Your agent doesn't need a Salesforce UI. Talk to it over REST from any portal, backend or messaging channel — the "headless 360" way of building.
Salesforce increasingly works as an API-first — "headless" — platform: agents, LLMs (Models API) and data are all reachable without a browser. The Agent API is the piece that makes Agentforce headless: a REST interface to start a session with an agent, exchange messages (synchronously or streamed), and end the session. Your agent's topics, actions, guardrails and Data Cloud grounding all still apply — only the front end is yours.
That means one agent, built once, can serve your customer portal, a WhatsApp bot, an internal tool, or a nightly automation — no Experience Cloud embed required.
Per the official Get Started guide, you authenticate with an External Client App (the successor to connected apps) using the OAuth client credentials flow:
api, refresh_token / offline_access, chatbot_api and sfap_api.lightning.force.com.curl -X POST \
https://YOUR_DOMAIN.my.salesforce.com/services/oauth2/token \
-d 'grant_type=client_credentials' \
-d 'client_id=YOUR_CONSUMER_KEY' \
-d 'client_secret=YOUR_CONSUMER_SECRET'
# => { "access_token": "00D...", ... }
api.gov.salesforce.com.
1. Start a session with your agent's ID (from the agent's URL in Setup or the Metadata API):
curl -X POST \
https://api.salesforce.com/einstein/ai-agent/v1/agents/AGENT_ID/sessions \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"externalSessionKey": "RANDOM_UUID",
"instanceConfig": { "endpoint": "https://YOUR_DOMAIN.my.salesforce.com" },
"streamingCapabilities": { "chunkTypes": ["Text"] },
"bypassUser": true
}'
# => { "sessionId": "...", "messages": [ { "type": "Inform", ... } ] }
2. Send messages to the session (synchronous variant shown; a streaming endpoint returns Server-Sent Events for token-by-token output):
curl -X POST \
https://api.salesforce.com/einstein/ai-agent/v1/sessions/SESSION_ID/messages \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"message": {
"sequenceId": 1,
"type": "Text",
"text": "Where is order 8842?"
}
}'
3. End the session when the conversation is over:
curl -X DELETE \
https://api.salesforce.com/einstein/ai-agent/v1/sessions/SESSION_ID \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-H 'x-session-end-reason: UserRequest'
Always verify payload details against the Agent API reference — the API is evolving quickly release to release.
A manufacturer already has a customer portal built on Next.js — no Experience Cloud. They build one Agentforce agent with two actions (look up order, fetch shipment events) and put it behind their existing chat widget:
The pattern to remember: build the intelligence once in Agentforce; treat every channel as a thin client of the Agent API.
client_secret in a browser.externalSessionKey (UUID) per conversation and persist the mapping to your user.Sources: Agent API — Get Started (Salesforce Developers) · Chat with Agents Using Agent API · Trailhead: Build Custom AI Agents with Agent API