How to Enable and Test External Credentials in Salesforce
Step-by-Step Guide to Set Up External Credentials in Salesforce
Step 1: Create a New External Credential
Step 2: Add a Principal to the External Credential
Step 3: Create a New Named Credential
Step 4: Enable Principal Access for Your Profile
Step 5: Test the Named Credential in Developer Console
What's there in Salesforce Summer '25 Changes
Conclusion
Salesforce’s new External Credentials model is a critical part of integration security moving forward, especially after the changes rolled out in Salesforce Summer ’25.
Instead of embedding sensitive tokens or hardcoding values in Apex, you can now securely authorize callouts using External Credentials, Principals, and Named Credentials, with better control and auditing.
In this guide, we’ll walk you through the step-by-step setup of External Credentials and Named Credentials with No Authentication and test the integration using the Developer Console.
This is ideal for devs and architects who want secure, flexible callouts to external APIs usingSalesforce’s updated integration security model.
Step-by-Step Guide to Set Up External Credentials in Salesforce
Step 1: Create a New External Credential
Go to Setup
In the Quick Find box, search for Named Credentials
Click on the External Credentials tab
Click “New”
Now fill out the form:
Label: (Enter a descriptive label, e.g., NewEC)
Name: (Auto-filled or enter as desired, e.g, NewEC)
Authentication Protocol: Select No Authentication
Click Save.
Step 2: Add a Principal to the External Credential
Once saved, scroll down to the Principals related list:
Click “New.”
Add parameter name. Say, for instance, NewECPrincipal.
Click Save
Step 3: Create a New Named Credential
Go back to Named Credentials tab in the same setup screen
Click “New.”
Fill in the fields:
Label: (e.g., NewNC)
Name: (e.g., NewNC)
URL: Enter your API endpoint.
Click the checkbox for Enable for Callouts
Under Authentication, select the External Credential you just created
Click Save
Step 4: Enable Principal Access for Your Profile
Go to Setup → Profiles
Select the profile of the user making the callout, say System Administrator
Scroll down and click on “Enabled External Credential Principal Access.”
Click Edit
In the Available list, locate the External Credential → Principal pair you created
Move it to the Enabled list
Click Save
This allows the user profile to use the Named Credential.
Step 5: Test the Named Credential in Developer Console
Go to the Developer Console
Open Debug → Open Execute Anonymous Window
Paste the following code:
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:New_NC'); // Named Credential
req.setMethod('GET');
Http http = new Http();
HttpResponse res = http.send(req);
System.debug(res.getStatusCode());
Note: Replace 'Your_Named_Credential_Name' with the actual Name (not Label) of the Named Credential you created.
Run the code
Go to Debug Logs → View Last Log
Congratulations! Everything is configured properly. You'll now see a response from the external API.
What's there in Salesforce Summer '25 Changes
The Salesforce Summer ’25 features introduced more secure, granular controls for integrations via External Credentials and Principal Mapping. It’s now considered best practice over storing tokens in custom metadata or code.
External Credentials in Salesforce let you manage integrations with different auth methods (including “No Authentication”) while ensuring you only expose access to trusted profiles or permission sets.
Conclusion
This guide shows you exactly how to set up and test External Credentials and Named Credentials in Salesforce the right way using the updated Summer ’25 features. It’s a cleaner, safer way to manage integrations and avoids the mess of hardcoded tokens.
Want to customize this solution for your org? Or need help implementing it across multiple integrations?
Reach out today, and let’s get it done right!
