Creating a Custom External Client Application

You can create your own External Client Application directly in Salesforce. This gives you full control over the OAuth configuration.

For more in-depth guidance on the following steps, see Create an External Client App in the Salesforce Help.

  1. In Setup, find and select External Client App Manager.

  2. Click New External Client App to begin creating your custom application.

  3. Enter Basic Information as follows:

    • External Client App Name: Enter a descriptive name for your application

    • API Name: This will auto-populate based on the name

    • Contact Email: Enter a valid contact email address

    • Distribution State: Select Local

  4. Scroll down and expand the API (Enable OAuth Settings) section.

  5. Select the Enable OAuth checkbox.

  6. Enter the following in the Callback URL text field:

    (These values cover your production and sandbox (test.salesforce.com) environments).

    Copy 
    https://account.mcp.altify.dev/callback
    https://write.mcp.altify.dev/callback
    https://salesforce.mcp.altify.dev/callback
    https://retrieve.mcp.altify.dev/callback
    https://analysis.mcp.altify.dev/callback
    https://account.mcp.altify.dev/test.salesforce.com/callback
    https://write.mcp.altify.dev/test.salesforce.com/callback
    https://salesforce.mcp.altify.dev/test.salesforce.com/callback
    https://retrieve.mcp.altify.dev/test.salesforce.com/callback
    https://analysis.mcp.altify.dev/test.salesforce.com/callback

  7. Move the following from Available OAuth Scopes to Selected OAuth Scopes:

    • Access the identity URL service (id, profile, email, address, phone)

    • Manage user data via APIs (api)

    • Perform requests at any time (refresh_token, offline_access)

    • Access unique user identifiers (openid)

  8. Scroll down to the Security pane and ensure the following settings are selected:

    • Require secret for Web Server Flow

    • Require Proof Key for Code Exchange (PKCE) extension for Supported Authorization Flows

    • Enable Refresh Token Rotation

  9. Click Create.

  10. After creating your ECA, you will be taken to the application's management page. Select the Policies tab and click the Edit button.

  11. Expand the OAuth Policies section and in the App Authorization panel, set IP Relaxation to Enforce IP restrictions, but relax for refresh tokens.

  12. Click Save.

    Next you need to obtain your ECA's consumer key and secret. This will be required when you connect your AI assistant to the Altify MCP servers.

  13. Click the Settings tab of your ECA.

  14. Expand the OAuth Settings section.

  15. Click the Consumer Key and Secret button.

  16. You may be required to verify your account using a Verification Code that is emailed to you.

  17. On the Consumer Details page, you can Copy the Consumer Key and Consumer Secret for your External Client App.

    The Consumer Key is your OAuth Client ID and the Consumer Secret is your OAuth Client Secret. Store these values securely until you configure the MCP server connection in your AI platform (see Creating the Altify MCP Server Apps in ChatGPT).