A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. To simplify the setup of authenticated callouts, specify a named credential as the callout endpoint. If you instead specify a URL as the callout endpoint, you must register that URL in your org’s remote site settings and handle the authentication yourself. For example, for an Apex callout, your code would need to handle authentication, which can be less secure and especially complicated for OAuth implementations.
Salesforce manages all authentication for callouts that specify a named credential as the callout endpoint so that you don’t have to. You can also skip remote site settings, which are otherwise required for callouts to external sites, for the site defined in the named credential.
Named credentials are supported in these types of callout definitions:
§ Apex callouts
§ External data sources of these types:
o Salesforce Connect: OData 2.0
o Salesforce Connect: OData 4.0
o Salesforce Connect: Custom (developed with the Apex Connector Framework)
By separating the endpoint URL and authentication from the callout definition, named credentials make callouts easier to maintain. For example, if an endpoint URL changes, you update only the named credential. All callouts that reference the named credential simply continue to work.
Named credentials support basic password authentication and OAuth 2.0. You can set up each named credential to use an org-wide named principal or to use per-user authentication so that users can manage their own credentials.
To reference a named credential from a callout definition, use the named credential URL. A named credential URL contains the scheme , the name of the named credential, and an optional path. For example: .
You can append a query string to a named credential URL. Use a question mark (?) as the separator between the named credential URL and the query string. For example: .