How to Set Up a Named Credential for Pardot (Account Engagement) in Salesforce

YogeshYogesh
3 min read

Integrating Pardot with Salesforce using Named Credentials ensures secure, scalable, and manageable API communication. Here’s a step-by-step walkthrough to configure Named Credentials using External Credentials with JWT Bearer Flow authentication.

Prerequisites

  • Pardot (Account Engagement) with Salesforce SSO enabled

  • Salesforce admin access

  • A Connected App in Salesforce (with JWT flow enabled)

📌 Step 1: From Salesforce Setup, search "App Manager" in the Quick Find bar, click the result

  1. Click Create New Connected App

  2. Fill out some Basic Information

    1. Connected App Name: Flow Actions for Pardot

    2. API Name: just let it auto complete

    3. Contact Email: use your email address

    4. Description: Grants Flow Actions for Pardot API access

  3. Check the Enable OAuth Settings, fill out more OAuth details:

    1. Enable for Device Flow: leave unchecked!

    2. Callback URL: https://login.salesforce.com/services/oauth2/callback (replace login.salesforce with test.salesforce for a Sandbox)

    3. Use digital signatures: check

    4. Choose File: pick the Certificate you downloaded as part of the previous section. This will need to be replaced each year.

    5. Selected OAuth Scopes: pardot_api and offline_access

  4. Click Save

  5. Copy the Consumer Key and paste it somewhere easy to access for later use (this is a bit different from when the video was recorded)

    1. Click the Manage Consumer Details button (you might be asked to login again).

    2. (currently) you will land in a Salesforce Classic Screen. Clicking the Copy button under Consumer Key

      image.png

    3. Close the browser tab (bringing you back to the LIghtning page you were on)

  6. Click Manage

  7. Click Edit Policies

  8. Change "Permitted Users" from "All users may self-authorize" to "Admin approved users are pre-authorized"

  9. Click Save, which brings us back to the "Manage Connected App" screen

  10. Pre-approve the user(s) you want to use by either adding their Profile, or a Permission set you create specifically for this.

    1. One Option: Create Empty Permission Set

      1. A Permission Set is used to pre-authorize a User to use the Connected App to connect to the Pardot API.

        1. In Salesforce Lightning, Navigate to Setup

        2. Navigate to Permission Sets under Administration > Users, click on New

        3. Use the following values (or use whatever makes sense for you)

          1. Label: Pardot API Access

          2. API Name: let it auto populate

          3. Description: Grants access to Pardot via API. No permissions specified

          4. Click Save

        4. Add the new Permission Set to the User created/chosen above

          1. When viewing the Permission Set, click Manage Assignments

          2. Click Add Assignments, and select the correct User

🔑 Step 2: Create External Credential

  1. Go to Setup > Named Credentials > External Credentials

  2. Click New External Credential

  3. Fill the details:

    • Label: Pardot_External_Cred

    • Authentication Protocol : OAuth 2.0

    • Authentication Protocol: JWT Bearer Token Flow

    • Audience: https://login.salesforce.com

    • Identity Provider URL (or)Token Endpoint URL: https://login.salesforce.com/services/oauth2/token

    • JWT Expiration (Seconds): 600 (for 10 minutes)

    • Subject: Salesforce username of the Pardot-connected user

    • Issuer: Client Key (or) Consumer Key from the Connected App

    • Signing Certificate: Select the certificate uploaded in the Connected App

    • Save it

  4. Add a Principal:

    • Identity Type: Named Principal

    • Save It.

  1. In the Pardot API Access Permission set,

    1. go to Permission set → External Credential Principal Access,

    2. click Edit, and move the newly created External Credential to ‘Enabled External Credential Principals’.

🔗 Step 3: Create Named Credential

  1. Go to Setup > Named Credentials > New Named Credential

  2. Fill the following:

    • Label: Pardot_Named_Credential

    • URL: https://pi.pardot.com

    • Select External Credential and choose the one created above

    • Authentication Protocol: Custom (Use External Credential)

🧪 Step 4: Test Your Callout

In Apex, use the following:

apexCopyEditHttpRequest req = new HttpRequest();
req.setEndpoint('callout:Pardot_Named_Credential/api/v5/objects/prospects');
req.setMethod('GET');
req.setHeader('Pardot-Business-Unit-Id', 'YOUR_BUSINESS_UNIT_ID');

Http http = new Http();
HttpResponse res = http.send(req);
System.debug(res.getBody());
0
Subscribe to my newsletter

Read articles from Yogesh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

NamedCredentialsPardotIntegrationSalesforceintegrationpardot

Written by

Yogesh
Yogesh