Salesforce holds some of the most valuable business data in any enterprise, from customer accounts and sales pipelines to service records and marketing interactions. Getting that data into Python, where it can be transformed, analyzed, or fed into AI workflows, requires a clear approach to connectivity, authentication, and query execution.
This blog covers how to connect Python to Salesforce in 2026 using the CData Python Connector for Salesforce, the enterprise-grade solution for Salesforce data access, analytics, and ETL pipelines. While libraries like simple-salesforce are suited for Salesforce administration tasks such as managing org configuration and deploying metadata, data-focused use cases require a more capable connectivity layer.
Prepare Salesforce credentials and authentication
Secure, correctly scoped credentials are the foundation of every Python-Salesforce integration. Before writing a single line of Python, understanding how Salesforce manages external access is essential. A Salesforce Connected App enables external applications to connect with Salesforce APIs using industry-standard protocols like OAuth 2.0, and provides security controls for tokens, scopes, and permissions. Creating one is the first step for any integration. Several authentication methods are available, each suited to different use cases:
Username and password flow: Simple and fast for proof-of-concept scripts. Not recommended for production due to security limitations.
OAuth 2.0 Web Server flow: The preferred option for web apps and integrations requiring user consent.
JWT Bearer flow: Best suited for server-to-server integrations where no user interaction is possible. Recommended for production automation.
The table below outlines the core credential setup steps:
Step | Action | Notes |
1 | Create a Connected App in Salesforce Setup | Enable OAuth and set callback URL |
2 | Define OAuth scopes | Use least-privilege scopes only |
3 | Gather Consumer Key and Secret | Store securely, never in source code |
4 | Select authentication flow | JWT or OAuth 2.0 recommended for production |
5 | Store credentials in environment variables | Use python-dotenv or a secrets manager |
Set up the Python environment and install packages
A clean Python environment prevents dependency conflicts and makes integrations easier to maintain. A virtual environment is an isolated Python workspace that lets developers manage project-specific dependencies without affecting the system Python installation.
To set up the environment and install the necessary packages, run the following:
python -m venv salesforce-env
source salesforce-env/bin/activate # On Windows: salesforce-env\Scripts\activate
pip install cdata.salesforce pandas matplotlib sqlalchemy
The CData Python Connector for Salesforce provides a standards-based DB-API 2.0 interface with full SQL-92 support, push-down optimization, and native compatibility with Pandas, SQLAlchemy, Apache Airflow, and Dash. It offers enterprise-grade capabilities including TLS 1.2 encryption, SSO support, and built-in audit logging, making it purpose-built for data access, analytics, and ETL pipelines at scale. For a detailed setup walkthrough, refer to the Getting Started with the CData Python Connector for Salesforce guide.
Authenticate to Salesforce using Python
The CData Python Connector supports three authentication methods:
OAuth (recommended): Manages the full flow automatically when the InitiateOAuth connection property is set to GETANDREFRESH
Login (basic): When the AuthScheme connection property is set to Basic with the User, Password, and Security Token connect properties
SSO: Configured using SSOProperties, SSOLoginUrl, and SSOExchangeURL for identity provider-based login
If MFA enforcement is enabled, set the MFACode connection property to the time-based one-time passcode from authenticator app. Full details are available in the CData Python Connector documentation.
Security tip: Never hardcode credentials in source code. Use environment variables and secrets managers for compliance and safety.
The following example connects to Salesforce using the CData connector with OAuth:
import cdata.salesforce as mod
conn = mod.connect("InitiateOAuth=GETANDREFRESH;")
cur = conn.cursor()
cur.execute("SELECT * FROM Leads")
rs = cur.fetchall()
for row in rs:
print(row)
Query Salesforce data with SOQL
Once authenticated, data retrieval relies on SOQL. Salesforce Object Query Language (SOQL) is a specialized language for querying data from Salesforce objects, similar in spirit to SQL but tailored for the Salesforce platform.
The following steps demonstrate querying Salesforce data using the CData connector with standard SQL. The connector automatically maps SQL-92 queries to SOQL, pushing supported operations server-side for optimal performance:
Establishes the connection using the authenticated Salesforce instance.
Writes a SOQL query targeting the relevant Salesforce object.
Parses the returned records and use them downstream.
# Query the first 10 Accounts
cur.execute("SELECT Id, Name FROM Account LIMIT 10")
for row in cur.fetchall():
print(row)
Standard SQL is the foundation for extracting Salesforce data into Python ETL pipelines, analytics workflows, and AI model training datasets. The CData connector supports SQL-92 operations including aggregations, JOINs, and filtering, with push-down optimization ensuring supported operations run server-side for maximum performance. For full details on Salesforce object schemas and available fields, refer to the Salesforce Developer documentation.
Perform CRUD operations in Salesforce via Python
CRUD refers to the four foundational database operations, Create, Read, Update, and Delete, which are essential for managing records in any data integration scenario. The CData Python Connector supports full bidirectional access to Salesforce through standard SQL statements:
Create: execute("INSERT INTO Account (Name, Industry) VALUES ('New Account', 'Technology')")
Read: execute("SELECT Id, Name FROM Account WHERE Id = '001XXXXXXXXXXXX'")
Update: execute("UPDATE Account SET Name = 'Updated Name' WHERE Id = '001XXXXXXXXXXXX'")
Delete: execute("DELETE FROM Account WHERE Id = '001XXXXXXXXXXXX'")
Each operation returns a response object that should be checked for errors. Adding error handling after every API call is a production requirement, not an optional improvement. For large volumes of records, switching to Bulk operations (covered in the next section) is strongly recommended to avoid hitting Salesforce API governor limits.
Handle bulk operations and large data sets
The Salesforce Bulk API is a high-performance RESTful interface designed for processing large volumes of records asynchronously in batches, making it ideal for enterprise-scale data operations. When working with thousands or millions of records, the standard REST API will hit rate limits quickly.
The CData Python Connector includes built-in replication and caching commands that make it straightforward to copy Salesforce data to local or cloud data stores such as SQL Server, Oracle, or Google Cloud SQL, with incremental update logic that replicates only changed records on subsequent runs. For ETL pipelines, the connector integrates directly with Apache Airflow, petl, and other orchestration tools:
# ETL pipeline example using petl and CData connector
import petl as etl
from sqlalchemy import create_engine
engine = create_engine("salesforce:///?InitiateOAuth=GETANDREFRESH")
table = etl.fromdb(engine, "SELECT Id, Name, AnnualRevenue FROM Account")
etl.tocsv(table, "accounts.csv")
Records should be processed in batches to stay within Salesforce governor limits. The CData connector’s push-down query optimization reduces unnecessary data transfer by executing supported operations server-side. Retry logic with exponential backoff handles transient API failures, and since Bulk API jobs can succeed partially, graceful failure handling is essential to avoid data gaps.
Implement best practices for security and error handling
Protecting sensitive Salesforce data and building resilient integrations requires consistent attention to both security and runtime stability. On the security side, all credentials should be stored in environment variables or a dedicated secrets manager such as AWS Secrets Manager or HashiCorp Vault, and rotated on a regular schedule. Tokens, passwords, and sensitive field values should never appear in logs, and OAuth scopes and Connected App permissions should follow least-privilege access to limit exposure.
For error handling, every API call should check HTTP status codes and parse Salesforce error responses for actionable messages. Retries with exponential backoff handle rate-limit errors (HTTP 429) and transient network failures, while timeouts prevent hanging processes. Errors should be logged with enough context to support auditing and incident response.
Deploy and maintain the Python-Salesforce integration
Moving from a working script to a production integration requires attention to deployment repeatability and ongoing maintenance. Containerizing the integration using Docker ensures consistent behavior across environments and pairing it with a CI/CD pipeline automates testing, linting, and deployment on every code change. Modern Python web frameworks such as Django, Flask, and FastAPI are well-suited for building microservice front ends that expose Salesforce data to internal applications.
On the maintenance side, dependency versions should be reviewed regularly for security patches, and API version compatibility should be monitored as Salesforce releases seasonal updates. The CData connector supports SOAP API versions 30.0 and above, with schema files that can be updated at runtime without requiring a new build.
A production-ready Python-Salesforce integration should have environment variables and secrets handled securely and kept out of source control, with logging and monitoring enabled and alerts configured for failures and anomalies. Token refresh or rotation should be scheduled to prevent authentication expiry, and automated unit and integration tests should cover all API interactions. Dependency versions should be pinned and reviewed regularly for security patches, and API version compatibility should be monitored as Salesforce releases seasonal updates.
For teams that need live, governed, and standards-based access to Salesforce data across BI tools and analytics platforms, CData Python Connector for Salesforce provide a consistent Python connectivity layer with support for advanced query pushdown and compliance-ready authentication. Explore additional resources for Salesforce with Pandas, Salesforce with LlamaIndex, and Salesforce with Dash.
Frequently asked questions
How do I authenticate securely with Salesforce from Python?
Create a Connected App in Salesforce and use OAuth 2.0 for authentication. Store credentials in environment variables and avoid hardcoding sensitive information in the code.
How do I handle bulk operations and large datasets?
Use the sf.bulk interface or the Salesforce Bulk API directly for efficient processing of large datasets, especially for insert and update operations at scale.
What are best practices for production use?
Use environment variables for credentials, implement error handling and retry logic, monitor API limits, and regularly update packages and tests.
How do I troubleshoot common connection errors?
Check credentials and endpoint details, ensure correct user permissions, and handle API rate limits with retries and exponential backoff.
Can I integrate with other tools like Databricks or Data Cloud?
Yes, Salesforce connectors in Databricks or integrations with other systems enable unified data flows and analytics using Salesforce data.
What's new in 2026 for Python-Salesforce integrations?
Developers are increasingly using OAuth 2.0, async APIs, and integrating AI-enhanced automation, making Python-Salesforce integrations more secure and extensible.
Connect to Salesforce data in Python with the CData Connector
CData Python Connector for Salesforce provide standards-based Python access to Salesforce data across analytics tools, BI platforms, and custom applications, with support for advanced features like query pushdown and compliance-ready authentication.
Download a free trial to start building reliable Python-Salesforce integrations today.
Connect once. Query everything.
CData Drivers give you standards-based access to hundreds of data sources via ODBC, JDBC, ADO.NET, Python, and more. One consistent interface, any tool, any source.
