Loading...

Generative AI is transforming how businesses automate workflows, generate content, and improve productivity. By integrating Google Gemini Vertex AI with Salesforce, developers can build AI-powered CRM experiences directly inside Salesforce applications.

Using Salesforce Named Credentials and External Credentials, businesses can securely authenticate with Google Vertex AI APIs without hardcoding authentication tokens or secrets in Apex code. This integration uses OAuth 2.0 JWT Bearer Flow for secure server-to-server communication.

This step by step guide covers the complete setup process, including:

  • Google Cloud project configuration
  • Vertex AI API setup
  • Service account creation
  • External Credential configuration
  • Named Credential setup
  • Apex integration
  • Testing and troubleshooting

By the end of this guide, you will understand how to build a secure AI-powered Salesforce workflow using Gemini Vertex AI.

Architecture Overview

Before starting the implementation, let’s understand the high-level architecture of the integration.

Integration Flow

  • Salesforce sends an API request to Vertex AI
  • Named Credential manages the endpoint
  • External Credential handles authentication securely
  • Vertex AI processes the prompt using Gemini
  • The AI-generated response is returned to Salesforce

Prerequisites

Before starting the integration, ensure the following prerequisites are completed.

Salesforce Requirements

  • Salesforce org with API access
  • System Administrator permissions
  • Apex enabled
  • Access to Named Credentials and External Credentials

Google Cloud Requirements

  • Google Cloud Platform account
  • Vertex AI API enabled
  • Billing enabled in GCP
  • Service account with Vertex AI permissions

Recommended Knowledge

  • Apex development
  • REST APIs
  • JSON serialization/deserialization
  • Salesforce authentication architecture

Step 1: Create a Google Cloud Project

The first step is creating a Google Cloud project where Vertex AI services will be enabled.

  • Open Google Cloud Console
  • Click Select Project
  • Click New Project
  • Enter the project name
  • Click Create

Step 1 2

Step 2: Enable Vertex AI API

Once the project is created, enable the Vertex AI API.

  • Navigate to APIs & Services
  • Click Library
  • Search for Vertex AI API
  • Click Enable

Step 3: Create a Service Account

A service account is required for secure communication between Salesforce and Vertex AI.

  • Navigate to IAM & Admin → Service Accounts
  • Click Create Service Account
  • Enter service account name
  • Assign the required roles:

    • AI Platform Admin
    • Agent Platform User (recommended)
  • Complete the setup

Important Note

Follow the principle of least privilege and assign only the minimum permissions required for production environments.

Step 3 2


Step 4: Generate a Service Account Key

Generate a JSON key file for the service account.

  • Open the created service account
  • Navigate to the Keys tab
  • Click Add Key → Create New Key
  • Select JSON
  • Download the key file

Important Note

Store the JSON key securely and never expose it publicly or commit it to version control.

Salesforce uses OAuth 2.0 JWT Bearer Flow to securely authenticate with Google Vertex AI APIs. The service account credentials are used by Salesforce External Credentials to automatically generate access tokens without hardcoding secrets in Apex.

Step 4 2


Step 5: Configure External Credential in Salesforce

External Credentials provide secure authentication management for external integrations.

Instead of manually generating access tokens in Apex, Salesforce automatically handles authentication through External Credentials.

Authentication Configuration

Use the following configuration:

  • Authentication Protocol: OAuth 2.0 JWT Bearer Flow
  • Token Endpoint: https://oauth2.googleapis.com/token
  • Scope: https://www.googleapis.com/auth/cloud-platform
  • Issuer: Service Account Email
  • Audience: https://oauth2.googleapis.com/token

External Credential Setup Steps

Open Salesforce Setup:

  • Search for External Credentials
  • Click New
  • Enter the Label and Name
  • Configure the authentication protocol
  • Add authentication parameters
  • Save the External Credential

Step 5 2

Step 5.1


OAuth 2.0 Authentication Configuration

Salesforce uses OAuth 2.0 JWT Bearer Flow to authenticate securely with Google Vertex AI APIs.

To enable JWT signing, Salesforce requires a certificate that is used to sign authentication requests before exchanging them for OAuth access tokens.

Steps

  • Generate or upload a certificate in Salesforce
  • Associate the certificate with the External Credential
  • Configure the service account email and authentication parameters
  • Save the configuration securely

Step 5.3

Why Use External Credentials?

External Credentials provide:

  • Secure authentication management
  • Centralized credential handling
  • No hardcoded secrets in Apex
  • Better maintainability
  • Salesforce security best practices alignment

Step 6: Configure Named Credential

Named Credentials simplify secure API callouts from Apex.

Once configured, Apex can reference the Named Credential directly without manually managing authentication headers.

Vertex AI Endpoint Example

Use the regional Vertex AI endpoint:

https://us-central1-aiplatform.googleapis.com

Example API path:

/v1/projects/PROJECT_ID/locations/us-central1/publishers/google/models/gemini-2.5-pro:generateContent

Region Configuration

Vertex AI models are region-specific.

Common supported regions:

  • us-central1
  • europe-west4

Ensure the selected model is available in the configured region. Incorrect region configuration can result in API errors.

Steps

  • Open Salesforce Setup
  • Search for Named Credentials
  • Click New
  • Enter the Label and API Name
  • Add the Vertex AI endpoint URL
  • Link the External Credential created earlier
  • Save the Named Credential

Step 6 2


Step 7: Create Apex Integration Class

Now we will create the Apex integration class that sends prompts to Gemini Vertex AI and retrieves AI-generated responses.

The integration uses:

  • Apex HTTP callouts
  • JSON serialization
  • Named Credentials
  • Gemini generateContent API

Apex Integration Example

public with sharing class GeminiVertexAIService {

How Authentication Works

The authentication is automatically handled by Salesforce using Named Credentials and External Credentials.

In the Apex callout, the endpoint starts with: callout:Vertex_AI_Gemini

This instructs Salesforce to:

  • Use the configured Named Credential
  • Retrieve authentication details from the linked External Credential
  • Automatically manage access tokens
  • Send authenticated requests securely to Vertex AI

Because of this setup, there is no need to manually handle OAuth tokens or authentication headers in Apex code.

Step 8: Build the Gemini Request Payload

The request payload contains:

  • User prompt
  • Content structure
  • Generation configuration

Salesforce serializes this payload into JSON before sending it to Vertex AI.

Step 9: Parse the Gemini Response

After Gemini processes the request, Salesforce receives a JSON response containing the generated AI output.

The response can be parsed using Apex JSON deserialization.

Example Parsing Logic


You can then extract the generated content from the response structure.

Step 10: Execute and Test the Integration

You can test the integration using Anonymous Apex.

  • Open Salesforce Web Console or Developer Console
  • Open Execute Anonymous Window
  • Write the script
  • Execute the code
  • Review debug logs

Step 10 1

Error Handling and Troubleshooting

Authentication Errors

Possible causes:

  • Incorrect External Credential configuration
  • Invalid service account permissions
  • Misconfigured authentication parameters

API Callout Errors

Possible causes:

  • Incorrect endpoint URL
  • Vertex AI API not enabled
  • Invalid Named Credential mapping
  • Incorrect Vertex AI region configuration

Best Practices

Security: Always use External Credentials instead of hardcoding tokens. Restrict service account permissions to the minimum required and rotate certificates regularly.

Performance: Avoid redundant API calls, implement retry logic with exponential backoff, and respect Salesforce governor limits on callouts.

Cost & Monitoring: Vertex AI is billed per input and output token, varying by model. Monitor quota usage and billing in Google Cloud Console alongside Salesforce debug logs to catch issues early.

Conclusion

Integrating Gemini Vertex AI with Salesforce using Named Credentials and External Credentials provides a secure and scalable approach to bring generative AI capabilities into Salesforce applications.

With this Salesforce integration, developers can automate workflows, generate AI-powered content, and create intelligent experiences while maintaining secure authentication practices through OAuth 2.0 JWT Bearer Flow.

As businesses continue adopting AI solutions, Google Gemini integration with Salesforce will help organizations build smarter applications, improve productivity, and unlock new possibilities across their CRM workflows.

Watch Demo Video

No Data Found.

Related Articles
How to Integrate Insurance Records Between NikoHealth and Salesforce

Keeping insurance records synchronized between NikoHealth and Salesforce helps reduce manual work and keeps your data accurate across both platforms. In this guide, we’ll show you how to set up the NikoHealth integration using MultiSync Made Easy. Before proceeding further, make sure: NikoHealth is already authorized with Salesforce. Patient synchronization is already configured. The Insurance […]

Read More
How to Integrate Patient Records Between NikoHealth and Salesforce

Managing patient data across systems often becomes complex for healthcare teams who need real-time accuracy and seamless updates. This guide helps you solve that by showing how to integrate and synchronize Patient records between NikoHealth and Salesforce using MultiSync Made Easy.  Related Guide: How to Integrate NikoHealth with Salesforce Using MultiSync Made Easy In this […]

Read More
Post Patient Data from NikoHealth Using Postman

Before building a Salesforce integration with NikoHealth, it is often useful to test APIs directly from Postman. This helps verify authentication, understand API responses, and test create/update operations before writing any code. In this guide, we will: Generate an Access Token using Client Credentials. Authorize NikoHealth APIs in Postman. Retrieve Patient information from NikoHealth. Create […]

Read More
Salesforce Web Console Beta A Unified Browser Based IDE for Faster Development

Salesforce Web Console (Beta) is a browser-based development environment that allows developers to write Apex code, run queries, debug applications, and manage metadata directly within their org. It is designed as a modern alternative to older tools such as Developer Console and Workbench. The Salesforce Web Console is available directly inside Salesforce and does not […]

Read More
Fetch Document from Niko Health and Attach it to Salesforce Account

Integrating external healthcare platforms like Niko Health with Salesforce helps streamline document management and improve operational efficiency. In this guide, we will walk through the complete process of fetching a document from Niko Health using APIs and attaching it to a Salesforce account as a file. This step-by-step implementation is useful when you want to […]

Read More
Winter 26 Update Using LWC as Local Actions in Screen Flows

The Salesforce Winter Release 2026 introduces powerful AI-driven updates focused on automation, productivity, and smarter CRM experiences. From major enhancements in Salesforce LWC to improved Salesforce Flow local action capabilities, the release helps developers and admins build faster, more scalable Salesforce solutions. The Salesforce Winter 26 release also reflects Salesforce’s growing focus on AI-powered workflows, […]

Read More
Our Location worldwide
Indian Flag India
3rd Floor, A-10, Pegasus Tower, Sector 68, Noida, Uttar Pradesh 201301 +91-1203239658
United States of America Flag USA
333 West Brown Deer Road Unit G – 366 Milwaukee WI, USA 53217 +1(262) 310-7818
United Kingdom Flag UK
7 Bell Yard, London, WC2A 2JR +44 20 3239 9428
Canada Canada
HIC Global Solutions INC
6D - 7398 Yonge St #1124 Thornhill, ON L4J 8J2 Canada +1(262) 310-7818