To integrate Pardot (Salesforce Marketing Cloud Account Engagement) with V0 by Vercel, generate lead capture forms with V0, create a Next.js API route that submits prospects to Pardot using the Pardot API v5 with Salesforce Connected App OAuth, and store your credentials in Vercel environment variables. Your app can capture B2B leads, sync prospect data, and trigger nurture campaigns without exposing API credentials to the browser.
Capture B2B Leads and Sync Prospects to Pardot from V0-Generated Next.js Apps
Pardot (officially renamed Salesforce Marketing Cloud Account Engagement in 2022) is the B2B marketing automation platform of choice for Salesforce customers. It handles prospect tracking, lead scoring, drip email campaigns, and sales handoff automation. For companies using Pardot, connecting V0-generated lead capture forms, trial sign-up pages, and contact pages to Pardot ensures that every inbound lead enters the marketing automation pipeline immediately — with the right campaign assignments, list memberships, and scoring rules applied automatically.
The Pardot API v5 is the current official API, replacing the deprecated v3 and v4 versions. Unlike older versions that used Pardot-specific API keys, v5 uses Salesforce OAuth 2.0 for authentication — the same authentication mechanism used across all Salesforce APIs. This means you need a Salesforce Connected App configured with the Pardot scope. The integration follows a straightforward pattern: create a Connected App in Salesforce Setup, use client credentials or username-password OAuth flow to obtain an access token, then call the Pardot API v5 endpoints using that token alongside a Pardot Business Unit ID header.
Common integration scenarios include capturing demo request leads from a V0-generated landing page, syncing contact form submissions to Pardot as prospects with campaign source tracking, updating prospect scores or custom field values based on user behavior in your app, and adding prospects to specific Pardot lists to trigger email nurture sequences. The API supports all standard Pardot operations: creating prospects, updating existing prospect records, adding/removing list memberships, creating activities, and reading prospect data for CRM dashboards.
Integration method
Pardot integrates with V0-generated Next.js apps through server-side API routes that authenticate via Salesforce Connected App OAuth and call the Pardot API v5. Lead capture forms generated by V0 submit prospect data to Next.js API routes, which create or update Pardot prospect records and trigger list memberships and campaign assignments. All Salesforce OAuth credentials are stored in Vercel environment variables and never reach the browser. The Pardot API v5 uses Salesforce's standard OAuth 2.0 token endpoint, making it consistent with other Salesforce API integrations.
Prerequisites
- A Salesforce org with Pardot (Marketing Cloud Account Engagement) enabled — Pardot requires a Salesforce license; contact your Salesforce admin if you're not sure if it's enabled
- Your Pardot Business Unit ID — found in Salesforce Setup → Marketing Setup → Business Units (a 15-character ID starting with '0Uv')
- A Salesforce Connected App configured for Pardot API access — create one in Salesforce Setup → Apps → App Manager → New Connected App with OAuth settings enabled
- OAuth client ID and client secret from the Connected App (Consumer Key and Consumer Secret in Salesforce terminology)
- A V0 account at v0.dev and a Vercel account for deployment
Step-by-step guide
Generate the Lead Capture Form UI with V0
Generate the Lead Capture Form UI with V0
Open V0 at v0.dev and describe the lead capture or prospect form interface you need. For B2B marketing forms, the most important details to specify are the form fields (standard prospect fields like first name, last name, business email, company name, company size, and job title), the visual style (enterprise-appropriate, clean, professional), the submit button copy, and what happens after submission (success message, redirect, or a multi-step form flow). V0 generates clean React forms with Tailwind CSS and shadcn/ui components — the form validation, loading states, and error displays are all included if you describe them in your prompt. For Pardot specifically, it is valuable to have hidden fields that capture UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) from the URL — these parameters are commonly passed on marketing landing pages and Pardot uses them for campaign attribution. Describe this requirement to V0 and it will generate code that reads URL search parameters using useSearchParams() and includes them in the form submission payload. The form should POST to /api/pardot/prospects on submission with the prospect data as a JSON body. After generating the form UI, use V0's Git panel to push the code to your GitHub repository before creating the API route that processes the submissions.
Create a B2B lead capture form with a clean two-column layout on desktop and single-column on mobile. Include fields for: First Name and Last Name (side by side), Business Email (full width, with email validation), Company Name, Company Size dropdown (Solo/1-10/11-50/51-200/200+ employees), Job Title, and a 'Tell us about your use case' textarea (optional). Add a Submit button labeled 'Request Demo'. On submit, POST to /api/pardot/prospects. Show a loading spinner on the button while submitting. On success, replace the form with a thank-you card: 'Thank you! A member of our team will reach out within 24 hours.' with a calendar icon. On error, show a red error banner with the message. Also capture utm_source, utm_medium, and utm_campaign URL parameters as hidden fields.
Paste this in V0 chat
Pro tip: Always use 'Business Email' as the field label rather than just 'Email' on B2B forms — this signals to prospects that personal email addresses are not appropriate, which improves the quality of leads entering Pardot.
Expected result: A professional B2B lead capture form renders in V0's preview with all required fields, validation, loading states, and a success thank-you state. The form POSTs JSON data to /api/pardot/prospects on submission.
Set Up Salesforce Connected App and Get OAuth Credentials
Set Up Salesforce Connected App and Get OAuth Credentials
Before writing the API route, configure a Salesforce Connected App that grants your Next.js server access to the Pardot API. In Salesforce, navigate to Setup → Apps → App Manager → New Connected App. Fill in: Connected App Name (e.g., 'Website Lead Capture'), Contact Email (your email), and enable OAuth Settings. In the OAuth section, check 'Enable OAuth Settings', add a callback URL (use https://your-app.vercel.app/api/auth/callback as a placeholder), and select the OAuth scopes: 'Access and manage your Pardot data (pardot_api)' and 'Perform requests on your behalf at any time (refresh_token, offline_access)'. Save the Connected App. After a few minutes, the Consumer Key (client ID) and Consumer Secret (client secret) appear on the app's page — copy both. For server-to-server integrations where your Next.js API route calls Pardot without a user present, use the OAuth 2.0 Username-Password flow with a dedicated Salesforce API user's credentials (username and password + security token). The security token is generated from Salesforce user settings → Reset My Security Token. This is the most straightforward flow for server-side integrations: exchange username + password + security token + client credentials for an access token, then use that access token to call Pardot APIs. The access token is valid for the Salesforce session duration (typically 2 hours) and should be cached and refreshed automatically in your API route.
1// app/api/pardot/prospects/route.ts2import { NextRequest, NextResponse } from 'next/server';34const SALESFORCE_TOKEN_URL = 'https://login.salesforce.com/services/oauth2/token';5const PARDOT_API_BASE = 'https://pi.pardot.com/api/v5';67let cachedToken: { token: string; expiresAt: number } | null = null;89async function getSalesforceAccessToken(): Promise<string> {10 if (cachedToken && Date.now() < cachedToken.expiresAt) {11 return cachedToken.token;12 }1314 const { SF_CLIENT_ID, SF_CLIENT_SECRET, SF_USERNAME, SF_PASSWORD, SF_SECURITY_TOKEN } =15 process.env;1617 if (!SF_CLIENT_ID || !SF_CLIENT_SECRET || !SF_USERNAME || !SF_PASSWORD) {18 throw new Error('Salesforce credentials are not configured');19 }2021 const response = await fetch(SALESFORCE_TOKEN_URL, {22 method: 'POST',23 headers: { 'Content-Type': 'application/x-www-form-urlencoded' },24 body: new URLSearchParams({25 grant_type: 'password',26 client_id: SF_CLIENT_ID,27 client_secret: SF_CLIENT_SECRET,28 username: SF_USERNAME,29 password: `${SF_PASSWORD}${SF_SECURITY_TOKEN || ''}`,30 }),31 });3233 if (!response.ok) {34 const error = await response.json();35 throw new Error(error.error_description || 'Salesforce authentication failed');36 }3738 const data = await response.json();39 // Cache token for 90 minutes (Salesforce sessions last 2 hours)40 cachedToken = { token: data.access_token, expiresAt: Date.now() + 90 * 60 * 1000 };41 return data.access_token;42}4344async function pardotRequest(path: string, options: RequestInit = {}) {45 const businessUnitId = process.env.PARDOT_BUSINESS_UNIT_ID;46 if (!businessUnitId) throw new Error('PARDOT_BUSINESS_UNIT_ID is not configured');4748 const token = await getSalesforceAccessToken();4950 const response = await fetch(`${PARDOT_API_BASE}${path}`, {51 ...options,52 headers: {53 Authorization: `Bearer ${token}`,54 'Pardot-Business-Unit-Id': businessUnitId,55 'Content-Type': 'application/json',56 ...((options.headers as Record<string, string>) || {}),57 },58 });5960 if (!response.ok) {61 const error = await response.json().catch(() => ({}));62 throw new Error(error.message || `Pardot API error ${response.status}`);63 }6465 return response.json();66}6768export async function POST(request: NextRequest) {69 let body: {70 email: string;71 firstName?: string;72 lastName?: string;73 company?: string;74 jobTitle?: string;75 utmSource?: string;76 utmMedium?: string;77 utmCampaign?: string;78 };7980 try {81 body = await request.json();82 } catch {83 return NextResponse.json({ error: 'Invalid request body' }, { status: 400 });84 }8586 if (!body.email) {87 return NextResponse.json({ error: 'Email is required' }, { status: 400 });88 }8990 try {91 const prospectData: Record<string, unknown> = {92 email: body.email,93 firstName: body.firstName,94 lastName: body.lastName,95 company: body.company,96 jobTitle: body.jobTitle,97 utmSource: body.utmSource,98 utmMedium: body.utmMedium,99 utmCampaign: body.utmCampaign,100 // Prospects are created via upsert — Pardot deduplicates by email101 };102103 // Remove undefined values104 Object.keys(prospectData).forEach((k) => prospectData[k] === undefined && delete prospectData[k]);105106 const result = await pardotRequest('/prospects', {107 method: 'POST',108 body: JSON.stringify(prospectData),109 });110111 return NextResponse.json({ success: true, prospectId: result.id }, { status: 201 });112 } catch (error) {113 const message = error instanceof Error ? error.message : 'Failed to create prospect';114 console.error('Pardot prospect creation failed:', message);115 return NextResponse.json({ error: message }, { status: 500 });116 }117}Pro tip: Pardot deduplicates prospects by email address — POSTing a prospect with an existing email updates the existing record rather than creating a duplicate. This makes the create and update operations idempotent, which is safe to call from form resubmissions.
Expected result: POST /api/pardot/prospects with { email: 'lead@company.com', firstName: 'Jane', company: 'Acme Corp' } creates or updates a Pardot prospect record and returns { success: true, prospectId: 'abc123' }.
Connect the Form to the API Route and Test Locally
Connect the Form to the API Route and Test Locally
Update your V0-generated form component to submit prospect data to /api/pardot/prospects and handle the response. The form submission handler should gather all field values into a JSON object matching the API route's expected body shape, POST the JSON to /api/pardot/prospects, and display a success or error state based on the response. For the UTM parameter capture, use the useSearchParams() hook from next/navigation in a client component to read utm_source, utm_medium, and utm_campaign from the URL, and include these values in the POST body. Test the integration locally by running npm run dev and adding all five Salesforce environment variables to your .env.local file: SF_CLIENT_ID, SF_CLIENT_SECRET, SF_USERNAME (the Salesforce API user's username), SF_PASSWORD (that user's password), SF_SECURITY_TOKEN (the security token reset from Salesforce user settings), and PARDOT_BUSINESS_UNIT_ID. To find your Pardot Business Unit ID, go to Salesforce Setup → Marketing Setup → Account Engagement Business Units — the ID is a 15-character string starting with '0Uv'. Submit a test form with a unique test email address and verify in Pardot (Pardot dashboard → Prospects) that the new prospect appears with the correct field values and campaign source data. Check the Prospect's activities tab to confirm the API-created activity is recorded. If the prospect does not appear, check the Next.js server console for error messages from the API route — common issues include incorrect Salesforce credentials (401) or a Business Unit ID mismatch (400).
Update the lead capture form to submit real data. On form submit, collect all field values and any UTM parameters from the URL (using useSearchParams). POST to /api/pardot/prospects with the prospect data as JSON. Disable the submit button and show a spinner while submitting. On success (response.success is true), hide the form and show the thank-you card. On error, show a red error banner below the submit button with the error message from the response. Log the prospectId from the success response to console for debugging. Add a retry button in the error state that clears the error and re-enables the form.
Paste this in V0 chat
Pro tip: When testing locally, use a real email address format with a domain you control (e.g., test+pardot@yourdomain.com) — Pardot validates email addresses and rejects obviously fake formats. Check the Pardot prospects list in the Pardot dashboard to confirm test submissions appear.
Expected result: Submitting the form creates a real prospect in Pardot, visible in the Pardot dashboard with the correct name, company, email, and any UTM attribution data. The form shows a success state after submission.
Configure Credentials in Vercel and Deploy
Configure Credentials in Vercel and Deploy
Push your code to GitHub and configure all Salesforce and Pardot credentials in the Vercel Dashboard. Navigate to Settings → Environment Variables and add six variables: SF_CLIENT_ID (the Consumer Key from your Salesforce Connected App), SF_CLIENT_SECRET (the Consumer Secret from the Connected App — treat this with the same care as a database password), SF_USERNAME (the Salesforce username of the API user — typically an email address like api.user@yourcompany.com), SF_PASSWORD (the password for that Salesforce user — note this is the account password, not a generated API key), SF_SECURITY_TOKEN (the Salesforce security token for the API user, generated from the user's Salesforce settings by clicking Reset My Security Token — it's emailed to the user's address), and PARDOT_BUSINESS_UNIT_ID (the 15-character ID starting with '0Uv' from Salesforce Setup → Marketing Setup → Account Engagement Business Units). None of these variables should have the NEXT_PUBLIC_ prefix — all are server-only secrets used exclusively in the API route. Set all variables for Production and Preview environments. After saving and deploying, test the live integration by submitting the form on your deployed Vercel URL and verifying the prospect appears in Pardot within a few seconds. If you encounter Salesforce IP restriction errors (error_description: 'REQUEST NOT ALLOWED'), add the Vercel IP ranges to Salesforce's network access allowlist in Salesforce Setup → Security → Network Access. For ongoing security, periodically rotate the SF_CLIENT_SECRET in Salesforce and update the Vercel environment variable, then redeploy.
Pro tip: Salesforce security tokens are reset automatically when a user changes their password. If your API route suddenly starts returning authentication errors, the SF_SECURITY_TOKEN may need to be updated — check Salesforce for a new token email sent to the API user's address.
Expected result: The deployed Vercel app successfully submits leads to Pardot. Test submissions create prospect records visible in the Pardot dashboard with correct field values and timestamps. Vercel Function Logs show successful authentication with Salesforce.
Common use cases
Demo Request Lead Capture Form
A landing page with a demo request form that submits to Pardot, creates a new prospect record with campaign source tracking, assigns the prospect to the 'Demo Requested' list to trigger an automated nurture email sequence, and notifies the sales team via Pardot's CRM sync.
Create a high-converting demo request landing page for a B2B SaaS product. Include a hero section with headline, three value proposition bullets, and a lead capture form with fields for: First Name, Last Name, Business Email, Company Name, Company Size (dropdown: 1-10, 11-50, 51-200, 201-1000, 1000+), and Role (dropdown: C-Suite, VP/Director, Manager, Individual Contributor, Other). Add a Submit button with 'Book a Demo' text and a privacy policy checkbox. On submit, POST to /api/pardot/prospects. Show a thank-you page after success. Use a professional dark blue and white design appropriate for enterprise software.
Copy this prompt to try it in V0
Free Trial Sign-Up with Automatic Lead Scoring
A trial sign-up form that creates a Pardot prospect with custom fields indicating trial start date, plan selected, and referral source. The prospect is added to the 'Free Trial' list and Pardot's automation rules handle the follow-up email sequence, lead scoring boosts, and sales notifications based on the plan selected.
Design a SaaS free trial sign-up page with a two-step form. Step 1: Business email address only (big input, primary CTA button). Step 2: First name, last name, password, company name, and 'How did you hear about us?' dropdown with options: Google Search, LinkedIn, Referral, Social Media, Event/Conference, Other. After step 2 submits (calling POST /api/pardot/trial-signup), redirect to an onboarding page. Show a progress indicator between steps. Include social proof badges ('Trusted by 500+ companies', security badge). Use a clean modern SaaS aesthetic with a gradient hero.
Copy this prompt to try it in V0
B2B Contact Form with Prospect Sync
A contact form on a company website that intelligently routes submissions — existing prospects are updated in Pardot with the new activity, new contacts create fresh prospect records. The form includes UTM parameter capture to attribute the lead source correctly in Pardot for campaign attribution reporting.
Build a contact form page with fields for First Name, Last Name, Business Email, Phone (optional), Company, Message textarea, and a Subject dropdown (General Inquiry, Partnership, Enterprise Sales, Support). Add hidden fields that capture UTM parameters from the URL. On submit (POST /api/pardot/contact), show a confirmation message: 'Thank you, [First Name]! We'll be in touch within one business day.' On error, show a specific error message. Include a phone number and email address as alternative contact methods in a sidebar. Use a professional layout with a clean form and trust signals.
Copy this prompt to try it in V0
Troubleshooting
Salesforce authentication returns 'invalid_grant' or 'authentication failure'
Cause: The Salesforce username, password, or security token in Vercel environment variables is incorrect, or the user's password has changed (which resets the security token and requires updating SF_SECURITY_TOKEN).
Solution: Verify the Salesforce API user's credentials by logging into login.salesforce.com with them. After any password change, the security token is automatically reset — go to the user's Salesforce settings → Reset My Security Token and update SF_SECURITY_TOKEN in Vercel. Also verify that IP restrictions in Salesforce Setup → Security → Network Access allow requests from Vercel's IP ranges.
Pardot API returns 'Business unit id is required' or 400 Bad Request
Cause: The Pardot-Business-Unit-Id header is missing from API requests, PARDOT_BUSINESS_UNIT_ID is not set in Vercel, or the Business Unit ID format is incorrect (must be the 15-character GID starting with '0Uv', not any other ID).
Solution: In Salesforce Setup → Marketing Setup → Account Engagement Business Units, find the Business Unit ID — it's the 15-character ID in the ID column, not the display name or API name. Copy it exactly and update PARDOT_BUSINESS_UNIT_ID in Vercel. The Pardot-Business-Unit-Id header is required for every Pardot API v5 request.
Prospects are created in Pardot but with blank field values
Cause: The Pardot API v5 field names may not match the expected JSON keys — Pardot API v5 uses camelCase field names like firstName, lastName, jobTitle, not the Pardot form field labels.
Solution: Check the Pardot API v5 documentation for the exact field names accepted in prospect creation. Common field names include email, firstName, lastName, company, website, jobTitle, annualRevenue, and numberOfEmployees. Custom fields use their Pardot API name (viewable in Pardot → Admin → Object and Field Configuration → Prospect Fields).
Prospect is created but not assigned to the expected Pardot list
Cause: List membership requires a separate API call after prospect creation — creating a prospect does not automatically add it to lists. List automation rules in Pardot may also have criteria that the test prospect does not match.
Solution: After creating the prospect, make a second API call to POST /api/v5/prospects/{prospectId}/listMemberships with the list ID to explicitly add the prospect to the target list. Alternatively, use Pardot's automation rules (Automation → Automation Rules) to match incoming prospects by criteria (like campaign source) and assign them to lists automatically without API calls.
Best practices
- Always deduplicate prospects by email before creating new records — Pardot automatically deduplicates by email when using the upsert behavior, but make sure your API route sends the same email format (lowercase, trimmed) consistently
- Cache the Salesforce access token in a module-level variable with expiry tracking to avoid authenticating on every form submission — Salesforce sessions last 2 hours and re-authenticating is unnecessary overhead
- Capture UTM parameters from landing page URLs and pass them as prospect fields in Pardot — proper campaign attribution is essential for B2B marketing ROI reporting
- Use a dedicated Salesforce API user account rather than a named employee's account — employee accounts can be deactivated or have passwords changed, breaking the integration
- Never expose Salesforce credentials (SF_CLIENT_SECRET, SF_PASSWORD, SF_SECURITY_TOKEN) in client-side code or V0 chat prompts — these credentials grant full Salesforce API access
- Add IP-based access controls in Salesforce for the API user to only allow connections from Vercel's IP ranges — this limits the blast radius if credentials are compromised
- Test prospect creation with unique email addresses each time during development to avoid polluting your Pardot prospect list with test duplicates — use plus-addressing (test+001@domain.com) to generate unique emails
Alternatives
Use Marketo if your organization is on Adobe Experience Cloud — Marketo's API uses a similar REST pattern to Pardot but is better suited for large enterprise content and email marketing programs outside the Salesforce ecosystem.
Choose HubSpot if you need an all-in-one marketing platform without requiring a Salesforce contract — HubSpot's API is simpler to authenticate (API key or private app token) and its free CRM handles many Pardot use cases.
Frequently asked questions
What is the difference between Pardot API v3/v4 and v5?
Pardot API v3 and v4 used Pardot-specific API key authentication that is now deprecated and scheduled for retirement. Pardot API v5 uses Salesforce OAuth 2.0 for authentication — the same mechanism used by all other Salesforce APIs. If you have existing integrations using the old Pardot API keys, you need to migrate to the v5 authentication using a Salesforce Connected App. All new integrations should use v5.
Do I need Salesforce to use Pardot?
Yes — Pardot (Marketing Cloud Account Engagement) is a Salesforce product that requires a Salesforce org. It cannot be purchased or used standalone. The API also uses Salesforce's OAuth infrastructure, so a Salesforce organization and Connected App are required for API access. If you're evaluating marketing automation without a Salesforce contract, HubSpot Marketing Hub or Mailchimp cover similar features with simpler API authentication.
How do I add a prospect to a specific Pardot list via the API?
After creating the prospect (getting back a prospect ID), make a second POST request to /api/v5/listMemberships with the prospect ID and list ID in the request body. List IDs are visible in Pardot → Marketing → Segmentation → Lists — look at the URL when viewing a list (the number at the end). Alternatively, configure Pardot automation rules to add prospects to lists based on criteria like campaign source or company size, eliminating the need for explicit list membership API calls.
What is the Pardot Business Unit ID and where do I find it?
The Pardot Business Unit ID is a 15-character Salesforce ID (starting with '0Uv') that identifies your specific Pardot instance within a Salesforce org. It's required as a header on every Pardot API v5 request. Find it in Salesforce Setup → Marketing Setup → Account Engagement Business Units — it appears in the ID column of the business units list. Organizations with only one Pardot instance have one business unit; enterprise orgs may have multiple.
How do I handle existing prospects when submitting a form for the second time?
The Pardot API v5 uses upsert behavior by default for prospect creation — if a prospect with the same email address already exists, the API updates the existing record rather than creating a duplicate. This means your form submission logic doesn't need to check for existing prospects before POSTing. The API returns the existing prospect's ID on update, which you can use to track the upsert result.
Can I use this integration for both Salesforce and Pardot data in the same app?
Yes — since both use the same Salesforce OAuth access token, you can call both Pardot API v5 endpoints (at pi.pardot.com/api/v5) and Salesforce REST API endpoints (at your-instance.salesforce.com/services/data/vXX.0) using the same token. This is useful for creating prospects in Pardot and simultaneously creating or matching Leads in Salesforce from the same form submission. RapidDev's team can help design the dual-API integration pattern for complex lead routing requirements.
Does the Pardot integration work with Vercel's serverless functions?
Yes — Pardot API calls complete in well under Vercel's serverless function timeout. The Salesforce OAuth authentication adds one extra HTTP request per cold start (token is cached afterward), which is acceptable for form submission flows. For very high-volume lead capture pages (thousands of submissions per minute), consider caching the OAuth token more aggressively and adding a rate limiter to your API route to prevent token request flooding.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation