Legacy systems aren’t going anywhere anytime soon. Many organizations still depend on decades-old ERPs, mainframes, or custom-built platforms. But as companies modernize, integrating these old systems with platforms like Salesforce becomes essential. That’s where Salesforce Connected Apps come in.

A connected app acts like a secure gateway, allowing your legacy system to talk to Salesforce using APIs, secure tokens, and OAuth flows.

A Connected App is a configurable framework in Salesforce that allows external applications—including legacy systems—to securely access Salesforce data.

It provides:

• Authentication

• Authorization

• Secure token management

• API access permissions

• OAuth 2.0 authentication

• Scoped access

• API access control

• Token refresh

Legacy systems often lack modern authentication. A Connected App simplifies this by providing secure credentials and token-based access compatible even with older platforms.

Lightweight, modern, perfect for most systems.
Learn more: Salesforce REST API

Ideal for XML-based older systems.
Learn more: Salesforce SOAP API

The backbone of secure communication between legacy systems and Salesforce.
Details here: OAuth 2.0 Salesforce

• Ability to make HTTPS calls

• Store access tokens

• JSON/XML support

Tokens must be encrypted or stored securely.

Salesforce IPs may need whitelisting.
Reference: Salesforce IP Ranges

This generates keys for authentication.

Common scopes:

• API

• Refresh Token

• Full Access

Scopes list: Salesforce OAuth Scopes

Legacy systems using Username-Password flow may use a dummy callback URL.

These work like credentials and must be kept secure.

Best for systems without UI.
Guide: OAuth Username-Password Flow

More secure; requires certificates.
Guide: OAuth JWT Flow

Used when there’s a user login/UI.

Most legacy integrations use:

• Username-Password Flow

• JWT Flow (if certificates supported)

Request → Authentication → Response flow:
Legacy → Token → API Request → Salesforce → Data Returned

Tokens expire over time.

Useful for long-running integrations.
Learn more: Salesforce Token Lifecycle

Example:

GET /services/data/v62.0/sobjects/Account HTTP/1.1 Authorization: Bearer <access_token>

Response comes in JSON.

SOAP uses WSDL & XML.
WSDL reference: Salesforce WSDL

• System uses XML

• Complex transactions

• Strict message structure required

• IP restrictions

• Short token expiry

• Protect consumer keys

• TLS 1.2+ required

Salesforce security guide: Salesforce Security Guide

Token Expiry: Use refresh tokens
Legacy TLS Issues: Upgrade to TLS 1.2
Slow Processing: Use batch APIs
Batch API info: Salesforce Bulk API

Legacy system → Token request → Salesforce → Token → API operation → Response

Tools like MuleSoft, Boomi, Workato help modernize integrations.

Use Platform Events for near real-time communication.

Connecting legacy systems to Salesforce using a Connected App is secure, scalable, and reliable. OAuth flows, REST/SOAP APIs, and token-based authentication make even the oldest systems capable of modern communication.

1. Can any legacy system integrate with Salesforce?
Yes, if it supports HTTPS and token handling.

2. Best OAuth flow for old systems?
Username-Password Flow.

3. What if JSON isn’t supported?
Use SOAP API.

4. Is a Connected App required?
Yes, for external secure access.

5. Can these integrations be automated?
Yes — scheduled jobs can run API calls.