Skip to content
  • There are no suggestions because the search field is empty.

Sertifier + Salesforce Integration

This guide will walk you through the setup process for integrating Sertifier with Salesforce.

How to Set Up the Salesforce Integration with Sertifier

With the Sertifier and Salesforce integration, you can automatically issue digital credentials to your contacts whenever they meet the criteria you define in Salesforce — for example, once a contact's status changes to “Certified” or a custom checkbox like Issue_Credential__c is set to True. Every time a qualifying contact is updated, Salesforce calls Sertifier and issues a credential to that person using the contact's data.

This guide walks you through the complete setup: creating the integrated campaign inside Sertifier, preparing your Salesforce org to securely call the Sertifier API, building the Flow that triggers credential issuance, and (optionally) writing the verification link back onto the contact record.

Important: The Salesforce setup below uses Salesforce Flow with an HTTP Callout and a Named Credential. You will need a Salesforce user with permissions to create Named Credentials, External Credentials, and Flows (typically a System Administrator). Please make sure the person performing the setup has those permissions before you begin.

Step 1 — Create the Integrated Campaign in Sertifier

The first step happens inside Sertifier. You will create the credential campaign that Salesforce will issue from, and then copy its Campaign ID to use later in the Flow.

To begin, log into your Sertifier account and navigate to the Advanced > Integrations tab from the left sidebar. Click Create a New Integration. A list will open up of available integration options. From this list, select Salesforce.

Once selected, you'll be guided through the credential campaign creation process. This includes setting up the Design, Details, and Campaign Options for your credential. If you need assistance with these steps, you can check our full credential setup guide.

When you complete all three steps, switch the Active toggle on from the top-right corner and click Copy ID to copy your Campaign ID. You'll need this ID for the Salesforce Flow.

Keep this Campaign ID handy — you'll paste it into the HTTP Callout configuration in Step 5.

Step 2 — Get Your Sertifier API Key

The Salesforce Flow authenticates to Sertifier using your organization's private API key.

In your Sertifier account, go to Settings > API & Integrations and copy your Private API Key. Store it somewhere safe for now — you'll paste it into Salesforce in the next step. Treat this key like a password; anyone with it can issue credentials on behalf of your organization.

Step 3 — Configure Authentication in Salesforce

Salesforce stores external API credentials in a combination of an External Credential (which holds the secret) and a Named Credential (which points to Sertifier's API and injects the required headers on every call). Setting this up once means your Flow never needs to handle the raw API key directly.

3.1 Create the External Credential

  1. In Salesforce, go to Setup and search for Named Credentials.
  2. Open the External Credentials tab and click New.
  3. Fill in the details as follows:
    • Label: Sertifier External Credential
    • Name: Sertifier_External_Credential
    • Authentication Protocol: Custom
  4. Click Save.
  5. In the Principals related list, click New and configure the principal:
    • Parameter Name: Sertifier_Principal
    • Identity Type: Named Principal
    • Sequence Number: 1
    • Under Authentication Parameters, click New and add:
      • Name: secretKey
      • Value: *paste your Sertifier Private API Key here*
  6. Click Save.

3.2 Create the Named Credential

  1. Back on the Named Credentials page, open the Named Credentials tab and click New.
  2. Fill in the details as follows:
    • Label: Sertifier API
    • Name: Sertifier_API
    • URL: https://b2b.sertifier.com
    • Enabled for Callouts: checked
    • External Credential: select the Sertifier External Credential you just created
    • Allowed Namespaces: leave blank unless your org uses managed namespaces that need access
    • Generate Authorization Header: unchecked (Sertifier does not use the standard Authorization header)
  3. Under Custom Headers, click New and add the two headers Sertifier requires on every request:
    • Name: secretKey — Value: {!$Credential.Sertifier_External_Credential.secretKey}
    • Name: api-version — Value: 3.3
  4. Click Save.

3.3 Grant Access via a Permission Set

Principals on External Credentials are accessed through Permission Sets, so the user (or automated user) that runs the Flow needs to be granted access.

  1. In Setup, go to Permission Sets and create a new one called Sertifier Integration Access (or reuse an existing one).
  2. Open the permission set and select External Credential Principal Access.
  3. Add the Sertifier_Principal principal from your Sertifier External Credential and save.
  4. Assign the permission set to the user under which the Flow will run. For Record-Triggered Flows that run in system context, assign it to a System Administrator user whose context the Flow will use; for user-context Flows, assign it to the users who will trigger it.

Step 4 — Build the Record-Triggered Flow

Now you will build the Flow that watches for contact updates in Salesforce and issues a Sertifier credential whenever the criteria are met. The trigger, object, and conditions below are the most common configuration, but you can adjust them to match any automation you already have in place.

  1. In Setup, search for Flows and click New Flow.
  2. Select Record-Triggered Flow and click Create.
  3. Configure the start:
    • Object: Contact (or whichever object you want to issue credentials from — Lead, Account, Opportunity, a custom object, etc.)
    • Trigger the Flow When: A record is updated
    • Set Entry Conditions: choose the condition that should trigger issuance. A common pattern is a checkbox field such as Issue_Credential__c Equals True, but this can be any combination of field values you like.
    • When to Run the Flow for Updated Records: select Only when a record is updated to meet the condition requirements. This ensures a contact is only issued a credential once, when they first meet your criteria, instead of on every subsequent update.
    • Optimize the Flow for: Actions and Related Records
  4. Click Done.

Note: Any combination of objects, triggers, and conditions is supported. If you'd rather issue on record creation, on a scheduled basis, or from a different object, configure the start accordingly — the rest of the steps apply the same way.

Step 5 — Add the HTTP Callout to Sertifier

Salesforce Flow can call external APIs directly using an HTTP Callout action. You'll configure this action once, and from then on the Flow will send each qualifying contact to Sertifier.

  1. In your Flow, click the + button below the Start element and choose Action.
  2. In the Action panel, select Create HTTP Callout.
  3. Fill in the API specification:
    1. Name: Sertifier Add Credentials
    2. Description: Sends a credential issuance request to Sertifier
    3. Named Credential: select Sertifier API
  4. Click Next and configure the invocable action:
    1. Label: Add Credentials to Campaign
    2. Method: POST
    3. URL Path: /campaign/addCredentials
  5. Provide Sample Request: click Provide and paste the sample below. Flow Builder uses this sample to generate the input fields you can map contact data to.

    {

      "credentials": [

        {

           "campaignId": "YOUR_CAMPAIGN_ID",

           "name": "Sample Name",

           "email": "sample@example.com",

           "externalId": "sample-external-id",

           "quickPublish": true

        }

      ]

    }

     

  6. Provide Sample Response: paste the sample below and select 200 as the sample response code. This lets Flow parse the response and expose verificationLink as an output you can use later.

Important: Sertifier returns successfully-issued credentials keyed by your Campaign ID inside the data object. Replace YOUR_CAMPAIGN_ID in the sample below with the actual Campaign ID you copied from Sertifier in Step 1, otherwise Flow won't be able to match the key at runtime and the verificationLink output will be empty.

{

  "message": "Credentials added successfully to campaigns.",

  "hasError": false,

  "validationErrors": [],

  "data": {

    "YOUR_CAMPAIGN_ID": [

       {

         "id": "sample-id",

         "name": "Sample Name",

         "email": "sample@example.com",

         "status": 1,

         "certificateNo": "sample-cert-no",

         "issueDate": "2025-01-01T00:00:00",

         "externalId": "sample-external-id",

         "certificateImageLink": "https://sertifier.com/...",

         "badgeImageLink": "https://sertifier.com/...",

         "verificationLink": "https://sertifier.com/cd/sample"

       }

    ]

  },

  "content": null

}

      7. Click Done to save the HTTP Callout definition.

Why a Named Credential? Because the secretKey and api-version headers are defined on the Named Credential in Step 3.2, they are attached to every callout automatically. The Flow only needs to send the JSON body — the authentication is handled for you.

Step 6 — Map Contact Fields into the Request

Now that the callout is defined, tell Flow which contact fields to send for the triggering record. The HTTP Callout action exposes each field from the sample JSON as an input you can populate with a Flow resource.

Open the Sertifier Add Credentials action you just created, and under Set Input Values, map the fields as follows:

Input field

Value

Notes

campaignId

YOUR_CAMPAIGN_ID from Step 1

Set this as a static text value — it identifies the credential campaign in Sertifier.

name

{!$Record.FirstName} {!$Record.LastName}

Sertifier uses a single name field for the recipient. A formula resource or a text template works well here.

email

{!$Record.Email}

The recipient's email. This is the address the credential notification email is sent to.

externalId

{!$Record.Id}

Optional but recommended — storing the Salesforce Record ID makes it easy to match the credential back to the contact later.

quickPublish

true

Set to true to publish and email the credential immediately. Set to false if you want to publish later through the Sertifier dashboard.

Building the `credentials` array. The Sertifier API expects an array of credential objects, even when you're only sending one. In Flow Builder you can build this array in two ways:

  • Single contact (most common): use the inputs exposed by the HTTP Callout action to populate one credential, and Flow will wrap it in the credentials array for you.
  • Batch issuance: if you'd like to group multiple contacts into a single call, use a Transform element or a collection variable to build the array, then pass it into the credentials input.

Optional fields you can send

The campaign/addCredentials endpoint accepts several additional fields that you can map from your contact record or leave out entirely:

  • issueDate *(string, YYYY-MM-DD)* — the credential's issue date. Defaults to the time of the request if omitted.
  • expireDate *(string, YYYY-MM-DD)* — the credential's expiration date. Omit or set to null for credentials that never expire.
  • dontSendEmail *(boolean)* — set to true if you want to issue the credential silently without notifying the recipient by email. Defaults to false.
  • attributes *(array)* — custom attribute values when your campaign's Design or Email Template uses custom Attributes. Each entry has an id (the Attribute's ID) and a value.

If you want to use any of these, add them to the sample request body in Step 5 before mapping them here.

Step 7 — (Optional) Write the Verification Link Back to the Contact

If you'd like to store the issued credential's verification link on the Salesforce contact (for example, to display it on the contact page, include it in emails, or report on issuance), add an Update Records element after the HTTP Callout.

Note: If you don't wish to update the contact with the URL of the issued credential, this step is not required. The Flow will still successfully issue the credential.

Before starting, create a custom field on the Contact object — for example, a URL or Text(255) field named Sertifier_Verification_Link__c. This is where the link will be written.

  1. In the Flow, click + below the HTTP Callout action and add an Update Records
  2. How to Find Records to Update and Set Their Values: select Specify conditions to identify records, and set fields individually.
  3. Update Records of This Object Type:
    • Object: Contact (match the object of your Flow start)
  4. Filter Contact Records:
    • Condition Requirements: All Conditions Are Met (AND)
    • Field: Id — Operator: Equals — Value: {!$Record.Id}
  5. Set Field Values for the Contact Records:
    • Field: Sertifier_Verification_Link__c — Value: the verificationLink output from the Sertifier Add Credentials action. In the resource picker, drill into the action's output under data → *your Campaign ID* → select the first element of the array → verificationLink. (The exact merge path will reflect the Campaign ID you used in your sample response.)
  6. Click Done.

How long until the link works? The verificationLink is returned in the response immediately, but if quickPublish is set to true the credential briefly sits in a publishing queue. The link becomes live within a few seconds of the call completing.

Step 8 — Save and Activate the Flow

  1. Click Save at the top-right of Flow Builder.
  2. Give the Flow a clear label such as Sertifier — Issue Credential on Contact Update.
  3. Run the Flow once using Debug to confirm the callout succeeds and a credential is created in your Sertifier dashboard.
  4. When you're ready, click Activate to turn the Flow on.

That's it — your Salesforce contacts will now automatically receive Sertifier credentials as soon as they meet the criteria you defined.

Troubleshooting

  • The callout fails with a `403` response. The secretKey header is either missing or incorrect. Verify the Authentication Parameter on your External Credential principal, and that your permission set granting access to that principal is assigned to the user running the Flow.

  • The callout succeeds but no credential appears in Sertifier. Check the response hasError field and the validationErrors array in the HTTP Callout output. The most common cause is an incorrect campaignId — make sure the ID you pasted in Step 6 matches the campaign you activated in Step 1.

  • The `verificationLink` field is empty in the Update Records step. Confirm that the sample response you provided in Step 5 matches the exact structure of Sertifier's response. If the structure is different, Flow may not expose the verificationLink as a selectable resource.

Need a hand?

If anything isn't working as expected, reach out to us at support@sertifier.com and our team will be happy to help you get the integration running.