Set up the Salesforce MCP server

Salesforce's Hosted MCP server gives AI agents access to Salesforce data — querying, creating, and modifying records across standard and custom objects, running Data Cloud queries, invoking custom actions, and more. This guide covers enabling the MCP Beta in your Salesforce org, creating an External Client App for OAuth authentication, and connecting the server to MintMCP.

Prerequisites

• A MintMCP admin account
• A Salesforce org (Developer Edition, sandbox, or production) where you have Administrator access
• The "Customize Application" permission in Salesforce

Enable the MCP Beta in Salesforce

The Hosted MCP server is a beta feature that must be enabled before you can use it.

1. In Salesforce, open Setup.
2. In the Quick Find box, type User Interface and select User Interface.
3. Check Enable MCP Service (Beta) and save.

Using the MCP server counts against your org's API quota.

Create an External Client App

Salesforce requires an External Client App for MCP authentication — do not use a Connected App.

1. In Setup, type external client in the Quick Find box and select External Client App Manager.

2. Click New External Client App.

3. Fill in the Basic Information section with an app name (for example, "MintMCP").

4. Expand API (Enable OAuth Settings) and check Enable OAuth.

5. In the Callback URL field, enter:

   https://app.mintmcp.com/oauth/callback

6. Under Selected OAuth Scopes, add all four required scopes:

   Scope	Description
   api	Manage user data via APIs
   sfap_api	Access the Salesforce API Platform
   refresh_token, offline_access	Perform requests at any time
   einstein_gpt_api	Access Einstein GPT services

7. Under security settings:

   • Select Issue JSON Web Token (JWT)-based access tokens for named users
   • Select Require Proof Key for Code Exchange (PKCE) extension
   • Deselect all other options

8. Click Create.

Allow up to 30 minutes for the External Client App to become active before connecting.

Copy the Consumer Key

1. In External Client App Manager, open the app you just created.
2. Go to Settings > Consumer Key and Secret.
3. Copy the Consumer Key — this is your OAuth Client ID. You'll need it in the next step.

Add Salesforce to MintMCP

Salesforce hosts multiple MCP servers, each exposing a different set of capabilities. Add each server you want to make available separately.

Server URLs:

Production

Server	URL	Capabilities
All objects (full access)	https://api.salesforce.com/platform/mcp/v1-beta.2/platform/sobject-all	CRUD on all standard and custom objects
Read-only objects	https://api.salesforce.com/platform/mcp/v1-beta.2/sobject-reads	Query and describe Salesforce objects
Mutations	https://api.salesforce.com/platform/mcp/v1-beta.2/sobject-mutations	Create and update records
Deletes	https://api.salesforce.com/platform/mcp/v1-beta.2/sobject-deletes	Delete records
Data Cloud	https://api.salesforce.com/platform/mcp/v1-beta.2/data-cloud-queries	SQL queries against Data Cloud
Invocable actions	https://api.salesforce.com/platform/mcp/v1-beta.2/invocable_actions	Discover and invoke custom Salesforce actions
Tableau Next	https://api.salesforce.com/platform/mcp/v1-beta.2/analytics/tableau-next	Semantic model exploration and analytics queries
Revenue Cloud	https://api.salesforce.com/platform/mcp/v1-beta.2/revenue-cloud	Quote-to-cash and asset management
Insurance Cloud	https://api.salesforce.com/platform/mcp/v1-beta.2/insurance-cloud	Insurance policies, quotes, and underwriting
Pricing	https://api.salesforce.com/platform/mcp/v1-beta.2/pricing-ngp	Context-based pricing calculations

Sandbox / scratch org

Server	URL	Capabilities
All objects (full access)	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/platform/sobject-all	CRUD on all standard and custom objects
Read-only objects	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/sobject-reads	Query and describe Salesforce objects
Mutations	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/sobject-mutations	Create and update records
Deletes	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/sobject-deletes	Delete records
Data Cloud	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/data-cloud-queries	SQL queries against Data Cloud
Invocable actions	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/invocable_actions	Discover and invoke custom Salesforce actions
Tableau Next	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/analytics/tableau-next	Semantic model exploration and analytics queries
Revenue Cloud	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/revenue-cloud	Quote-to-cash and asset management
Insurance Cloud	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/insurance-cloud	Insurance policies, quotes, and underwriting
Pricing	https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/pricing-ngp	Context-based pricing calculations

To add a server in MintMCP:

1. In MintMCP, go to MCP store > Manage store.
2. Click + Add an MCP to your registry → Connect to an MCP by URL.
3. Enter the server URL for the server you want to enable.
4. Set Connection type to Per-user credentials.
5. Set Authorization method to OAuth.
6. Open OAuth Client Advanced Settings and paste the Consumer Key in the Client ID field.
7. Click Create.

Repeat for each additional server you want to expose to your team.

Security considerations

• Each user authenticates individually through OAuth, so tool calls are attributed to their Salesforce identity and limited by their existing Salesforce permissions.
• The Consumer Key alone authorizes OAuth access — store it securely and restrict who can view it in MintMCP.
• API calls made through the MCP server count against your org's API quota. Monitor usage in Salesforce Setup under API Usage.
• The MCP server is currently in Beta — review the Salesforce Beta Services Terms before deploying in production.

Next steps

• Tool customization — Control which Salesforce tools are exposed to users
• MCP gateway administration — Manage access and permissions