Understanding the Difference Between Remote Site Settings and Named Credentials in Salesforce
Integrating Salesforce with external systems is a common need for many developers and admins. Whether you’re connecting to REST APIs, another Salesforce org, or third-party platforms, Salesforce provides two key features to facilitate and secure these outbound connections: Remote Site Settings and Named Credentials.
While both are essential in different contexts, they serve distinct purposes and offer different levels of control and security. In this post, we’ll break down each one, explore their use cases, and highlight the differences to help you decide when to use what.
What is Remote Site Settings?
Remote Site Settings in Salesforce is a security feature that allows you to whitelist external domains before making outbound callouts. Without registering a domain here, any attempt to reach an external service from Apex, a Visualforce page, or JavaScript code will be blocked by the platform for security reasons.
How to Set It Up:
- Navigate to Setup > Security > Remote Site Settings
- Click New Remote Site
- Fill in the following details:
– Remote Site Name: A unique identifier for the site
– Remote Site URL: The domain you want to allow
– Optionally, disable protocol security if required
- Click Save
Use Cases:
– Calling open APIs that do not require authentication
– Connecting to external systems using custom logic in Apex
– Working with legacy systems or tools
Limitations:
– No support for storing authentication details
– All authentication must be handled in Apex code
– Not ideal for managing changes in authentication or URLs
What is Named Credential?
Named Credential is a more advanced and secure feature that simplifies how you manage callouts to external services. It combines the endpoint URL and the authentication settings into one centralized configuration. This not only improves security but also reduces the maintenance burden on developers.
How to Set It Up:
- Navigate to Setup > Named Credentials
- Click New Named Credential
- Provide:
– Label and Name: Identifiers for referencing the credential
– URL: The endpoint of the external service
– Identity Type: Choose ‘Named Principal’ or ‘Per User’
– Authentication Protocol: Select from None, Password Authentication, OAuth 2.0, etc.
- Save and complete the authentication flow if required
Use in Apex:
HttpRequest req = new HttpRequest();
req.setEndpoint(‘callout:My_Named_Credential/api/resource’);
Benefits:
– Combines endpoint and authentication in one place
– Avoids the need for Remote Site Settings
– Simplifies code—no hardcoding credentials
– Easier to maintain if endpoints or credentials change
– Supports both OAuth 2.0 and Basic Auth
Key Differences
| Feature | Remote Site Setting | Named Credential |
| Purpose | Whitelists external domains | Whitelists domain and handles authentication |
| Authentication | Handled manually in Apex | Managed by Salesforce |
| Maintenance | Requires code updates for changes | Single point of configuration |
| Security | Limited to domain-level filtering | Full authentication support |
| Best Use Case | Simple or legacy integrations | Modern, secure integrations with auth |
When to Use Each
Use Remote Site Settings when:
– You’re connecting to an external system without authentication
– You need a quick setup for simple callouts
– You’re working with legacy integrations that don’t require secure credentials
Use Named Credentials when:
– The external system requires authentication (OAuth, Basic Auth)
– You want a centralized and secure way to manage credentials
– You need cleaner code and easier maintenance over time
Conclusion
Both Remote Site Settings and Named Credentials have their place in Salesforce integrations. Remote Site Settings work well for simple, unauthenticated connections, while Named Credentials are ideal for secure, authenticated integrations. Understanding their differences helps you choose the right tool for the job and build scalable, maintainable integrations.
If you’re building modern integrations or working with APIs that require security, Named Credentials should be your go-to solution.