# Connecting Salesforce > Source: https://docs.trailspark.ai/docs/connecting-salesforce ## Overview The Salesforce integration uses OAuth 2.0 with PKCE. You provide your Connected App's Client ID in TrailSpark, then authorize via Salesforce's OAuth flow. No Client Secret is needed. ## Prerequisites - **System Administrator** access in Salesforce (to create a Connected App) - **Admin** or **Owner** role in TrailSpark ## Create a Connected App in Salesforce 1. In Salesforce Setup, search for **App Manager** and click **New Connected App** 2. Fill in the basic fields: | Field | Value | |-------|-------| | Connected App Name | TrailSpark Integration | | API Name | Auto-fills | | Contact Email | Your admin email | 3. Check **Enable OAuth Settings** 4. Set **Callback URL** to: ``` https://[your-subdomain].trailspark.ai/api/oauth/callback/salesforce ``` 5. Add these **OAuth Scopes**: - `Access and manage your data (api)` - `Perform requests on your behalf at any time (refresh_token, offline_access)` 6. Check **Require Proof Key for Code Exchange (PKCE)** 7. **Save**, then click **Manage Consumer Details** 8. Copy the **Consumer Key** -- this is your Client ID > [!TIP] > With PKCE enabled, you only need the Consumer Key. No Client Secret is required. ## Connect in TrailSpark 1. Go to **Settings** > **CRM Integration** 2. Click **Connect** on the Salesforce card 3. Toggle **Sandbox Environment** if connecting to a sandbox 4. Enter your **Client ID** (Consumer Key from the Connected App) 5. Click **Connect to Salesforce** 6. Complete the Salesforce OAuth login and grant access Once authorized, the page shows a **Connected** status with a **Test Connection** button to verify the integration is working. > [!WARNING] > Make sure the Sandbox toggle matches your Salesforce environment. Production credentials will not work against a sandbox, and vice versa. ## What Gets Synced TrailSpark syncs Leads, Contacts, and Accounts from Salesforce. Salesforce stores people in both Lead and Contact objects -- TrailSpark handles both via dual-field mapping (see [Field Mapping](/docs/field-mapping)). ## Switching Environments To switch between sandbox and production: disconnect the current connection, toggle the Sandbox setting, and re-authorize with the appropriate Salesforce credentials. ## Troubleshooting ### "Invalid Client ID" error - Verify the Consumer Key was copied correctly - Ensure the Connected App is active (new apps may take a few minutes to propagate) - Confirm the callback URL matches exactly: `https://[your-subdomain].trailspark.ai/api/oauth/callback/salesforce` ### Authorization fails - Confirm you are logging into the correct Salesforce org (production vs. sandbox) - Verify your Salesforce user has API access enabled ### "Refresh Token" errors OAuth tokens refresh automatically. If you see persistent token errors, the token may have been revoked in Salesforce. Disconnect and reconnect the integration. ## Next Steps - [Field Mapping](/docs/field-mapping) -- configure how Salesforce fields map to TrailSpark - [Salesforce Destination](/docs/salesforce-destination) -- write evaluation results back to Salesforce