Authentication

Prerequisites:

Check out this video for an example of how to implement OAuth.

Vidyard Video

Obtain Salesforce Access Token

To use Pardot API with an SSO user, you must first get a salesforce access token. The example below uses the username/password OAuth flow to obtain an access token for simplicity. Any OAuth flow can be used to obtain an access token. In many use cases, other OAuth flows are more appropriate than username/password flow. For example, a web app with user interaction would likely use either user agent flow or web server flow. See Salesforce OAuth setup for details.

Oauth Authentication Domain by Account Type

Pardot Account Type Salesforce Domain Pardot Domain
Production Account login.salesforce.com pi.pardot.com
Pardot Developer Org login.salesforce.com pi.demo.pardot.com
Sandbox test.salesforce.com pi.demo.pardot.com

Sample POST Request for OAuth Token

Request must be made using HTTPS.

POST /services/oauth2/token HTTP/1.1
Host: login.salesforce.com
Content-type: application/x-www-form-urlencoded

grant_type=password&
client_id=<client_id>&
client_secret=<client_secret>&
username=<username>&
password=<password>

Request Parameters

Parameter Required Description
grant_type X The value must be "password"
client_id X The consumer key
client_secret X The consumer secret
username X The email address of the SSO user account
password X The password of the SSO user account

If authentication is successful, an access token is be returned. See Salesforce OAuth documentation for the response format.

Using Access Token with Pardot

After you get the access token, you must pass it and the Pardot Business Unit ID using the Authorization and Pardot-Business-Unit-Id headers.

Sample Request

Request must be made using HTTPS.

POST /api/<object>/version/<version>/do/<op> HTTP/1.1
Host: pi.pardot.com
Authorization: Bearer <access_token>
Pardot-Business-Unit-Id: <business_unit_id>

Request Parameters

Parameter Required Description
access_token X Access token obtained from Salesforce OAuth Endpoint
business_unit_id X Pardot Business Unit ID

If a valid access token is provided with a valid business unit ID, the Pardot endpoint should work as expected.

Note: The Pardot API does not enforce IP address restrictions that are configured using the Salesforce option "Enforce login IP ranges on every request".