Platform
Chatbot Builder Bulk Messaging Team Inbox Mini CRM API & Webhooks AI Integration WhatsApp Flows
Industries
E-commerce & D2C Real Estate Education Healthcare Finance & BFSI Logistics Hospitality Retail
Integrations
Learn
Learning Hub Help & Docs Connect Guides Automation Codex Blog Message Templates
Pricing Get Started →
HomeConnect › Connect Salesforce to WhatsApp
Salesforce Integration Guide · CRM / Sales

Connect Salesforce to WhatsApp

Query live Salesforce contact and lead data from a WhatsApp chatbot. When a prospect messages you, search their record by phone number using SOQL, fetch their lead source and account owner, and reply with context from your CRM.

Published 22 June 2026  ·  10 min read  ·  CRM / Sales

Before following this guide, read the External API Request step foundation guide. It covers every field in the step interface so this guide can focus on Salesforce-specific values.

Salesforce uses a two-step auth flow

Unlike most APIs where you paste a token directly, Salesforce requires two steps: (1) authenticate at login.salesforce.com to get an access token and instance URL, then (2) use that instance URL for all data calls. The instance URL is unique to your org and looks like https://yourorg.my.salesforce.com.

Step 1: Create a Salesforce Connected App

A Connected App provides the Consumer Key and Consumer Secret needed to authenticate. You need System Administrator access to create one.

1
In Salesforce, click the Setup gear (top right) and go to App Manager. Click New Connected App.
2
Fill in: Connected App Name (e.g. "WA.Expert Bot"), API Name (auto-fills), Contact Email. Check Enable OAuth Settings.
3
Set Callback URL to https://login.salesforce.com/services/oauth2/success. Under Selected OAuth Scopes, add Access and manage your data (api). Save.
4
Wait about 10 minutes for the app to propagate. Then click Manage Consumer Details. Copy the Consumer Key and Consumer Secret.
5
Go to Manage the Connected App. Under OAuth Policies, set IP Relaxation to Relax IP Restrictions. Save.
Also enable Username-Password flow

Salesforce disables the username-password OAuth flow by default since Spring '22. Go to Setup > OAuth and OpenID Connect Settings and enable 'Allow OAuth Username-Password Flows'. Without this, the token request returns an error.

Official docs

Salesforce Connected Apps: developer.salesforce.com/docs/atlas.en-us.api_rest

Step 2: Get your access token and instance URL

You need your Salesforce username, password + security token, Consumer Key, and Consumer Secret. The security token is separate from your password. Find it under your profile → Settings → Reset My Security Token.

Step 2A — Get access token and instance URL (do this once)
POST https://login.salesforce.com/services/oauth2/token
Content-Type: application/x-www-form-urlencoded

Body (form fields):
  grant_type    = password
  client_id     = YOUR_CONSUMER_KEY
  client_secret = YOUR_CONSUMER_SECRET
  username      = your@salesforce.com
  password      = YourPassword123YourSecurityToken

Response:
{
  "access_token": "00D5e000001N20Q!ASAAQEDBeG8bOwPu8N...",
  "instance_url": "https://yourorg.my.salesforce.com",
  "token_type": "Bearer"
}

Save BOTH: access_token and instance_url.
All subsequent API calls go to instance_url, not login.salesforce.com.
Password + security token concatenated with no space

The password field in the token request must be your Salesforce login password immediately followed by your security token, with no separator. If password is 'Pass123' and token is 'abc123', send 'Pass123abc123'. Get your security token from Profile > Settings > My Personal Information > Reset My Security Token.

Step 3: Fill in the External API Request step

In your WA.Expert chatbot flow, store the customer's phone number as {{customer_phone}}. Add an External API Request step using the instance URL from Step 2:

External API Request Step — WA.Expert
Select Method
GET
Request URL
https://yourorg.my.salesforce.com/services/data/v67.0/query?q=SELECT+Id,FirstName,LastName,Email,Phone,LeadSource,OwnerId+FROM+Contact+WHERE+Phone='{{{{customer_phone}}}}'
Select Auth Type
No Auth (Bearer token in header below)
Header Parameters
AuthorizationBearer 00D5e000001N20Q!ASAAQEDBeG8bOwPu8N...
Content-Typeapplication/json
Select Body Type
None (GET requests carry no body)
Choose Response Type
JSON

Field-by-field breakdown

FieldValueNotes
Select MethodGETRunning a SOQL query to search records.
Request URLhttps://yourorg.my.salesforce.com/services/data/v67.0/query?q=...Replace yourorg.my.salesforce.com with your instance_url from Step 2. v67.0 is Summer '26. The ?q= parameter takes a URL-encoded SOQL query.
Select Auth TypeNo AuthThe Bearer token goes in the Authorization header below.
AuthorizationBearer 00D5e000001N20Q!...Include the word 'Bearer' followed by a space, then the access_token from Step 2.
Content-Typeapplication/jsonStandard header for Salesforce REST API.
Select Body TypeNoneGET requests carry no body.
Choose Response TypeJSONSalesforce returns structured JSON.

SOQL query reference

SOQL (Salesforce Object Query Language) is Salesforce's SQL-like language. You only need one template for a contact lookup:

What you wantSOQL query
Contact by phoneSELECT Id, FirstName, LastName, Email, Phone, LeadSource FROM Contact WHERE Phone = '9820000001'
Contact by mobileSELECT Id, FirstName, LastName, Email, MobilePhone FROM Contact WHERE MobilePhone = '9820000001'
Phone or mobileSELECT Id, FirstName, LastName FROM Contact WHERE Phone = '9820000001' OR MobilePhone = '9820000001'
Lead by phoneSELECT Id, FirstName, LastName, Email, Status, LeadSource FROM Lead WHERE Phone = '9820000001'
Account by nameSELECT Id, Name, Phone, BillingCity FROM Account WHERE Name LIKE '%Sharma%'

SOQL is case-insensitive for keywords (SELECT, FROM, WHERE) but case-sensitive for field names. Salesforce standard fields use PascalCase: FirstName, LastName, LeadSource, OwnerId.

Step 4: Map the response to WhatsApp variables

A successful Salesforce SOQL query response looks like this:

Salesforce REST API — query response
{
  "totalSize": 1,
  "done": true,
  "records": [
    {
      "attributes": {
        "type": "Contact",
        "url": "/services/data/v67.0/sobjects/Contact/003Dp000003xyzABC"
      },
      "Id": "003Dp000003xyzABC",
      "FirstName": "Priya",
      "LastName": "Sharma",
      "Email": "priya@example.com",
      "Phone": "+919820000001",
      "LeadSource": "Web",
      "OwnerId": "005Dp000002abcDEF"
    }
  ]
}
Results are in records array: check totalSize first

Salesforce wraps results in a 'records' array. If totalSize is 0, no contact matched the phone number. Add a conditions branch in your chatbot: if totalSize equals 0, reply 'We could not find your record. Please contact support.'

Map these response paths to variables in the External API Request step:

Variable nameResponse pathExample value
result_counttotalSize1
contact_idrecords[0].Id003Dp000003xyzABC
first_namerecords[0].FirstNamePriya
last_namerecords[0].LastNameSharma
emailrecords[0].Emailpriya@example.com
lead_sourcerecords[0].LeadSourceWeb

The attributes object in each record is Salesforce metadata. Your actual contact data is in the named fields alongside it.

Keep the WhatsApp reply in the free service window

If the contact messaged you first within the last 24 hours, your reply is a free service conversation. For proactive outbound follow-up triggered by Salesforce data, use an approved Utility or Marketing template at Rs. 0.115 per message.

Worked example: contact lookup bot

Chatbot flow — Salesforce contact lookup by WhatsApp number
Customer messages your WhatsApp number.
WA.Expert captures their phone as {{customer_phone}} = "+919820000001".

External API Request step:
GET https://yourorg.my.salesforce.com/services/data/v67.0/query
  ?q=SELECT+Id,FirstName,LastName,LeadSource+FROM+Contact+WHERE+Phone='+919820000001'
Authorization: Bearer 00D5e000001N20Q!...

Response mapped:
result_count = "1"
first_name   = "Priya"
last_name    = "Sharma"
lead_source  = "Web"

Conditions branch: if result_count = 0 → "We could not find your record."

Bot replies (if found):
"Hi Priya Sharma, welcome back.
We have your account on file (Source: Web).
Your dedicated account manager will follow up shortly.

Reply URGENT to escalate immediately."

Troubleshooting

SymptomLikely causeFix
unsupported_grant_type or invalid_grantUsername-password OAuth flow disabledGo to Salesforce Setup > OAuth and OpenID Connect Settings > enable 'Allow OAuth Username-Password Flows'.
INVALID_SESSION_ID / 401Access token expired or wrongSalesforce access tokens can expire. Re-run Step 2 to get a fresh token. For production, implement token refresh.
instance_url used incorrectlyCalling login.salesforce.com for data queriesUse the instance_url returned in Step 2 (e.g. https://yourorg.my.salesforce.com) for all data calls. login.salesforce.com is only for authentication.
IP Restrictions errorConnected App IP policy blocking the requestSet IP Relaxation to 'Relax IP Restrictions' in the Connected App's OAuth Policies settings.
Empty records / totalSize: 0Phone format mismatchCheck how phone numbers are stored in Salesforce. Some orgs store +91XXXXXXXXXX, others store 0XXXXXXXXXX or just XXXXXXXXXX. Match the format exactly in your WHERE clause.
MALFORMED_QUERYSOQL syntax errorCheck field names (case-sensitive: FirstName not firstname). Quote strings in single quotes. URL-encode spaces as + in the query parameter.

Common questions

What is SOQL and do I need to learn it?
+
SOQL (Salesforce Object Query Language) is Salesforce's SQL-like query language. You do not need to master it — for WhatsApp contact lookup, copy the template from this guide: SELECT Id, FirstName, LastName, Email, Phone, LeadSource FROM Contact WHERE Phone = 'XXXXXXXXXX'.
Why does Salesforce authentication need two steps?
+
Step 1: authenticate at login.salesforce.com to get an access token and instance URL. Step 2: use the instance URL for data calls. Each Salesforce org has its own server, so login.salesforce.com routes you to the right one and hands you the URL.
What is the Salesforce security token?
+
A case-sensitive string appended to your password during API auth. Find it under Profile > Settings > My Personal Information > Reset My Security Token. Salesforce emails it to you. Append it directly to your password with no space.
What is a Connected App and do I need admin access?
+
A Connected App provides OAuth credentials (Consumer Key and Consumer Secret) for external integrations. Yes, you need System Administrator permissions to create one in Setup > App Manager.
Can I search Salesforce by phone number?
+
Yes: SELECT Id, FirstName FROM Contact WHERE Phone = '9820000001'. Match the exact format stored in Salesforce. Use OR to search both Phone and MobilePhone fields simultaneously.
Does this incur extra WA.Expert charges?
+
The External API Request step counts as one automation action per call. On the Complete plan this is included. On Starter, extra action packs apply from Rs. 49 per 1,000 actions.

Connect Salesforce to WhatsApp today

Free trial, no credit card required. And if you ever get stuck, we are the only platform in India that answers you live on WhatsApp.

Start Free Trial → Book a Demo
1