Work smarter with Salesforce Workbench

Salesforce Workbench is one of most essential tools packed with abundant features that come as a blessing for the admins and developers! It allows you to quickly view your organization’s data, perform SOQL Query, SOSL Search, Session settings, test, deploy, troubleshoot applications and a lot more. Though the functionalities of Salesforce can be carried out with Salesforce Admin UI, Developer Console, IDE, and others, the major difference and advantage is that Salesforce Workbench makes it very easy to access almost all functionalities in one place – there are no installs; all you need to do is to just log in to a website with your Salesforce credentials and get going.

In this blog, we will have a brief discussion on some of the core functionalities of this amazingly useful tool that can be leveraged by Salesforce admins and developers to maximize the benefits of Salesforce Workbench.

To access the Workbench, go to

1. Salesforce Workbench Login

Salesforce Workbench supports standard username and password login, login with Session ID or OAuth 2.0 Remote access login. Also, Workbench tools for Firefox transfer your session from the Salesforce user interface to Workbench with the click of a button.

OAuth Login – OAuth enables users to log into Salesforce Workbench and be authenticated by Salesforce without providing their username and password to Salesforce Workbench. Users who login with OAuth are redirected to Salesforce to give their Username and Password prompted to allow Workbench to access their account and then are returned to Workbench if approved. The login flow is similar even if you have logged into a third-party application and it gives users greater control of their login credentials.

2. Data Management

Edit Records – Salesforce Workbench allows you to view & edit single records just by clicking on their ID in query or search results. And if you know the ID already or it came from outside the Workbench environment, you can directly go to the operation you need to perform on the Data menu & paste in the ID into the single record field.

Creating the Zip file – With Salesforce Workbench, you can upload a Zip file to insert, update, upsert or delete binary files like Content, Documents, and Attachments. For using this feature, you need to prepare a Zip file containing binary files and a CSV file called request.txt.

Smart Lookup – When using Insert, Update, or Upsert, Smart Lookup allows you to provide foreign external IDs or standard ID lookup fields to automatically find the relevant Salesforce IDs through related objects.

Delete and Purge – Delete functionality moves records to your Organization’s recycle bin and can be undeleted if the object has an undeletable attribute. Purge on the other hand permanently deletes items in the Organization’s recycle bin. However, some types of objects are deleted immediately from your org when they are deleted. You need to make sure that the record has the undeletable attribute before deleting records. You can check this using the Describe function, which contains the Attributes folder.

Hard Delete Records from Salesforce Org – Salesforce Workbench allows you to skip the Recycle Bin and permanently hard delete records from Salesforce Org. For this, you need to delete the records as usual, except check the checkbox labeled “Permanently hard delete records” in the wizard.

3. Settings

Customize Salesforce Workbench and provide SOAP Headers to API – To Change default values on Settings Menu and to toggle the ones that can be overridden by end users, the Salesforce Workbench admins can access the config.php file from the Web server directly and make the adjustments.

Disable Security Warning, Requested time or show SOAP Messages – To make global changes to these settings, you need to locate check SSL, DisplayRequestTime, debug properties in config.php file to make the necessary changes.

Check out the Salesforce Workbench Settings here

4. Security

Configuring CSRF protection in Salesforce Workbench – CSRF or Cross-Site Request Forgery is done by hackers to trick the users into inserting or manipulating data on their behalf through a trusted website of the user. To safeguard your data against these attacks, CSRF protection is integrated into your Salesforce Workbench, which relies on a “secret” stored on your Salesforce Workbench environment. We strongly recommend that you change the default secret to something that can be confidentially protected. For this, you need to go into the config/overrides.php file, find “CSRF SECURITY SETTINGS” section and then change the default “CHANGE ME” and then uncomment the line by removing double backslashes.

Additionally, you can enable Login CSRF Protection to add another layer of protection to your Salesforce Workbench instance. This lets you block programmatic logins to Workbench, which could also be used by hackers to attack.

Require end-to-end SSL – Salesforce Workbench uses HTTPS (SSL) by default to connect to Salesforce. However, it is your server configuration that determines the connection between your computer and Salesforce Workbench environment. To enable Salesforce Workbench to enforce end-to-end SSL, add the line below to config/overrides.php file


Block or allow only certain orgs to use your Workbench InstanceSalesforce Workbench allows you to perform this through its Blacklist and Whitelist features. For this, you need to find the “ORG ID WHITELIST / BLACKLIST” section in your config/overrides.php file and follow the instructions in order to add or remove Orgs.