Difference between Legacy Named Credentials and New Named Credentials

byVinod Palne -
0

 

Old (Legacy) Named Credentials

  • Everything bundled together → The login details (username/password, token, etc.) and the API endpoint URL are stored in the same place.

  • Easy but less secure → Setup was simpler, but security control was weaker. Anyone with access could use it without fine-grained permissions.

New Named Credentials (with External Credentials)

  • Split into two parts:

    1. External Credential → stores authentication details (how you log in).

    2. Named Credential → stores the endpoint URL and links to the External Credential.

  • More secure → Explicit permissions decide who can use it.

  • Reusable & scalable → One External Credential can be used across many Named Credentials (so you don’t repeat login info everywhere).

  • Declarative setup → No need for code to handle most authentication scenarios.

Quick Analogy

  • Old way → Like writing the Wi-Fi name + password on one sticky note and sharing it with everyone.

  • New way → Wi-Fi name is public (Named Credential), but the password is stored separately in a secure vault (External Credential), and only people you approve can use it.

 In short:

  • Old Named Credential = endpoint + login info together (simple but weaker security).

  • New Named Credential = endpoint (Named Credential) + login info (External Credential) separate (more secure, flexible, reusable).

Interview Q&A on Named Credentials (Old vs New)

1. What is a Named Credential in Salesforce?

Answer:
A Named Credential is a Salesforce configuration that defines how Salesforce connects to an external system.
It stores the endpoint URL and the authentication method so developers don’t have to hardcode them in Apex or flows.

2. What is the difference between legacy (old) Named Credentials and new Named Credentials with External Credentials?

Answer:

  • Legacy Named Credentials → Bundled endpoint URL and authentication details together in a single record.

  • New Named Credentials → Split them into two objects:

    • External Credential → Stores authentication details.

    • Named Credential → Stores the endpoint URL and links to the External Credential.
      This provides better security, reusability, and explicit permission control.

3. Why did Salesforce introduce the new model?

Answer:

  • To enhance security by separating credentials from endpoints.

  • To allow explicit permission control (who can use a credential).

  • To make authentication reusable and scalable across multiple integrations.

  • To support more declarative authentication flows (without code).

4. How does security differ between old and new Named Credentials?

Answer:

  • Old model → Implicit permissions; less granular. Anyone with access to the Named Credential could use it.

  • New model → Explicit permissions through External Credential & Permission Sets. Only assigned users/processes can use it.

5. What are External Credentials in Salesforce?

Answer:
External Credentials are a new object that store authentication details (OAuth, JWT, password, etc.).
They can be linked to one or many Named Credentials and controlled with Permission Sets.

6. What are the benefits of separating Named Credentials and External Credentials?

Answer:

  • Security → Credentials stored separately and tightly controlled.

  • Reusability → One External Credential can be reused across multiple endpoints.

  • Flexibility → Supports advanced authentication like OAuth 2.0, JWT, and more.

  • Scalability → Easier to maintain across large integration landscapes.

7. Can you give a real-world example?

Answer:

  • Old model: For each external API, you’d store both the URL + username/password together. If you needed 5 APIs with the same login, you’d duplicate credentials 5 times.

  • New model: You store the login (External Credential) once, then just create multiple Named Credentials for different URLs that point to it.

8. How do you control who can use a Named Credential in the new model?

Answer:
By assigning External Credential permissions via Permission Sets.
This ensures only approved users or processes can access the external system.

9. Which flows or integrations in Salesforce benefit the most from new Named Credentials?

Answer:

  • API callouts from Apex.

  • External Services.

  • Flows with external actions.

  • Any integration requiring OAuth or JWT-based authentication.

10. Quick Analogy Question

Q: Explain the difference between old and new Named Credentials in simple terms.
Answer:

  • Old = Keeping the lock (endpoint) and key (password) together in one box.

  • New = Keeping the lock (endpoint) in one place and the key (credential) in a secure vault, only giving access to approved people.

Tags:
Vinod Palne

Hi, I’m Vinod, and welcome to Salesforce Success Stories. I’m a Salesforce Consultant and Developer with over 9 years of experience in the IT industry, including more than 5 years dedicated to Salesforce development, administration, and the Force.com platform.

0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post