# Orgs ## Register or update a Salesforce org > \ > Registers a new Salesforce organization or updates an existing one.\ > \ > Requirements:\ > \- sfdxAuthUrl is required (Generate using: sf org:display -u --verbose --json)\ > \- The connection is validated before registration\ > \- instanceUrl is optional and will be extracted from sfdxAuthUrl if not provided\ > \ > Optional fields:\ > \- isDevHub: Mark this org as a DevHub (default: false)\ > \- isDefault: Mark this as the default DevHub - only one org can have this set (default: false)\ > \- metadata: Additional metadata as key-value pairs in JSON format\ > \ > If an org with the same username exists, it will be updated.\ > \ > For sandbox registrations without sfdxAuthUrl, use /auth/salesforce/register-sandbox-by-name instead.\ > ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SalesforceOrgRegistrationDto":{"type":"object","properties":{"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org (will be extracted from sfdxAuthUrl if not provided)","pattern":"https://*.salesforce.com"},"username":{"type":"string","description":"Username of the Salesforce integration user. If not provided, the authenticated username from the SFDX Auth URL will be used."},"sfdxAuthUrl":{"type":"string","description":"SFDX Auth URL (generated using sf org:display -u your@org.com --verbose --json)"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub","default":false},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub (only one org can have this set to true)","default":false},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"},"skipValidation":{"type":"boolean","description":"Skip connection validation (for testing purposes only)","default":false}},"required":["sfdxAuthUrl"]},"SalesforceOrgDto":{"type":"object","properties":{"username":{"type":"string","description":"Username of the Salesforce org user"},"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"organizationType":{"type":"string","description":"Type of the Salesforce org"},"instanceName":{"type":"string","description":"Salesforce instance name"},"parentProductionUsername":{"type":"string","description":"Parent production org username (for JIT sandboxes)"},"isJitRegistration":{"type":"boolean","description":"Whether this org was registered using JIT authentication"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"}},"required":["username","instanceUrl","orgId","organizationType","instanceName"]}}},"paths":{"/sfp/api/auth/salesforce/register":{"post":{"operationId":"SalesforceAuthController_registerOrg","summary":"Register or update a Salesforce org","description":"\n Registers a new Salesforce organization or updates an existing one.\n \n Requirements:\n - sfdxAuthUrl is required (Generate using: sf org:display -u your@org.com --verbose --json)\n - The connection is validated before registration\n - instanceUrl is optional and will be extracted from sfdxAuthUrl if not provided\n \n Optional fields:\n - isDevHub: Mark this org as a DevHub (default: false)\n - isDefault: Mark this as the default DevHub - only one org can have this set (default: false)\n - metadata: Additional metadata as key-value pairs in JSON format\n \n If an org with the same username exists, it will be updated.\n \n For sandbox registrations without sfdxAuthUrl, use /auth/salesforce/register-sandbox-by-name instead.\n ","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgRegistrationDto"}}}},"responses":{"201":{"description":"Organization successfully registered/updated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgDto"}}}},"400":{"description":"Invalid input or connection failed"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Orgs"]}}}} ``` ## Register a Salesforce sandbox using production org credentials > \ > Registers a Salesforce sandbox organization using credentials from an already registered production org.\ > \ > Requirements:\ > \- The production org must be registered first using /auth/salesforce/register\ > \- The sandbox must be created by the same user whose credentials are stored for the production org\ > \- The system will validate the sandbox and retrieve all necessary details automatically\ > \ > This endpoint is specifically for sandboxes where you don't have the sfdxAuthUrl.\ > Just-in-time authentication will be used when accessing the sandbox.\ > ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SandboxRegistrationByNameDto":{"type":"object","properties":{"sandboxName":{"type":"string","description":"Name of the sandbox to register"},"productionUsername":{"type":"string","description":"Username of the production org (must be already registered)"}},"required":["sandboxName","productionUsername"]},"SalesforceOrgDto":{"type":"object","properties":{"username":{"type":"string","description":"Username of the Salesforce org user"},"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"organizationType":{"type":"string","description":"Type of the Salesforce org"},"instanceName":{"type":"string","description":"Salesforce instance name"},"parentProductionUsername":{"type":"string","description":"Parent production org username (for JIT sandboxes)"},"isJitRegistration":{"type":"boolean","description":"Whether this org was registered using JIT authentication"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"}},"required":["username","instanceUrl","orgId","organizationType","instanceName"]}}},"paths":{"/sfp/api/auth/salesforce/register-sandbox-by-name":{"post":{"operationId":"SalesforceAuthController_registerSandboxByName","summary":"Register a Salesforce sandbox using production org credentials","description":"\n Registers a Salesforce sandbox organization using credentials from an already registered production org.\n \n Requirements:\n - The production org must be registered first using /auth/salesforce/register\n - The sandbox must be created by the same user whose credentials are stored for the production org\n - The system will validate the sandbox and retrieve all necessary details automatically\n \n This endpoint is specifically for sandboxes where you don't have the sfdxAuthUrl.\n Just-in-time authentication will be used when accessing the sandbox.\n ","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SandboxRegistrationByNameDto"}}}},"responses":{"201":{"description":"Sandbox successfully registered","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgDto"}}}},"400":{"description":"Invalid input or validation failed"},"403":{"description":"Forbidden - Requires role: owner"},"404":{"description":"Production org not found"}},"tags":["Orgs"]}}}} ``` ## List registered Salesforce orgs > Returns a list of all registered Salesforce organizations with optional filtering.\ > \ > Filter options:\ > \- type: Filter by organization type (e.g., "Production", "Sandbox")\ > \- devhub: Filter to show only DevHub organizations\ > \- metadata: Filter by metadata key-value pairs using either format:\ > \- Comma-separated: key1=value1,key2=value2\ > \- JSON object: {"key1":"value1","key2":"value2"}\ > \ > Response includes DevHub status, default flag, and metadata for each org. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SalesforceOrgListItemDto":{"type":"object","properties":{"username":{"type":"string","description":"Username of the Salesforce org user"},"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"organizationType":{"type":"string","description":"Type of the Salesforce org"},"instanceName":{"type":"string","description":"Salesforce instance name"},"parentProductionUsername":{"type":"string","description":"Parent production org username (for JIT sandboxes)"},"isJitRegistration":{"type":"boolean","description":"Whether this org was registered using JIT authentication"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"},"createdAt":{"format":"date-time","type":"string","description":"When the org was registered"}},"required":["username","instanceUrl","orgId","organizationType","instanceName","createdAt"]}}},"paths":{"/sfp/api/auth/salesforce/orgs":{"get":{"operationId":"SalesforceAuthController_listOrgs","summary":"List registered Salesforce orgs","description":"Returns a list of all registered Salesforce organizations with optional filtering.\n \n Filter options:\n - type: Filter by organization type (e.g., \"Production\", \"Sandbox\")\n - devhub: Filter to show only DevHub organizations\n - metadata: Filter by metadata key-value pairs using either format:\n - Comma-separated: key1=value1,key2=value2\n - JSON object: {\"key1\":\"value1\",\"key2\":\"value2\"}\n \n Response includes DevHub status, default flag, and metadata for each org.","parameters":[{"name":"type","required":false,"in":"query","description":"Filter organizations by type (e.g., \"Developer Edition\", \"Production\", \"Sandbox\")","schema":{"type":"string"}},{"name":"devhub","required":false,"in":"query","description":"Filter to show only DevHub organizations","schema":{"type":"boolean"}},{"name":"metadata","required":false,"in":"query","description":"Filter by metadata key-value pairs. Format: key1=value1,key2=value2 or JSON object","schema":{"type":"string"}}],"responses":{"200":{"description":"List of registered organizations","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/SalesforceOrgListItemDto"}}}}},"403":{"description":"Forbidden - Requires role: member, application"}},"tags":["Orgs"]}}}} ``` ## Get details of a specific Salesforce org > Returns detailed information about a specific registered Salesforce organization. Owner role and application tokens can request authentication credentials. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SalesforceOrgListItemDto":{"type":"object","properties":{"username":{"type":"string","description":"Username of the Salesforce org user"},"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"organizationType":{"type":"string","description":"Type of the Salesforce org"},"instanceName":{"type":"string","description":"Salesforce instance name"},"parentProductionUsername":{"type":"string","description":"Parent production org username (for JIT sandboxes)"},"isJitRegistration":{"type":"boolean","description":"Whether this org was registered using JIT authentication"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"},"createdAt":{"format":"date-time","type":"string","description":"When the org was registered"}},"required":["username","instanceUrl","orgId","organizationType","instanceName","createdAt"]}}},"paths":{"/sfp/api/auth/salesforce/org":{"get":{"operationId":"SalesforceAuthController_getOrg","summary":"Get details of a specific Salesforce org","description":"Returns detailed information about a specific registered Salesforce organization. Owner role and application tokens can request authentication credentials.","parameters":[{"name":"username","required":true,"in":"query","description":"Username of the Salesforce org to retrieve, or sandbox name for sandboxes with no sfdxAuthUrl","schema":{"type":"string"}},{"name":"authType","required":false,"in":"query","description":"Type of authentication to return: \"accessToken\" (short-lived, default) or \"sfdxAuthUrl\" (long-lived refresh token for long-running operations)","schema":{"enum":["accessToken","sfdxAuthUrl"],"type":"string"}}],"responses":{"200":{"description":"Organization details","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgListItemDto"}}}},"403":{"description":"Forbidden - Requires role: member, application"},"404":{"description":"Organization not found"}},"tags":["Orgs"]}}}} ``` ## Delete a Salesforce org registration > Removes the stored credentials for a Salesforce organization ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/auth/salesforce/org":{"delete":{"operationId":"SalesforceAuthController_deleteOrg","summary":"Delete a Salesforce org registration","description":"Removes the stored credentials for a Salesforce organization","parameters":[{"name":"username","required":true,"in":"query","description":"Username of the Salesforce org to delete, or sandbox name for sandboxes with no sfdxAuthUrl","schema":{"type":"string"}}],"responses":{"200":{"description":"Organization successfully deleted"},"403":{"description":"Forbidden - Requires role: owner"},"404":{"description":"Organization not found"}},"tags":["Orgs"]}}}} ``` ## Update a Salesforce org registration > Updates metadata fields of an existing Salesforce organization registration without re-validating the connection.\ > \ > Updatable fields:\ > \- isDevHub: Mark/unmark as DevHub\ > \- isDefault: Mark/unmark as default DevHub (enforces single default constraint)\ > \- metadata: Update metadata key-value pairs\ > \ > Note: This endpoint does not validate the Salesforce connection, it only updates metadata attributes. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SalesforceOrgUpdateDto":{"type":"object","properties":{"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub (only one org can have this set to true)"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"}}},"SalesforceOrgDto":{"type":"object","properties":{"username":{"type":"string","description":"Username of the Salesforce org user"},"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"organizationType":{"type":"string","description":"Type of the Salesforce org"},"instanceName":{"type":"string","description":"Salesforce instance name"},"parentProductionUsername":{"type":"string","description":"Parent production org username (for JIT sandboxes)"},"isJitRegistration":{"type":"boolean","description":"Whether this org was registered using JIT authentication"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"}},"required":["username","instanceUrl","orgId","organizationType","instanceName"]}}},"paths":{"/sfp/api/auth/salesforce/org":{"patch":{"operationId":"SalesforceAuthController_updateOrg","summary":"Update a Salesforce org registration","description":"Updates metadata fields of an existing Salesforce organization registration without re-validating the connection.\n \n Updatable fields:\n - isDevHub: Mark/unmark as DevHub\n - isDefault: Mark/unmark as default DevHub (enforces single default constraint)\n - metadata: Update metadata key-value pairs\n \n Note: This endpoint does not validate the Salesforce connection, it only updates metadata attributes.","parameters":[{"name":"username","required":true,"in":"query","description":"Username of the Salesforce org to update","schema":{"type":"string"}}],"requestBody":{"required":true,"description":"Metadata fields to update","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgUpdateDto"}}}},"responses":{"200":{"description":"Organization successfully updated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgDto"}}}},"403":{"description":"Forbidden - Requires role: owner"},"404":{"description":"Organization not found"}},"tags":["Orgs"]}}}} ``` ## Test connection to a REGISTERED Salesforce org > Tests if the stored credentials for a \*\*registered\*\* org are still valid.\ > \ > \*\*Note\*\*: This endpoint only works for orgs that are registered in the system.\ > It validates that the stored sfdxAuthUrl can still be used to authenticate. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SalesforceConnectionTestResponseDto":{"type":"object","properties":{"isValid":{"type":"boolean","description":"Whether the connection is valid"},"username":{"type":"string","description":"Username tested"},"orgId":{"type":"string","description":"Organization ID if connection successful"},"organizationType":{"type":"string","description":"Organization type if connection successful"},"instanceName":{"type":"string","description":"Instance name if connection successful"},"error":{"type":"string","description":"Error message if connection failed"}},"required":["isValid","username"]}}},"paths":{"/sfp/api/auth/salesforce/test-connection":{"post":{"operationId":"SalesforceAuthController_testConnection","summary":"Test connection to a REGISTERED Salesforce org","description":"Tests if the stored credentials for a **registered** org are still valid.\n\n **Note**: This endpoint only works for orgs that are registered in the system.\n It validates that the stored sfdxAuthUrl can still be used to authenticate.","parameters":[{"name":"username","required":true,"in":"query","description":"Username of the Salesforce org to test, or sandbox name for sandboxes with no sfdxAuthUrl","schema":{"type":"string"}}],"responses":{"200":{"description":"Connection test results","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceConnectionTestResponseDto"}}}},"403":{"description":"Forbidden - Requires role: owner, application"},"404":{"description":"Organization not found"}},"tags":["Orgs"]}}}} ``` ## Get the default DevHub organization > Returns the org marked as the default DevHub with authentication details for owner role and application tokens. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SalesforceOrgListItemDto":{"type":"object","properties":{"username":{"type":"string","description":"Username of the Salesforce org user"},"instanceUrl":{"type":"string","description":"Instance URL of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"organizationType":{"type":"string","description":"Type of the Salesforce org"},"instanceName":{"type":"string","description":"Salesforce instance name"},"parentProductionUsername":{"type":"string","description":"Parent production org username (for JIT sandboxes)"},"isJitRegistration":{"type":"boolean","description":"Whether this org was registered using JIT authentication"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"},"isDefault":{"type":"boolean","description":"Whether this is the default DevHub"},"metadata":{"type":"object","description":"Additional metadata stored as key-value pairs"},"createdAt":{"format":"date-time","type":"string","description":"When the org was registered"}},"required":["username","instanceUrl","orgId","organizationType","instanceName","createdAt"]}}},"paths":{"/sfp/api/auth/salesforce/default-devhub":{"get":{"operationId":"SalesforceAuthController_getDefaultDevHub","summary":"Get the default DevHub organization","description":"Returns the org marked as the default DevHub with authentication details for owner role and application tokens.","parameters":[{"name":"authType","required":false,"in":"query","description":"Type of authentication to return: \"accessToken\" (short-lived, default) or \"sfdxAuthUrl\" (long-lived refresh token for long-running operations)","schema":{"enum":["accessToken","sfdxAuthUrl"],"type":"string"}}],"responses":{"200":{"description":"Default DevHub organization details","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SalesforceOrgListItemDto"}}}},"403":{"description":"Forbidden - Requires role: member, application"},"404":{"description":"No default DevHub found"}},"tags":["Orgs"]}}}} ``` ## Generate a short-lived access token for a REGISTERED Salesforce org > Generates a new access token using the stored refresh token (sfdxAuthUrl) for a \*\*registered\*\* org.\ > \ > \*\*Important\*\*: This endpoint is for orgs that are already registered in the system.\ > For unregistered sandboxes or scratch orgs, use:\ > \- \`POST /auth/salesforce/sandbox/authenticate\` for unregistered sandboxes\ > \- \`POST /auth/salesforce/scratch/authenticate\` for unregistered scratch orgs\ > \ > This endpoint is designed for CI/CD workflows where you need to authenticate to Salesforce\ > without exposing the long-lived refresh token. The access token returned is short-lived\ > (typically 1-2 hours) and can be used directly with the CLI:\ > \ > sfp org login --access-token \ --instance-url \\ > \ > Security benefits:\ > \- Refresh token stays securely on the server\ > \- Access tokens expire quickly, limiting exposure if compromised\ > \- Each request generates a fresh token ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"AccessTokenResponseDto":{"type":"object","properties":{"accessToken":{"type":"string","description":"Salesforce access token (short-lived)"},"instanceUrl":{"type":"string","description":"Salesforce instance URL"},"username":{"type":"string","description":"Username of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"}},"required":["accessToken","instanceUrl","username","orgId"]}}},"paths":{"/sfp/api/auth/salesforce/access-token":{"post":{"operationId":"SalesforceAuthController_generateAccessToken","summary":"Generate a short-lived access token for a REGISTERED Salesforce org","description":"Generates a new access token using the stored refresh token (sfdxAuthUrl) for a **registered** org.\n\n **Important**: This endpoint is for orgs that are already registered in the system.\n For unregistered sandboxes or scratch orgs, use:\n - `POST /auth/salesforce/sandbox/authenticate` for unregistered sandboxes\n - `POST /auth/salesforce/scratch/authenticate` for unregistered scratch orgs\n\n This endpoint is designed for CI/CD workflows where you need to authenticate to Salesforce\n without exposing the long-lived refresh token. The access token returned is short-lived\n (typically 1-2 hours) and can be used directly with the CLI:\n\n sfp org login --access-token --instance-url \n\n Security benefits:\n - Refresh token stays securely on the server\n - Access tokens expire quickly, limiting exposure if compromised\n - Each request generates a fresh token","parameters":[{"name":"username","required":true,"in":"query","description":"Username of the Salesforce org to generate access token for","schema":{"type":"string"}}],"responses":{"200":{"description":"Access token generated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokenResponseDto"}}}},"403":{"description":"Forbidden - Requires role: owner, application"},"404":{"description":"Organization not found"}},"tags":["Orgs"]}}}} ``` ## Generate a short-lived access token for the default DevHub > Generates a new access token for the default DevHub organization.\ > \ > This is a convenience endpoint for CI/CD workflows that need DevHub access.\ > Use the returned access token with:\ > \ > sfp org login --access-token \ --instance-url \ --set-default-dev-hub ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"AccessTokenResponseDto":{"type":"object","properties":{"accessToken":{"type":"string","description":"Salesforce access token (short-lived)"},"instanceUrl":{"type":"string","description":"Salesforce instance URL"},"username":{"type":"string","description":"Username of the Salesforce org"},"orgId":{"type":"string","description":"Salesforce Organization ID"},"isDevHub":{"type":"boolean","description":"Whether this org is a DevHub"}},"required":["accessToken","instanceUrl","username","orgId"]}}},"paths":{"/sfp/api/auth/salesforce/default-devhub/access-token":{"post":{"operationId":"SalesforceAuthController_generateDefaultDevHubAccessToken","summary":"Generate a short-lived access token for the default DevHub","description":"Generates a new access token for the default DevHub organization.\n\n This is a convenience endpoint for CI/CD workflows that need DevHub access.\n Use the returned access token with:\n\n sfp org login --access-token --instance-url --set-default-dev-hub","parameters":[],"responses":{"200":{"description":"Access token generated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokenResponseDto"}}}},"403":{"description":"Forbidden - Requires role: owner, application"},"404":{"description":"No default DevHub found"}},"tags":["Orgs"]}}}} ``` ## Get Salesforce org frontdoor URL > Returns or redirects to a frontdoor URL for a sandbox or scratch org.\ > \ > The endpoint will check in order:\ > 1\. Registered orgs with stored auth URLs\ > 2\. Pool instances (if repository is provided)\ > 3\. Dynamic generation using production org credentials\ > \ > For pool instances, the repository parameter is required to ensure the correct sandbox is accessed. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/auth/salesforce/frontdoor":{"get":{"operationId":"SalesforceAuthController_getFrontdoor","summary":"Get Salesforce org frontdoor URL","description":"Returns or redirects to a frontdoor URL for a sandbox or scratch org.\n \n The endpoint will check in order:\n 1. Registered orgs with stored auth URLs\n 2. Pool instances (if repository is provided)\n 3. Dynamic generation using production org credentials\n \n For pool instances, the repository parameter is required to ensure the correct sandbox is accessed.","parameters":[{"name":"target","required":true,"in":"query","description":"Scratch org username, sandbox name, or pool instance name","schema":{"type":"string"}},{"name":"repository","required":false,"in":"query","description":"Repository identifier (org/repo) to search for pool instances","schema":{"type":"string"}},{"name":"prodOrg","required":false,"in":"query","description":"Production org username (for dynamic sandbox generation)","schema":{"type":"string"}},{"name":"redirect","required":false,"in":"query","description":"Redirect to frontdoor URL (default true)","schema":{"type":"boolean"}}],"responses":{"403":{"description":"Forbidden - Requires role: member, application"}},"tags":["Orgs"]}}}} ``` ## Authenticate to an unregistered Salesforce sandbox > \ > Generates a short-lived access token for a Salesforce sandbox that is NOT registered in the system.\ > \ > \*\*Important\*\*: This endpoint is for sandboxes that are not registered as orgs.\ > For registered orgs (including registered sandboxes), use:\ > \- \`POST /auth/salesforce/access-token?username=\\` to generate access tokens\ > \ > How it works:\ > 1\. Uses the registered production org's credentials to perform OAuth exchange\ > 2\. Calls the Salesforce /sandboxAuth API to get an auth code\ > 3\. Exchanges the auth code for an access token\ > 4\. Returns the access token (short-lived, typically 1-2 hours)\ > \ > Requirements:\ > \- The production org must be registered using /auth/salesforce/register first\ > \- The sandbox must be created from the production org\ > ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SandboxAuthRequestDto":{"type":"object","properties":{"sandboxName":{"type":"string","description":"The name of the sandbox to authenticate"},"productionUsername":{"type":"string","description":"Username of the production org (must be registered). If not provided, the service will cycle through all registered production orgs to find one that has this sandbox."}},"required":["sandboxName"]},"SandboxAuthResponseDto":{"type":"object","properties":{"sandboxName":{"type":"string","description":"Name of the authenticated sandbox"},"sandboxUsername":{"type":"string","description":"Username in the sandbox"},"accessToken":{"type":"string","description":"Access token for the sandbox"},"instanceUrl":{"type":"string","description":"Instance URL for the sandbox"},"frontDoorUrl":{"type":"string","description":"Front door URL for direct login"},"productionOrg":{"type":"object","description":"Production org details"}},"required":["sandboxName","sandboxUsername","accessToken","instanceUrl","frontDoorUrl","productionOrg"]}}},"paths":{"/sfp/api/auth/salesforce/sandbox/authenticate":{"post":{"operationId":"SandboxAuthController_authenticateSandbox","summary":"Authenticate to an unregistered Salesforce sandbox","description":"\n Generates a short-lived access token for a Salesforce sandbox that is NOT registered in the system.\n\n **Important**: This endpoint is for sandboxes that are not registered as orgs.\n For registered orgs (including registered sandboxes), use:\n - `POST /auth/salesforce/access-token?username=` to generate access tokens\n\n How it works:\n 1. Uses the registered production org's credentials to perform OAuth exchange\n 2. Calls the Salesforce /sandboxAuth API to get an auth code\n 3. Exchanges the auth code for an access token\n 4. Returns the access token (short-lived, typically 1-2 hours)\n\n Requirements:\n - The production org must be registered using /auth/salesforce/register first\n - The sandbox must be created from the production org\n ","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SandboxAuthRequestDto"}}}},"responses":{"201":{"description":"Successfully authenticated to sandbox","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SandboxAuthResponseDto"}}}},"400":{"description":"Bad Request - sandbox is already registered (use /auth/salesforce/access-token instead)"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden - Requires role: member, application"},"404":{"description":"Production org not found"}},"tags":["Orgs"]}}}} ``` ## Authenticate to an unregistered Salesforce scratch org > \ > Generates a short-lived access token for a Salesforce scratch org that is NOT registered in the system.\ > \ > \*\*Important\*\*: This endpoint is for scratch orgs that are not registered as orgs.\ > For registered orgs (including registered scratch orgs), use:\ > \- \`POST /auth/salesforce/access-token?username=\\` to generate access tokens\ > \ > How it works:\ > 1\. Queries the DevHub's ScratchOrgInfo object for the scratch org\ > 2\. Retrieves the SfdxAuthUrl\_\_c custom field (must be populated)\ > 3\. Uses the stored refresh token to generate a fresh access token\ > 4\. Returns the access token (short-lived, typically 1-2 hours)\ > \ > Requirements:\ > \- A DevHub org must be registered using /auth/salesforce/register first\ > \- The scratch org must have SfdxAuthUrl\_\_c populated in its ScratchOrgInfo record\ > \- If devhubUsername is not provided, the system will try all registered DevHub orgs\ > ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.3.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"ScratchOrgAuthRequestDto":{"type":"object","properties":{"scratchOrgUsername":{"type":"string","description":"Username of the scratch org to authenticate"},"devhubUsername":{"type":"string","description":"Username of the DevHub org (optional - if not provided, will try all registered DevHub orgs)"}},"required":["scratchOrgUsername"]},"ScratchOrgAuthResponseDto":{"type":"object","properties":{"scratchOrgUsername":{"type":"string","description":"Username of the authenticated scratch org"},"accessToken":{"type":"string","description":"Access token for the scratch org"},"instanceUrl":{"type":"string","description":"Instance URL for the scratch org"},"frontDoorUrl":{"type":"string","description":"Front door URL for direct login"},"sfdxAuthUrl":{"type":"string","description":"SFDX Auth URL for the scratch org (if available)"},"orgId":{"type":"string","description":"Org ID of the scratch org"},"devhubOrg":{"type":"object","description":"DevHub org details"}},"required":["scratchOrgUsername","accessToken","instanceUrl","frontDoorUrl","orgId","devhubOrg"]}}},"paths":{"/sfp/api/auth/salesforce/scratch/authenticate":{"post":{"operationId":"ScratchOrgAuthController_authenticateScratchOrg","summary":"Authenticate to an unregistered Salesforce scratch org","description":"\n Generates a short-lived access token for a Salesforce scratch org that is NOT registered in the system.\n\n **Important**: This endpoint is for scratch orgs that are not registered as orgs.\n For registered orgs (including registered scratch orgs), use:\n - `POST /auth/salesforce/access-token?username=` to generate access tokens\n\n How it works:\n 1. Queries the DevHub's ScratchOrgInfo object for the scratch org\n 2. Retrieves the SfdxAuthUrl__c custom field (must be populated)\n 3. Uses the stored refresh token to generate a fresh access token\n 4. Returns the access token (short-lived, typically 1-2 hours)\n\n Requirements:\n - A DevHub org must be registered using /auth/salesforce/register first\n - The scratch org must have SfdxAuthUrl__c populated in its ScratchOrgInfo record\n - If devhubUsername is not provided, the system will try all registered DevHub orgs\n ","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScratchOrgAuthRequestDto"}}}},"responses":{"201":{"description":"Successfully authenticated to scratch org","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScratchOrgAuthResponseDto"}}}},"400":{"description":"Bad Request - scratch org is already registered (use /auth/salesforce/access-token instead), or SfdxAuthUrl__c not available"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden - Requires role: member, application"},"404":{"description":"DevHub org not found or no DevHub orgs registered"}},"tags":["Orgs"]}}}} ```