Definition
A Named Credential in Salesforce securely stores the URL and authentication settings for an external service endpoint. By referencing a Named Credential in Apex callouts or External Services, developers avoid hardcoding URLs and credentials in code, improving security and making it easy to update endpoints without code changes.
Real-World Example
A developer at LogiTrack creates a Named Credential called "ShippingAPI" that stores the base URL and OAuth credentials for their shipping provider's API. In the Apex callout code, she simply references callout:ShippingAPI/v2/track instead of hardcoding the URL and token. When the shipping provider rotates their API keys, the admin updates the Named Credential without touching any code.
Why Named Credential Matters
A Named Credential in Salesforce securely stores the endpoint URL and authentication settings for an external service, encapsulating connection details in a reusable, declaratively managed configuration. When developers reference a Named Credential in Apex callouts or External Services, the platform automatically handles authentication — injecting OAuth tokens, basic auth headers, or JWT signatures — without the developer ever seeing or hardcoding the credentials in code. This solves two critical problems: security (credentials are never exposed in source code or version control) and maintainability (when an external service rotates its API keys or changes its URL, only the Named Credential needs updating, not every line of code that calls the service).
As organizations scale their integration footprint and connect to more external services, Named Credentials become a governance cornerstone. Without them, developers hardcode URLs and store credentials in custom settings or custom metadata, creating security vulnerabilities and maintenance nightmares — a single API key rotation can require updating dozens of Apex classes across multiple sandboxes and production. Named Credentials centralize these connection details in one place that administrators can manage without touching code. Organizations that enforce a policy of always using Named Credentials for external callouts dramatically reduce their security risk surface and can respond to credential rotations in minutes instead of days.
How Organizations Use Named Credential
- LogiTrack Shipping — LogiTrack creates a Named Credential called 'ShippingAPI' that stores the base URL and OAuth 2.0 credentials for their shipping provider's REST API. In the Apex callout code, the developer references callout:ShippingAPI/v2/track instead of hardcoding the URL and bearer token. When the shipping provider rotates their OAuth client secret quarterly, the admin updates the Named Credential in Setup in under a minute without any code changes or deployments.
- Apex Digital Agency — Apex Digital Agency uses a Named Credential to connect Salesforce to a client's payment processing API. During development, the Named Credential points to the payment sandbox environment with test credentials. When the project moves to production, the admin changes only the Named Credential's URL and authentication settings — every Apex class and Flow that references the Named Credential automatically connects to the production payment endpoint without code changes.
- NexGen Analytics — NexGen Analytics creates separate Named Credentials for their analytics API's production and staging environments. By referencing the Named Credential by name rather than by URL in their Apex code, they deploy the identical code package to every sandbox and production, with each environment's Named Credential pointing to the appropriate API endpoint. This eliminates the risk of a sandbox accidentally calling the production API during testing.