and searching

You can query with SOQL, e.g.:

GET {instance_url}/services/data/v64.0/query/?q=SELECT+Id,Name+FROM+Account+WHERE+Industry='Banking'

Authorization: Bearer <access_token>

The API returns a JSON list of records along with pagination info (nextRecordsUrl) if there are more results. 

You can also use search endpoints or other specialized endpoints (metadata, limits, etc). 

Step 5: Handling responses and errors

• • Check the HTTP status code: 200 means OK for GET, 201 means Created for POST, 204 No Content for successful delete, etc. 
• • If you receive 400, 401, 404, 500 etc you need to handle them accordingly (bad request, unauthorized, not found, server error). 
• • Parse the JSON response and extract needed data.
• • Monitor for limits and errors (see next section).

Best Practices & Things to Watch (especially for Admin/Integration folks)

Since you’re doing Admin/integration work (managing service-centers, service requests, inventory etc) using APIs, pay attention to:

API versioning & endpoint stability

Use the latest stable API version (for example v64.0) unless you have reason to stay on older. Field changes/new features may require newer versions.

Authentication & Security

• • Use OAuth flows appropriate to your scenario (for server-to-server, single-user, mobile etc).
• • Only grant the minimum OAuth scopes needed (principle of least privilege).
• • Use HTTPS always, protect tokens, and rotate secrets when needed.
• • Monitor for unauthorized access or token misuse.

API Limits and Performance

• • Salesforce enforces API call limits (daily quotas, concurrent, etc). Make sure your integration plan doesn’t exceed them. 
• • Use bulk endpoints (e.g., Bulk API) for large data volumes instead of many single REST calls.
• • Cache data where possible, minimize unnecessary calls, batch operations.
• • Use composite endpoints (e.g., composite/sobjects/tree) when you need to create parent/child records in one go. 

Error Handling & Logging

• • Always inspect both the HTTP status code and the response body for error details.
• • Implement retry logic for transient errors (e.g., network timeouts) with back-off.
• • Log failed requests and responses for troubleshooting — since you’re doing integration for a service-center scenario, you’ll want a production-ready logging/alerting strategy.
• • Test edge cases: permissions denied, missing fields, invalid data formats.

Data Integrity and Sync Strategy

• • If you’re syncing data between Salesforce and other systems (e.g., your service app or inventory system), decide on one-way vs two-way sync.
• • Use timestamps/“last modified” fields to only fetch changed data — avoid full dumps where possible.
• • Handle duplicates, error records, and reconciliation.
• • Respect SOQL limits (rows returned) and pagination (nextRecordsUrl).

Custom REST Endpoints (when needed)

Sometimes the standard endpoints won’t cover your scenario (for example, custom operations, workflows, etc). You can build custom REST endpoints using Apex classes annotated with @RestResource.
When you do that: document your endpoints (Swagger/OpenAPI, Confluence), version them, and secure them carefully.

Example Real-World Scenario (links to your Admin work)

Given your “Ola Electric Service App” admin project (managing service requests, invoice generation, vehicle service tracking, technician availability, spare parts inventory), here’s how you might use the REST API:

1. 1. Your external service-center system (mobile app for technicians) needs to pull new service requests from Salesforce. Using REST API: GET records from the Service_Request__c custom object where Status = “New”.
2. 2. When a technician completes the job and updates parts used/technician notes, your external app sends a PATCH request to the REST API to update the Service_Request__c record (Status changed to “Completed”, spare parts list updated)
3. 3. For invoice generation: your external system generates invoice data and POSTs a new Invoice__c record into Salesforce.
4. 4. Inventory system might occasionally sync inventory counts with Salesforce Spare_Parts__c object using a bulk approach (many records changed) → you could use Bulk API rather than many small REST calls.
5. 5. For analytics/dashboards: you might query Salesforce via REST API from a business-intelligence tool to fetch recent service requests and technician availability.
6. 6. Monitor your API usage so that your mobile app doesn’t run you out of daily limits.

By following the steps and best practices above, you make such an integration robust and maintainable.

Headers:

Authorization: Bearer <access_token>

Content-Type: application/json

Response codes to pay attention to:

• • 200 OK
• • 201 Created
• • 204 No Content
• • 400 Bad Request
• • 401 Unauthorized
• • 404 Not Found
• • 500 Internal Server Error
   

The Salesforce REST API is a powerful tool in your toolbox as a Salesforce Admin/Integration practitioner. By understanding how to authenticate, how to structure requests (CRUD + queries), how to work with responses and errors, and by following best practices around security, limits, and data sync, you’ll be able to build meaningful integrations.

For your upcoming projects (restaurant e-management, lease management, hospital management, service-center app, etc) you can reuse the same REST API knowledge: any time you need to move data between Salesforce and an external app or system, REST API is often the first choice (if the volume is manageable and latency is acceptable). For massive data loads, you might consider Bulk API, but REST API will cover many day-to-day integration needs.

Do visit our channel to explore more: SevenMentor

Author:- 

Komal Wavare