Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Experience API entry
How-to guide

How to call the Experience API from a custom mobile app

Calling the Experience API takes the standard OAuth flow plus a community context. The same patterns work for iOS, Android, and JavaScript clients; the differences are language-specific HTTP library handling.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated May 21, 2026

Calling the Experience API takes the standard OAuth flow plus a community context. The same patterns work for iOS, Android, and JavaScript clients; the differences are language-specific HTTP library handling.

  1. Set up OAuth in your community

    Setup, then Connected Apps, then create a new Connected App. Enable OAuth for the relevant scopes (api, chatter_api, full). Configure the redirect URI for your mobile app.

  2. Implement the OAuth flow

    In your mobile app, redirect the user to login.salesforce.com or your community''s branded login URL. The user authenticates; Salesforce redirects back with an authorization code. Exchange the code for an access token.

  3. Identify the community ID

    Call GET /services/data/v60.0/connect/communities to list the user''s accessible communities. Pick the right one and note the communityId for subsequent calls.

  4. Call Experience API endpoints

    Standard pattern: GET https://instance.my.salesforce.com/services/data/v60.0/connect/communities/communityId/resource with Authorization: Bearer token. Replace resource with feeds, groups, members, recommendations, etc.

  5. Handle pagination and rate limits

    Most Experience API endpoints return paginated responses. Follow the nextPageUrl in the response. Watch for HTTP 429 (rate limited); back off and retry.

  6. Refresh tokens

    OAuth access tokens expire (typically 2 hours). Use the refresh token to get new access tokens without re-prompting the user. Store refresh tokens securely; they grant long-term access.

Key options
OAuth 2.0 user authenticationremember

Standard pattern for customer-facing mobile apps. User logs in; the app acts as them.

Named Credential (server-side)remember

Pattern for backend services calling the API as a system user.

Anonymous public-knowledge accessremember

Limited endpoints work without authentication for public-flagged content.

GraphQL alternativeremember

Salesforce GraphQL API offers a query layer that complements Experience API REST endpoints.

Gotchas
  • Community context is mandatory for most endpoints. Forgetting to pass communityId returns 404 or 403; do not assume default community routing.
  • Public Knowledge endpoints require the article''s Channel to include Public Knowledge Base. Marking articles correctly is part of the API readiness.
  • Rate limits are per-org-per-user. Heavy mobile usage can hit limits; design for graceful degradation.
  • OAuth token storage on mobile is a security concern. Use platform secure storage (Keychain on iOS, Keystore on Android), not plain text.

See the full Experience API entry

Experience API includes the definition, worked example, deep dive, related terms, and a quiz.