Important: (Updated January 23, 2026) This topic is related to upcoming changes and additional setup required for the continued use of Outbound Messages (OBMs) in Nintex DocGen, in view of the upcoming deprecation of session IDs in Salesforce. Stay tuned for additional guidance and updates to this content as we prepare to release these changes in the near future.

Setting up Outbound Message authentication

Salesforce is introducing stronger security measures in February 2026, which means Nintex DocGen will now require certificate based authentication on all Outbound Messages. Organizations that do not implement certificates will experience failures when sending Outbound Messages to Nintex DocGen.

The use of Salesforce certificates also allows administrators to securely manage certificates used for Salesforce API communications. This ensures that communication between Nintex's services and Salesforce remain secure.

Follow all the steps below to create, sign, and upload the certificate.

Create a certificate request (CSR) in Salesforce setup

  1. In Salesforce Setup, search for Certificate and Key Management.

  2. Click Create CA-Signed Certificate.

  3. Fill in the required (*) fields. <Recommended values coming soon>

  4. Click Save.

  5. Click Download Certificate Signing Request to download your certificate. You will need it in the following steps.

 

Obtain a signed certificate from Nintex

  1. Navigate to <URL coming soon>

  2. Log in with your Salesforce credentials.

  3. Use this page to upload the CSR, and to generate your signed certificate.

  4. Download the signed certificate (.CER).

  5. To upload your signed certificate, return to the Salesforce Certificate and Key Management page, find the CSR record in the list that you created previously, click on the name to view the record, then click Upload Signed Certificate.

  6. Select the certificate and click Save.
    This will be the signed certificate to secure all OBMs with Nintex DocGen.

Assign the signed certificate to Salesforce

  1. In the Certificate and Key Management page, under the API Client Certificate section, click Edit.

  2. Select the signed certificate you uploaded in the previous step.

  3. Click Save.

Note: You will only be able to assigned a key once it's signed. Now, all outbound messages between Salesforce and theNintex services will be secured using this certificate.