Authentication
Prerequisites:
- You must have Salesforce OAuth setup in the org. To setup up a connected app for OAuth, the "pardot_api" scope must be one of the selected OAuth scopes. Otherwise, OAuth flows other than username/password flow will not be usable with the Pardot API.
Check out this video for an example of how to implement OAuth.
-
You must have the Pardot Business Unit ID that you are trying to authenticate with. To find the Pardot Business Unit ID, use Setup in Salesforce. From Setup, enter "Pardot Account Setup" in the Quick Find box. Your Pardot Business Unit ID begins with "0Uv" and is 18 characters long. If you cannot access the Pardot Account Setup information, ask your Salesforce Administrator to provide you with the Pardot Business Unit ID.
-
Authenticate with a user that is SSO enabled. An SSO enabled user is one who can log in to the Pardot user interface (https://pi.pardot.com) using "Log In with Salesforce" or who can access Pardot using the Pardot Lightning App.
Obtain Salesforce Access Token
To use Pardot API with an SSO user, you must first get a salesforce access token. The example below uses the username/password OAuth flow to obtain an access token for simplicity. Any OAuth flow can be used to obtain an access token. In many use cases, other OAuth flows are more appropriate than username/password flow. For example, a web app with user interaction would likely use either user agent flow or web server flow. See Salesforce OAuth setup for details.
Oauth Authentication Domain by Account Type
| Pardot Account Type | Salesforce Domain | Pardot Domain |
|---|---|---|
| Production Account | login.salesforce.com |
pi.pardot.com |
| Pardot Developer Org | login.salesforce.com |
pi.demo.pardot.com |
| Sandbox | test.salesforce.com |
pi.demo.pardot.com |
Sample POST Request for OAuth Token
Request must be made using HTTPS.
POST /services/oauth2/token HTTP/1.1
Host: login.salesforce.com
Content-type: application/x-www-form-urlencoded
grant_type=password&
client_id=<client_id>&
client_secret=<client_secret>&
username=<username>&
password=<password>
Request Parameters
| Parameter | Required | Description |
|---|---|---|
grant_type |
X | The value must be "password" |
client_id |
X | The consumer key |
client_secret |
X | The consumer secret |
username |
X | The email address of the SSO user account |
password |
X | The password of the SSO user account |
If authentication is successful, an access token is be returned. See Salesforce OAuth documentation for the response format.
Using Access Token with Pardot
After you get the access token, you must pass it and the Pardot Business Unit ID using the Authorization and Pardot-Business-Unit-Id headers.
Sample Request
Request must be made using HTTPS.
POST /api/<object>/version/<version>/do/<op> HTTP/1.1
Host: pi.pardot.com
Authorization: Bearer <access_token>
Pardot-Business-Unit-Id: <business_unit_id>
Request Parameters
| Parameter | Required | Description |
|---|---|---|
access_token |
X | Access token obtained from Salesforce OAuth Endpoint |
business_unit_id |
X | Pardot Business Unit ID |
If a valid access token is provided with a valid business unit ID, the Pardot endpoint should work as expected.
Note: The Pardot API does not enforce IP address restrictions that are configured using the Salesforce option "Enforce login IP ranges on every request".