Salesforce Asked on December 21, 2021
We’ve integrated a Pardot Sandbox account with Salesforce using the Salesforce-Pardot Connector v2.
I’m trying to use the Pardot API with an SSO user on a Sandbox Salesforce org (i.e. when creating the Pardot user I enabled ‘Enable single sign-on with CRM’ as documented here to convert the Pardot user to an SSO-only user).
I’m obtaining my access token via Salesforce OAuth, as the documentation states:
To access the Pardot API with an SSO enabled user (including users synced from Salesforce), you must use a Salesforce OAuth endpoint for authentication.
I’m making the following request to obtain an OAuth token, which I get successfully. (And yes I’m aware that the OAuth 2.0 Username-Password Flow should only be used for special scenarios).
POST https://test.salesforce.com/services/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=password
client_id={{Connected_App_consumerKey}}
client_secret={{Connected_App_consumerSecret}}
username={{Salesforce_SSO_username}}
password={{Salesforce_SSO_password}}
Note: I assume the documentation is wrong as it states the username is ‘the email address of the SSO user account’, when I believe they are referring to the username.
I successfully get back the OAuth token, so far, so good. Next, when I try to use the access token in to create a new batch import in Pardot:
POST https://pi.pardot.com/api/import/version/4/do/create
Content-Type: application/json
Authorization: Bearer {{access_token}}
Pardot-Business-Unit-Id: 0Uv19000000CaR7CAK
{"operation":"Upsert","object":"Prospect"}
I receive the following response:
<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="fail" version="1.0">
<err code="49">Access Denied</err>
</rsp>
I note that this error code relates to:
Problem: User is not authorized to perform the requested operation either due to access restrictions or forbidden method of passing credentials
The SSO user has a ‘System Administrator’ role and the Selected OAuth Scopes (in the Connected App) include:
I’ve also tried other operations like /api/prospect/version/4/do/query
and get the same response.
My suspicion is that Pardot isn’t able to validate the access token as it was issued from a sandbox endpoint (test.salesforce.com instead of login.salesforce.com). But Pardot is integrated with the Sandbox account. Do you know if it’s possible to use the Pardot API with a sandbox SSO user? I would assume it would be, but there’s no way that I can hint to the Pardot API that this access token was obtained from a sandbox org.
It turns out the issue is that Pardot Sandbox accounts use a different API endpoint (this isn't mentioned anywhere in the Pardot API documentation). Instead of using the route:
https://pi.pardot.com/api/{{objectName}}/version/{{versionNumber}}/do/{{operation}}
You need to include demo
in the base URL:
https://pi.demo.pardot.com/api/{{objectName}}/version/{{versionNumber}}/do/{{operation}}
Answered by Eliot Harper on December 21, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP