**Source URL:** https://limited.veevavault.dev/commercial/vault-api/api-reference/26.1/authentication/salesforcetrade-delegated-requests

# Salesforce Delegated Requests

If your Vault uses Salesforce Delegated Authentication, you can call Vault API using your Salesforce session token. Learn about Salesforce Delegated Authentication in [Vault Help](https://platform.veevavault.help/en/lr/9594).

The following prerequisites apply:

*   A valid Vault user must exist with a Security Policy enabled for Salesforce.com Delegated Authentication.
*   The trusted 18-character Salesforce.com Org ID must be provided.
*   A user with a matching username must exist in Salesforce.com Org ID.

## Headers

<FieldTable>
| Name | Description |
| --- | --- |
| `Authorization` | Your Salesforce session token. |
| `X-Auth-Host` | Salesforce URL which Vault can use to validate the Salesforce session token. |
| `X-Auth-Provider` | Set to `sfdc` to indicate that Salesforce is the authorization provider. |
</FieldTable>

## Query Parameters

You can also use query string parameters instead of the headers outlined above.

<FieldTable>
| Name | Description |
| --- | --- |
| `auth` | Your Salesforce session token. |
| `ext_url` | Salesforce URL which Vault can use to validate the Salesforce session token. |
| `ext_ns` | Set to `sfdc` to indicate that Salesforce is the authorization provider. |
</FieldTable>

## Request

<CodeExample title="">
```bash
curl -X GET \
-H "Authorization: {SFDC_SESSION_TOKEN}" \
-H "X-Auth-Provider: sfdc" \
-H "X-Auth-Host: https://{my_sfdc_domain}" \
https://myveevavault.com/api/{version}/{Vault_Endpoint}
```
</CodeExample>

---

**Previous:** [End Session](/commercial/vault-api/api-reference/26.1/authentication/end-session)  
**Next:** [Delegated Access](/commercial/vault-api/api-reference/26.1/authentication/delegated-access)