Generating Salesforce JWT for Zoom Revenue Accelerator

When integrating your Salesforce with Zoom to sync deal progress with Zoom Revenue Accelerator, you will be asked for the JWT from your Salesforce account. In generating the token, you must follow this guide in the order listed.

This article contains:

Prerequisites for generating Salesforce JWT for Zoom Revenue Accelerator

How to create a private key and self-signed digital certificate

Select your platform to view the instructions on how to create a private key and a self-signed digital certificate. This is the first step in successfully generating a Salesforce JWT.

The following process produces two files:

  • server.key—The private key. You specify this file when you authorize an org with the auth:jwt:grant command.
  • server.crt—The digital certification. You upload this file when you create the connected app required by the JWT bearer flow.
    1. Open Command Prompt as administrator.
    2. Enter the following command to create a directory.
      mkdir /Users/jdoe/Documents/JWT

      Note: You can select where you wish to save the JWT directory.

    3. Enter the following command to access the created directory.

      cd /Users/jdoe/Documents/JWT
    4. Enter the following command to generate a private key.
      openssl genrsa -des3 -passout pass:SomePassword -out server.pass.key 2048
    5. Enter the following command to store the private key in a file called server.key.
      openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key
    6. Enter the following command to generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr.
      openssl req -new -key server.key -out server.csr

      Enter information about your company when prompted or use a period to leave the field blank before hitting enter from your keyboard.

    7. Enter the following command to generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt.

      openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
    8. Close the Command Prompt.

Note: You may also refer to Create a Private Key and Self-Signed Digital Certificate and Salesforce documentation regarding how to acquire the token.

The following process produces two files

  • server.key—The private key. You specify this file when you authorize an org with the auth:jwt:grant command.
  • server.crt—The digital certification. You upload this file when you create the connected app required by the JWT bearer flow.
    1. From your desktop, click Go, then Utilities, and then Terminal.
    2. Enter the following command to create a directory.
      mkdir /Users/jdoe/Documents/JWT

      Note: You can select where you wish to save the JWT directory.

    3. Enter the following command to access the created directory.

      >cd /Users/jdoe/Documents/JWT
    4. Enter the following command to generate a private key.
      >openssl genrsa -des3 -passout pass:SomePassword -out server.pass.key 2048
    5. Enter the following command to store the private key in a file called server.key.
      openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key
    6. Enter the following command to generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr.
      openssl req -new -key server.key -out server.csr

      Enter information about your company when prompted or use a period to leave the field blank before hitting enter from your keyboard.

    7. Enter the following command to generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt
      openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
    8. Close Terminal.

Note: You may also refer to Create a Private Key and Self-Signed Digital Certificate and Salesforce documentation regarding how to acquire the token.

How to generate the Salesforce JWT

After creating a private key and a self-signed digital certificate, follow these steps in the order listed.

Create a connected app in Salesforce

  1. Sign in to Salesforce as admin.
  2. Click on the  icon, then click Setup.
  3. In the navigation panel, click Apps, then App Manager.
  4. Click New Connected App.
  5. In the Basic Information section, enter your Connected App Name, API Name, and Contact Email.
  6. In the API (Enable OAuth Settings) section, select Enable OAuth Settings.
  7. In the Callback URL field, enter https://login.salesforce.com

  8. Select Use digital signatures then click Choose File.

  9. Open the JWT directory you have created then select server.crt.

  10. In the Selected OAuth Scopes, add the following:

  11. Click Save.

  12. When a dialog box appears saying changes will take up to 10 minutes to take effect, click Continue.

Note: Once the page loads, you should see a Consumer Key. Click Copy and paste it on a notepad. This will be used when generating the JWT. In cases where the Consumer Key does not appear, click Manage Consumer Details. You will be asked to verify your identity through a verification code sent to your email before it displays your Consumer Key.

Edit the App Policy

  1. In the Salesforce admin account set up page navigation panel, click App then Connected Apps, and then Manage Connected Apps.
  2. Click Edit beside the app you created.
  3. In the OAuth Policies section, set Permitted Users to Admin approved users are pre-authorized.
    Click OK if a dialog box appears.
  4. Set IP Relaxation to Enforce IP restrictions, and Refresh Token Policy to Refresh token is valid until revoked.
  5. Click Save

Grant app access to system administrator

  1. In the Salesforce admin account set up page navigation panel, click Users then Profiles.
  2. From the list of Profiles, select System Administrator then click Edit.
  3. In the Connected App Access section, select the app name you have created then click Save.

Generate the JWT

  1. Open your browser then access  https://jwt.io/
  2. In the Algorithm drop-down, click RS256.
    This will reflect in the HEADER section (from "alg": "HS256", to "alg": "RS256",)
  3. In the PAYLOAD section, change the data:
          1. Sign in to Salesforce as admin.
          2. Click on the icon, then click Setup.
          3. In the navigation panel, click Apps, then App Manager
          4. Find the app you created, click the drop-down arrow then click View.
          5. In the API (Enable OAuth Settings) section, Copy the Consumer Key.

    Note: aud refers to the Callback URL. You can get the Callback URL when you:

        1. Sign in to Salesforce as admin.
        2. Click on the  icon, then click Setup.
        3. In the navigation panel, click Apps, then App Manager
        4. Find the app you created, click the drop-down arrow then click View.
        5. In the API (Enable OAuth Settings) section, you will find the Callback URL
  4. In the VERIFY SIGNATURE section, clear both the Public Key field and the Private Key field.
  5. Open the JWT directory you have created when you complete How to create a private key and self-signed digital certificate.
  6. Select and right-click on server.key, then click Open with, and then select TextEdit (if you are on macOS) or Notepad (if you are on Windows).
  7. Copy all the text from the server.key file, then go back to https://jwt.io/ 
  8. In the VERIFY SIGNATURE section, paste it into the Private key field.
  9. Copy the entire text in the Encoded section.
    This is the jwt token that you need to use when integrating your Salesforce with Zoom Revenue Accelerator to sync deal progress.

(Optional) Validate the token

To validate the token, open a browser and enter
https://login.salesforce.com/services/oauth2/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=${your jwt token}

If your token is not valid, you will see a response that says <error>invalid_grant</error>.