CircleCI Code Climate Dependency Status

Restforce is a ruby gem for the Salesforce REST api.

Features include:

  • A clean and modular architecture using Faraday middleware and Hashie::Mash'd responses.
  • Support for interacting with multiple users from different orgs.
  • Support for parent-to-child relationships.
  • Support for aggregate queries.
  • Support for the Streaming API
  • Support for the GetUpdated API
  • Support for blob data types.
  • Support for GZIP compression.
  • Support for custom Apex REST endpoints.
  • Support for dependent picklists.
  • Support for decoding Canvas signed requests. (NEW!)

Official Website | Documentation | Changelog


Add this line to your application's Gemfile:

gem 'restforce', '~> 2.5.3'

And then execute:

$ bundle

Or install it yourself as:

$ gem install restforce

As of version 2.5.0, this gem is only compatible with Ruby 2.0.0 and later. To use Ruby 1.9.3, you'll need to manually specify that you wish to use version 2.4.2, or 1.5.3 for Ruby 1.9.2 support.

The library is only tested with Ruby 2.2.0 onwards. It may work with Ruby 2.0 and Ruby 2.1, but this is not guaranteed.

This gem is versioned using Semantic Versioning, so you can be confident when updating that there will not be breaking changes outside of a major version (following format MAJOR.MINOR.PATCH, so for instance moving from 2.3.0 to 3.0.0 would be allowed to include incompatible API changes). See the changelog for details on what has changed in each version.


Restforce is designed with flexibility and ease of use in mind. By default, all API calls will return Hashie::Mash objects, so you can do things like client.query('select Id, (select Name from Children__r) from Account').Children__r.first.Name.


Which authentication method you use really depends on your use case. If you're building an application where many users from different orgs are authenticated through oauth and you need to interact with data in their org on their behalf, you should use the OAuth token authentication method.

If you're using the gem to interact with a single org (maybe you're building some salesforce integration internally?) then you should use the username/password authentication method.

It is also important to note that the client object should not be reused across different threads, otherwise you may encounter thread-safety issues.

OAuth token authentication

client = 'access_token',
                       instance_url: 'instance url',
                       api_version: '41.0')

Although the above will work, you'll probably want to take advantage of the (re)authentication middleware by specifying refresh_token, client_id, client_secret, and authentication_callback:

client = 'access_token',
                       refresh_token: 'refresh token',
                       instance_url: 'instance url',
                       client_id: 'client_id',
                       client_secret: 'client_secret',
                       authentication_callback: { |x| Rails.logger.debug x.to_s },
                       api_version: '41.0')

The middleware will use the refresh_token automatically to acquire a new access_token if the existing access_token is invalid.

authentication_callback is a proc that handles the response from Salesforce when the refresh_token is used to obtain a new access_token. This allows the access_token to be saved for re-use later - otherwise subsequent API calls will continue the cycle of "auth failure/issue new access_token/auth success".

The proc is passed one argument, a Hashie::Mash of the response from the Salesforce API:

    "access_token" => "00Dx0000000BV7z!AR8AQP0jITN80ESEsj5EbaZTFG0RNBaT1cyWk7T5rqoDjoNIWQ2ME_sTZzBjfmOE6zMHq6y8PIW4eWze9JksNEkWUl.Cju7m4",
       "signature" => "SSSbLO/gBhmmyNUvN18ODBDFYHzakxOMgqYtu+hDPsc=",
           "scope" => "refresh_token full",
    "instance_url" => "",
              "id" => "",
      "token_type" => "Bearer",
       "issued_at" => "1278448384422"

The id field can be used to uniquely identify the user that the access_token and refresh_token belong to.

Username/Password authentication

If you prefer to use a username and password to authenticate:

client = 'foo',
                       password: 'bar',
                       security_token: 'security token',
                       client_id: 'client_id',
                       client_secret: 'client_secret',
                       api_version: '41.0')

You can also set the username, password, security token, client ID, client secret and API version in environment variables:

export SALESFORCE_USERNAME="username"
export SALESFORCE_PASSWORD="password"
export SALESFORCE_SECURITY_TOKEN="security token"
export SALESFORCE_CLIENT_ID="client id"
export SALESFORCE_CLIENT_SECRET="client secret"
client =

Proxy Support

You can specify a HTTP proxy using the proxy_uri option, as follows, or by setting the SALESFORCE_PROXY_URI environment variable:

client = 'foo',
                       password: 'bar',
                       security_token: 'security token',
                       client_id: 'client_id',
                       client_secret: 'client_secret',
                       proxy_uri: '',
                       api_version: '41.0')

You may specify a username and password for the proxy with a URL along the lines of 'http://user:[email protected]:123'.

Sandbox Orgs

You can connect to sandbox orgs by specifying a host. The default host is '':

client = '')

The host can also be set with the environment variable SALESFORCE_HOST.

Global configuration

You can set any of the options passed into globally:

Restforce.configure do |config|
  config.client_id     = 'foo'
  config.client_secret = 'bar'

API versions

By default, the gem defaults to using Version 26.0 (Winter '13) of the Salesforce API. This maintains backwards compatibility for existing users.

We strongly suggest configuring Restforce to use the most recent API version, currently Version 41.0 (Winter '18) to get the best Salesforce API experience - for example, some more recently-added API endpoints will not be available without moving to a more recent version. If you're trying to use a method that is unavailable with your API version, Restforce will raise an APIVersionError.

There are three ways to set the API version:

  • Passing in an api_version option when instantiating Restforce (i.e. '41.0'))
  • Setting the SALESFORCE_API_VERSION environment variable (i.e. export SALESFORCE_API_VERSION="41.0")
  • Configuring the version globally with Restforce.configure:
Restforce.configure do |config|
  config.api_version = '41.0'
  # ...

Bang! methods

All the CRUD methods (create, update, upsert, destroy) have equivalent methods with a ! at the end (create!, update!, upsert!, destroy!), which can be used if you need to do some custom error handling. The bang methods will raise exceptions, while the non-bang methods will return false in the event that an exception is raised. This works similarly to ActiveRecord.

Custom Headers

Salesforce allows the addition of custom headers in REST API requests to trigger specific logic. In order to pass any custom headers along with API requests, you can specify a hash of :request_headers upon client initialization. The example below demonstrates how to include the sforce-auto-assign header in all client HTTP requests:

client = 'access_token',
                       instance_url: 'instance url',
                       api_version: '41.0',
                       request_headers: { 'sforce-auto-assign' => 'FALSE' })


accounts = client.query("select Id, Something__c from Account where Id = 'someid'")
# => #<Restforce::Collection >

 = accounts.first
# => #<Restforce::SObject >

# => 'Account'

# => "someid"

.Name = 'Foobar'
# => true

# => true


accounts = client.query_all("select Id, Something__c from Account where isDeleted = true")
# => #<Restforce::Collection >

query_all allows you to include results from your query that Salesforce hides in the default "query" method. These include soft-deleted records and archived records (e.g. Task and Event records which are usually archived automatically after they are a year old).

Only available in version 29.0 and later of the Salesforce API.


explain takes the same parameters as query and returns a query plan in JSON format. For the nitty-gritty details on the response meanings visit the Salesforce Query Explain page.

accounts = client.explain("select Id, Something__c from Account where Id = 'someid'")
# => #<Restforce::Mash >

Only available in version 30.0 and later of the Salesforce API.


client.find('Account', '001D000000INjVe')
# => #<Restforce::SObject Id="001D000000INjVe" Name="Test" LastModifiedBy="005G0000002f8FHIAY" ... >

client.find('Account', '1234', 'Some_External_Id_Field__c')
# => #<Restforce::SObject Id="001D000000INjVe" Name="Test" LastModifiedBy="005G0000002f8FHIAY" ... >


select allows the fetching of a specific list of fields from a single object. It requires an external_id lookup, but is often much faster than an arbitrary query.

# Select the `Id` column from a record with `Some_External_Id_Field__c` set to '001D000000INjVe''Account', '001D000000INjVe', ["Id"], 'Some_External_Id_Field__c')
# => {"attributes" : {"type" : "Account","url" : "/services/data/v20.0/sobjects/Account/Some_External_Id_Field__c/001D000000INjVe"}, "Id" : "003F000000BGIn3"}
# Find all occurrences of 'bar''FIND {bar}')
# => #<Restforce::Collection >

# Find accounts matching the term 'genepoint' and return the `Name` field'FIND {genepoint} RETURNING Account (Name)').map(&:Name)
# => ['GenePoint']


# Add a new account
client.create('Account', Name: 'Foobar Inc.')
# => '0016000000MRatd'


# Update the Account with `Id` '0016000000MRatd'
client.update('Account', Id: '0016000000MRatd', Name: 'Whizbang Corp')
# => true


# Update the record with external `External__c` external ID set to '12'
client.upsert('Account', 'External__c', External__c: 12, Name: 'Foobar')


# Delete the Account with `Id` '0016000000MRatd'
client.destroy('Account', '0016000000MRatd')
# => true


# Get the global describe for all sobjects
# => { ... }

# Get the describe for the Account object
# => { ... }


# Get layouts for an sobject type
# => { ... }

# Get the details for a specific layout by its ID
client.describe_layouts('Account', '012E0000000RHEp')
# => { ... }

Only available in version 28.0 and later of the Salesforce API.


# Fetch picklist value for Account's `Type` field
client.picklist_values('Account', 'Type')
# => [#<Restforce::Mash label="Prospect" value="Prospect">]

# Given a custom object named Automobile__c with picklist fields
# `Model__c` and `Make__c`, where options for `Model__c` depends on the value of
# `Make__c`.
client.picklist_values('Automobile__c', 'Model__c', valid_for: 'Honda')
# => [#<Restforce::Mash label="Civic" value="Civic">, ... ]


# Get info about the logged-in user
# => #<Restforce::Mash active=true display_name="Chatty Sassy" email="[email protected]" ... >


limits returns the API limits for the currently connected organization. This includes information such as Daily API calls and Daily Bulk API calls. More information can be found on the Salesforce Limits page.

# Get the current limit info
limits = client.limits
# => #<Restforce::Mash >

# => {"Max"=>15000, "Remaining"=>14746}

Only available in version 29.0 and later of the Salesforce API.


Retrieves the list of individual record IDs that have been updated (added or changed) within the given timespan for the specified object

# Get the ids of all accounts which have been updated in the last day
client.get_updated('Account', Time.local(2015,8,18), Time.local(2015,8,19))
# => { ... }


Retrieves the list of IDs and time of deletion for records that have been deleted within the given timespan for the specified object

# Get the list of accounts which have been deleted in the last day
client.get_deleted('Account', Time.local(2015,8,18), Time.local(2015,8,19))
# => { ... }


Performs an authentication and returns the response. In general, calling this directly shouldn't be required, since the client will handle authentication for you automatically. This should only be used if you want to force an authentication before using the streaming api, or you want to get some information about the user.

response = client.authenticate!
# => #<Restforce::Mash access_token="..." id="" instance_url="" issued_at="1348465359751" scope="api refresh_token" signature="3fW0pC/TEY2cjK5FCBFOZdjRtCfAuEbK1U74H/eF+Ho=">

# Get the user information
info = client.get(
# => '005E0000001eM4LIAU'

File Uploads

Using the new Blob Data api feature (500mb limit):

client.create('Document', FolderId: '00lE0000000FJ6H',
                          Description: 'Document test',
                          Name: 'My image',
                          Body:'image.jpg', __FILE__), 'image/jpeg')

Using base64 encoded data (37.5mb limit):

client.create('Document', FolderId: '00lE0000000FJ6H',
                          Description: 'Document test',
                          Name: 'My image',
                          Body: Base64::encode64('image.jpg'))

See also: Inserting or updating blob data

Downloading Attachments and Documents

Restforce also makes it incredibly easy to download Attachments or Documents:

attachment = client.query('select Id, Name, Body from Attachment').first, 'wb') { |f| f.write(attachment.Body) }
document = client.query('select Id, Name, Body from Document').first, 'wb') { |f| f.write(document.Body) }

Note: The example above is only applicable if your SOQL query returns a single Document record. If more than one record is returned, the Body field contains an URL to retrieve the BLOB content for the first 2000 records returned. Subsequent records contain the BLOB content in the Body field. This is confusing and hard to debug. See notes in Issue #301 explaining this detail. Executive Summary: Don't retrieve the Body field in a SOQL query; instead, use the BLOB retrieval URL documented in SObject BLOB Retrieve

Custom Apex REST endpoints

You can use Restforce to interact with your custom REST endpoints, by using .get, .put, .patch, .post, and .delete.

For example, if you had the following Apex REST endpoint on Salesforce:

global class RESTCaseController {
  global static List<Case> getOpenCases() {
    String companyName = RestContext.request.params.get('company');
    Account company = [ Select ID, Name, Email__c, BillingState from Account where Name = :companyName];

    List<Case> cases = [SELECT Id, Subject, Status, OwnerId, Owner.Name from Case WHERE AccountId = :company.Id];
    return cases;

Then you could query the cases using Restforce:

client.get('/services/apexrest/FieldCase', company: 'GenePoint')
# => #<Restforce::Collection ...>


Restforce supports the Streaming API, and makes implementing pub/sub with Salesforce a trivial task:

# Restforce uses faye as the underlying implementation for CometD.
require 'faye'

# Initialize a client with your username/password/oauth token/etc.
client = 'foo',
                       password: 'bar',
                       security_token: 'security token'
                       client_id: 'client_id',
                       client_secret: 'client_secret')

# Create a PushTopic for subscribing to Account changes.
               ApiVersion: '23.0',
               Name: 'AllAccounts',
               Description: 'All account records',
               NotifyForOperations: 'All',
               NotifyForFields: 'All',
               Query: "select Id from Account") do
  # Subscribe to the PushTopic.
  client.subscribe 'AllAccounts' do |message|
    puts message.inspect

Boom, you're now receiving push notifications when Accounts are created/updated.

See also: Streaming API docs

Note: Restforce's streaming implementation is known to be compatible with version 0.8.9 of the faye gem.


The gem supports easy caching of GET requests (e.g. queries):

# rails example:
client = Rails.cache)

# or
Restforce.configure do |config|
  config.cache = Rails.cache

If you enable caching, you can disable caching on a per-request basis by using .without_caching:

client.without_caching do
  client.query('select Id from Account')

Caching is done on based on your authentication credentials, so cached responses will not be shared between different Salesforce logins.


You can easily inspect what Restforce is sending/receiving by enabling logging, either globally (as below) or on a per-client basis.

Restforce.log = true

# Restforce will log to STDOUT with the `:debug` log level by default, or you can
# optionally set your own logger and log level
Restforce.configure do |config|
  config.logger ="/tmp/log/restforce.log")
  config.log_level = :info

client ='select Id, Name from Account')

Another awesome feature about restforce is that, because it is based on Faraday, you can insert your own middleware. For example, if you were using Restforce in a rails app, you can setup custom reporting to Librato using ActiveSupport::Notifications:

client = do |builder|
  builder.insert_after Restforce::Middleware::InstanceURL,
    FaradayMiddleware::Instrumentation, name: 'request.salesforce'

# config/initializers/notifications.rb
ActiveSupport::Notifications.subscribe('request.salesforce') do |*args|
  event =*args)
  Librato.increment ''
  Librato.timing 'api.salesforce.request.time', event.duration
end Canvas

You can use Restforce to decode signed requests from Salesforce. See the example app.

Tooling API

To use the Tooling API, call Restforce.tooling instead of

client = Restforce.tooling(...)

You can use the Tooling API to add fields to existing objects. For example, add "Twitter Username" to the default "Account" object:

client = Restforce.tooling(...)
client.create!("CustomField", {
  "FullName" => "Account.orgnamespace__twitter_username__c",
  "Metadata" => { type: "Text", label: "Twitter Username", length: 15 },

If you need a full Active Record experience, may be you can use ActiveForce that wraps Restforce and adds Associations, Query Building (like AREL), Validations and Callbacks.


We welcome all contributions - they help us make Restforce the best gem possible.

See our file for help with getting set up to work on the project locally.

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create your Pull Request