Skip to content

Salesforce Refresh Token

Service Name: Salesforce

Service Description: Salesforce is a cloud-based customer relationship management (CRM) platform that helps businesses manage their sales, customer service, marketing automation, analytics, and application development.

Service Address: [https://salesforce.com](https://salesforce.com/)

Salesforce Refresh Token

SALESFORCE_REFRESH_TOKEN

  • Validation Type: -

  • IP Allow list: Does not exist

  • Secret Access Scope: Grants long-term access to Salesforce APIs without requiring user re-authentication.

  • Secret Revokement URL: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_revoke_token.htm

  • Secret Example: 5Aep8nFLn5xvTEPrNOLVkTyRSQ9FVs3xYxSA1cGHvUzN8B5JKIm0oU8JyRqwersdfghjklzxcvbnmqwertyuioplkjhgfdsazxcvbnm

  • Suspicious Activity Investigation Instructions:

    • Review Salesforce login history for unauthorized access.

    • Check Setup Audit Trail for changes made to user permissions or configurations.

    • Examine API usage logs for unusual patterns or excessive data retrieval.

    • Monitor for unexpected OAuth integrations or connected apps.

  • Mitigation Instructions:

    • Log in to Salesforce as an administrator.

    • Navigate to Setup > Apps > Connected Apps > Manage Connected Apps.

    • Find the connected app associated with the token.

    • Click "Revoke Access" to invalidate the refresh token.

    • Rotate any associated client secrets.

    • Review and update OAuth policies for the connected app.