API DocsSubmit a Support Request

Maintaining Named Credentials

This article explains how Named Credentials work in Limio for Salesforce, how token expiration and automatic refresh are handled, and when manual intervention is required. It also describes how to identify when Named Credentials have expired and how to resolve related errors.

Overview

For Limio for Salesforce to function correctly, it must be securely connected to the Limio Commerce Platform. This connection is established using Named Credentials, a Salesforce feature that securely stores endpoint URLs and authentication information.

How Named Credentials Work

Named Credentials allow Salesforce to authenticate and make secure callouts to external systems like Limio. Each Named Credential includes:

  • The endpoint URL of the external system.

  • An Authentication Provider that handles token-based authentication.

In Limio for Salesforce, the Authentication Provider is configured with both Access Token and Refresh Token endpoints to ensure secure and continuous communication.

Token Expiration & Refresh Process

Named Credentials use access tokens and refresh tokens that are subject to expiration, typically every 30 days (as configured in your Amazon Cognito tenant).

How the refresh process works:

  1. Access Token Usage: When Salesforce makes an API callout, it automatically includes the current access token.

  2. Token Expiration: If the access token has expired, Salesforce uses the refresh token endpoint to obtain a new access token.

  3. Automatic Retry: After refreshing the token, Salesforce automatically retries the API call.

This ensures a seamless, automated token refresh process without manual action.

When Automatic Token Refresh Might Fail

Automatic token refresh may fail in the following scenario:

If the Limio user who last authorized the Named Credentials (legacy credentials) or the External Credential Principal (new credential configuration) is deleted in the Limio Subscription Commerce Platform:

  • The refresh token will no longer be valid.

  • Once the current access token expires, Salesforce will not be able to refresh it.

  • This will result in integration failures.

Principal Status Behavior

If the user associated with the External Credential Principal is deleted:

  • The Principal Status in Salesforce will continue to show as Configured.

  • Salesforce does not proactively check the validity of the principal’s refresh token.

  • The issue will only surface when Salesforce attempts to refresh the token and fails.

How to Identify When Named Credentials Need to Be Refreshed

You may encounter one or more of the following symptoms if Named Credentials have expired:

In Salesforce Flows:

  • No subscriptions appear in the Manage Subscriptions flow.

  • No offers appear in the Offer Catalog of the Acquisition flow.

Note: If your flows were created after version 13.00, you will see a specific error message indicating that Named Credentials or External Credentials have expired.

In the Network tab of the Developer Console:

  • You will see 401 Unauthorized errors when Salesforce attempts to call Limio API endpoints.

Resolution

✅ Always ensure that your Named Credentials are authorized by an active Limio user.

If the associated user is deleted or deactivated:

  • You must re-authorize the Named Credentials with another valid, active Limio user.

  • This will restore the connection and allow token refresh to function properly.

Additional Information

For more information on configuring Named Credentials and Authentication Providers in Salesforce, refer to:

Related articles:

PreviousEnabling new Named CredentialsNextCustom Metadata Types

Last updated

Was this helpful?