Skip to content
Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Get Request entry
How-to guide

Set up a Named Credential for a GET callout

To let Apex or a Flow make a GET callout to an external API, set up the endpoint and its authentication in Setup first. The recommended path is a Named Credential, which registers a trusted destination and handles the auth header for you. Configure it once and every GET callout that targets it stays clean and packageable.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated Jun 16, 2026

To let Apex or a Flow make a GET callout to an external API, set up the endpoint and its authentication in Setup first. The recommended path is a Named Credential, which registers a trusted destination and handles the auth header for you. Configure it once and every GET callout that targets it stays clean and packageable.

  1. Create the External Credential

    In Setup, open Named Credentials and switch to the External Credentials tab. Add an external credential, choose the authentication protocol the API uses, such as OAuth 2.0 or a custom header, and add a principal that holds the actual secret or token.

  2. Create the Named Credential

    On the Named Credentials tab, click New. Enter the base URL of the API, link the External Credential you just made, and keep the option to generate the authorization header enabled so the platform injects it on every call.

  3. Grant access through a permission set

    Open the External Credential principal and add it to a permission set, then assign that permission set to the users or the integration user whose context will run the GET callout. Without this grant the callout fails on authentication.

  4. Reference it from your GET callout

    In Apex, set the endpoint to callout:Your_Named_Credential plus the resource path and call setMethod('GET'). In Flow, point the External Service action at the same named endpoint. The platform resolves the URL and adds the auth header at run time.

URLremember

The base endpoint of the external API, for example https://api.example.com. Resource paths get appended after the named-credential reference in your callout.

Authentication Protocolremember

Set on the External Credential. Choose OAuth 2.0, JWT, AWS Signature, or a custom header to match what the target API requires.

Generate Authorization Headerremember

When enabled, Salesforce builds and attaches the auth header automatically so your code never handles the token. Disable it only if you need to set the header yourself.

Allowed Namespacesremember

Controls which packaged or org namespaces may use the credential, which matters when the callout ships inside a managed package.

Gotchas
  • A Named Credential endpoint bypasses Remote Site Settings, but a raw hard-coded URL does not. If you skip the Named Credential, add the host to Remote Site Settings or the callout is blocked.
  • Forgetting to assign the External Credential principal to a permission set is the most common cause of a GET callout failing with an authentication error right after setup.
  • Legacy Named Credentials still function but receive no new features. Build new ones on the External Credential model introduced in Winter '23.

See the full Get Request entry

Get Request includes the definition, worked example, deep dive, related terms, and a quiz.