Create an External Client App (ECA)

This section explains how to configure External Client Applications (ECAs) to connect Salesforce with the Compliance and Rehearsal Tool operations.

Overview of External Client Applications (ECA)

External Client Applications (ECAs) are Salesforce app definitions that enable secure OAuth-based authentication for external systems. ECAs are required for Salesforce integrations and the ECA replaces the previously used Connected App approach. For details, see Salesforce Platform: New Connected Apps Can No Longer Be Created in Spring '26

Prerequisites

Before you create an ECA, ensure that you have:

  • Access to Salesforce Lightning Experience

  • Salesforce administrator permissions

  • A local environment available to receive OAuth callbacks

Create and configure an External Client Application (ECA)

Perform this task when setting up a new Salesforce integration for Compliance or the Rehearsal Tool using release version 2026.1.0 or later.

  1. In Salesforce Lightning Experience, select the gear icon, then select Setup.

  2. In Quick Find, enter External.

  3. Select External Client App Manager.

  4. Select New External Client App.

  5. In the Basic details section, enter values for all required fields.

  6. Expand API (Enable OAuth Settings), then select Enable OAuth.

  7. In App settings, set theCallback URL to: http://localhost:33333

  8. Set OAuth scopes to include:

  • Manage user data via APIs (api)

  • Perform requests at any time (refresh_token, offline_access)

  • Access the Salesforce API Platform (sfap_api)

  1. In Flow Enablement, select Enable Authorization Code and Credentials Flow.

  2. In Security, deselect the following options:

  • Require secret for Web Server Flow

  • Require secret for Refresh Token Flow

  • Require Proof Key for Code Exchange (PKCE) extension for supported authorization flows

  1. Select Create.

Salesforce creates the ECA and displays its details page. Continue to the next section to configure the ECA’s OAuth policies and obtain the consumer key and consumer secret.

Configure OAuth policies for the ECA

Perform this task immediately after creating the ECA.

  1. On the ECA details page, expand OAuth Policies.

  2. Go to App Authorization.

  3. Under IP Relaxation, select Relax IP restrictions.

Retrieve the consumer key and secret

Perform this task after Configuring the OAuth policies for the ECA

  1. Open the ECA.

  2. Select Settings> OAuth Settings

  3. Copy the Consumer Key and Consumer Secret.

Store these values securely and use them when configuring your Salesforce integration.