How to authorize the Pylon app on Salesforce
Last updated: February 20, 2026
1. Standard flow
Navigate to Pylon Apps directory -> Salesforce (direct link)
Click "Connect"
Enter your Salesforce instance's subdomain
Authorize the Pylon app. If you're not already logged into Salesforce, you will be prompted to login first.
Pylon will request the following permissions:
apifor REST API access to CRM objectsrefresh_tokenfor long-lived access tokensoffline_accessfor background sync operations
2. Required permissions (profile or permission set)
The user who authorizes Pylon (or the dedicated integration user) must have the following permissions. Grant them via a Profile or Permission Set.
System-level permissions
API Enabled — Required. Allows REST API and SOQL access. (Administrative Permissions.)
Pylon does not require Assign Permission Sets, Manage Users, View Setup and Configuration, or Modify All Data for the core Salesforce integration.
Required object permissions
These objects are required for the core Salesforce integration to function (account and contact sync).
Object | Create | Read | Edit | Key fields used by Pylon |
Account | Yes | Yes | Yes | Id, Name, Website, OwnerId, Type, SystemModstamp; custom fields as configured |
Contact | Yes | Yes | Yes | Id, Name, Email, AccountId, FirstName, LastName, Title, LeadSource, Description, SystemModstamp |
User | No | Yes | No | Id, Email, Name (used to resolve account owners) |
Organization | No | Yes | No | TimeZoneSidKey |
Optional object permissions
These objects are only needed if you use the corresponding features. The integration works without them.
ObjectCreateReadEditFeature | ||||
Task | Yes | Yes | Yes | Creating tasks on Salesforce records |
ContentVersion | Yes | Yes | No | File attachments |
ContentDocumentLink | Yes | Yes | No | Linking files to records (used with ContentVersion) |
OpportunityContactRole | No | Yes | No | Opportunity contact associations |
Group | No | Yes | No | Salesforce queue resolution |
GroupMember | No | Yes | No | Group membership lookup (used with Group) |
Field-level and other notes
Task Type — If you use Task creation, the Task object's Type field must have field-level security set so the integration user can read and set it.
Object describe and picklist metadata — Pylon uses the Salesforce UI API for object info and picklist values; read access to the object is sufficient for describe.
3. Salesforce Authorization Debugging
Enable "Approve Uninstalled Connected Apps"
As of Sep 2025, Salesforce added a new permission "Approve Uninstalled Connected Apps" (source).
Symptom:
Scenario: When a user is trying to authenticate via an uninstalled connected app in an Organization where API access control isn't enabled, the below behavior will be observed:
End users see the following error message in the UI if they try to access an uninstalled app: "We can't authorize you because of an OAuth error. For more information, contact your Salesforce administrator." and the
OAUTH_APPROVAL_ERROR_GENERICmessage.
Resolution:
Make sure the authorizing Salesforce user's profile includes this permission