Orgs
Registers a new Salesforce organization or updates an existing one.
Requirements:
- sfdxAuthUrl is required (Generate using: sf org:display -u [email protected] --verbose --json)
- The connection is validated before registration
- instanceUrl is optional and will be extracted from sfdxAuthUrl if not provided
Optional fields:
- isDevHub: Mark this org as a DevHub (default: false)
- isDefault: Mark this as the default DevHub - only one org can have this set (default: false)
- metadata: Additional metadata as key-value pairs in JSON format
If an org with the same username exists, it will be updated.
For sandbox registrations without sfdxAuthUrl, use /auth/salesforce/register-sandbox-by-name instead.Instance URL of the Salesforce org (will be extracted from sfdxAuthUrl if not provided)
https://mycompany.my.salesforce.comPattern: https://*.salesforce.comSFDX Auth URL (generated using sf org:display -u [email protected] --verbose --json)
force://CLIENT_ID:CLIENT_SECRET:[email protected]Whether this org is a DevHub
falseWhether this is the default DevHub (only one org can have this set to true)
falseAdditional metadata stored as key-value pairs
{"environment":"production","region":"us-west"}Organization successfully registered/updated
Invalid input or connection failed
Registers a Salesforce sandbox organization using credentials from an already registered production org.
Requirements:
- The production org must be registered first using /auth/salesforce/register
- The sandbox must be created by the same user whose credentials are stored for the production org
- The system will validate the sandbox and retrieve all necessary details automatically
This endpoint is specifically for sandboxes where you don't have the sfdxAuthUrl.
Just-in-time authentication will be used when accessing the sandbox.Name of the sandbox to register
dev1Username of the production org (must be already registered)
[email protected]Sandbox successfully registered
Invalid input or validation failed
Production org not found
Returns a list of all registered Salesforce organizations with optional filtering.
Filter options:
- type: Filter by organization type (e.g., "Production", "Sandbox")
- devhub: Filter to show only DevHub organizations
- metadata: Filter by metadata key-value pairs using either format:
- Comma-separated: key1=value1,key2=value2
- JSON object: {"key1":"value1","key2":"value2"}
Response includes DevHub status, default flag, and metadata for each org.Filter organizations by type (e.g., "Developer Edition", "Production", "Sandbox")
Filter to show only DevHub organizations
Filter by metadata key-value pairs. Format: key1=value1,key2=value2 or JSON object
List of registered organizations
List of registered organizations
Returns detailed information about a specific registered Salesforce organization. Owner role and application tokens can request authentication credentials.
Username of the Salesforce org to retrieve, or sandbox name for sandboxes with no sfdxAuthUrl
Type of authentication to return: "accessToken" (short-lived, default) or "sfdxAuthUrl" (long-lived refresh token for long-running operations)
Organization details
Organization not found
Removes the stored credentials for a Salesforce organization
Username of the Salesforce org to delete, or sandbox name for sandboxes with no sfdxAuthUrl
Organization successfully deleted
No content
Organization not found
No content
Updates metadata fields of an existing Salesforce organization registration without re-validating the connection.
Updatable fields:
- isDevHub: Mark/unmark as DevHub
- isDefault: Mark/unmark as default DevHub (enforces single default constraint)
- metadata: Update metadata key-value pairs
Note: This endpoint does not validate the Salesforce connection, it only updates metadata attributes.Username of the Salesforce org to update
Whether this org is a DevHub
Whether this is the default DevHub (only one org can have this set to true)
Additional metadata stored as key-value pairs
{"environment":"production","region":"us-west"}Organization successfully updated
Organization not found
Tests if the stored credentials for a registered org are still valid.
**Note**: This endpoint only works for orgs that are registered in the system.
It validates that the stored sfdxAuthUrl can still be used to authenticate.Username of the Salesforce org to test, or sandbox name for sandboxes with no sfdxAuthUrl
Connection test results
Organization not found
Returns the org marked as the default DevHub with authentication details for owner role and application tokens.
Type of authentication to return: "accessToken" (short-lived, default) or "sfdxAuthUrl" (long-lived refresh token for long-running operations)
Default DevHub organization details
No default DevHub found
Generates a new access token using the stored refresh token (sfdxAuthUrl) for a registered org.
**Important**: This endpoint is for orgs that are already registered in the system.
For unregistered sandboxes or scratch orgs, use:
- `POST /auth/salesforce/sandbox/authenticate` for unregistered sandboxes
- `POST /auth/salesforce/scratch/authenticate` for unregistered scratch orgs
This endpoint is designed for CI/CD workflows where you need to authenticate to Salesforce
without exposing the long-lived refresh token. The access token returned is short-lived
(typically 1-2 hours) and can be used directly with the CLI:
sfp org login --access-token <token> --instance-url <url>
Security benefits:
- Refresh token stays securely on the server
- Access tokens expire quickly, limiting exposure if compromised
- Each request generates a fresh tokenUsername of the Salesforce org to generate access token for
Access token generated successfully
Organization not found
Generates a new access token for the default DevHub organization.
This is a convenience endpoint for CI/CD workflows that need DevHub access.
Use the returned access token with:
sfp org login --access-token <token> --instance-url <url> --set-default-dev-hubAccess token generated successfully
No default DevHub found
Returns or redirects to a frontdoor URL for a sandbox or scratch org.
The endpoint will check in order:
1. Registered orgs with stored auth URLs
2. Pool instances (if repository is provided)
3. Dynamic generation using production org credentials
For pool instances, the repository parameter is required to ensure the correct sandbox is accessed.Scratch org username, sandbox name, or pool instance name
Repository identifier (org/repo) to search for pool instances
Production org username (for dynamic sandbox generation)
Redirect to frontdoor URL (default true)
No content
No content
Generates a short-lived access token for a Salesforce sandbox that is NOT registered in the system.
**Important**: This endpoint is for sandboxes that are not registered as orgs.
For registered orgs (including registered sandboxes), use:
- `POST /auth/salesforce/access-token?username=<sandbox-username>` to generate access tokens
How it works:
1. Uses the registered production org's credentials to perform OAuth exchange
2. Calls the Salesforce /sandboxAuth API to get an auth code
3. Exchanges the auth code for an access token
4. Returns the access token (short-lived, typically 1-2 hours)
Requirements:
- The production org must be registered using /auth/salesforce/register first
- The sandbox must be created from the production orgThe name of the sandbox to authenticate
dev1Username of the production org (must be registered). If not provided, the service will cycle through all registered production orgs to find one that has this sandbox.
[email protected]Successfully authenticated to sandbox
Bad Request - sandbox is already registered (use /auth/salesforce/access-token instead)
Unauthorized
Production org not found
Generates a short-lived access token for a Salesforce scratch org that is NOT registered in the system.
**Important**: This endpoint is for scratch orgs that are not registered as orgs.
For registered orgs (including registered scratch orgs), use:
- `POST /auth/salesforce/access-token?username=<scratch-org-username>` to generate access tokens
How it works:
1. Queries the DevHub's ScratchOrgInfo object for the scratch org
2. Retrieves the SfdxAuthUrl__c custom field (must be populated)
3. Uses the stored refresh token to generate a fresh access token
4. Returns the access token (short-lived, typically 1-2 hours)
Requirements:
- A DevHub org must be registered using /auth/salesforce/register first
- The scratch org must have SfdxAuthUrl__c populated in its ScratchOrgInfo record
- If devhubUsername is not provided, the system will try all registered DevHub orgsUsername of the scratch org to authenticate
[email protected]Username of the DevHub org (optional - if not provided, will try all registered DevHub orgs)
[email protected]Successfully authenticated to scratch org
Bad Request - scratch org is already registered (use /auth/salesforce/access-token instead), or SfdxAuthUrl__c not available
Unauthorized
DevHub org not found or no DevHub orgs registered
Last updated