Skip to main content

AppLink Architecture Overview

Learning Objectives

After completing this unit, you’ll be able to:

  • Understand the technical components of the Heroku AppLink architecture.
  • Explain how data flows through the SDK layers.
  • Identify the key integration points between Heroku and Salesforce.

Extending Salesforce with Heroku’s Power

AppLink transforms how Heroku applications integrate with Salesforce by allowing your Heroku apps to be published into multiple Salesforce orgs simultaneously. Once published, Salesforce tools like Apex, Flow, and Agentforce can be seamlessly extended with the full computational power and flexibility of Heroku.

The power of AppLink lies in enabling code you deploy to Heroku to connect seamlessly and securely to your Salesforce data—automatically inheriting user permissions, respecting field-level security, and maintaining organizational context. The key to this seamless integration is the AppLink SDK, which handles all the complex authentication, context management, and data operations behind the scenes.

The Heroku AppLink architecture consists of several key layers that work seamlessly together.

The Heroku AppLink architecture, showing the bidirectional integration between Heroku applications and Salesforce Platform through the SDK and add-on layers.

This architecture demonstrates how AppLink creates a seamless bridge between your Heroku application and the Salesforce ecosystem, handling all the complexity of authentication, context management, and API operations automatically.

AppLink Add-on Layer

  • Automatic provisioning of connectivity between Heroku and Salesforce
  • Security token management and user permission enforcement
  • Service discovery for making Heroku apps discoverable within Salesforce and API Catalog

SDK Integration Layer

The AppLink SDK provides three main components.

Context API

  • Provides unified access to Salesforce and Data Cloud data
  • Handles authentication and authorization automatically
  • Manages connection pooling and error handling

Request Processing Engine

  • Parses incoming requests from Salesforce (Flows, Apex, Agentforce)
  • Routes requests to appropriate business logic
  • Transforms responses back to Salesforce-compatible formats

Data Operation Libraries

  • SOQL Query Engine: Execute complex queries against Salesforce data
  • DML Operations: Create, update, delete records with bulk support
  • Data Cloud Integration: Real-time data access and manipulation
  • Bulk API Support: Handle large-scale data operations efficiently

Interaction Modes

The architecture supports two distinct integration modes for extending Salesforce processes, plus autonomous application scenarios:

User Mode

User Mode provides the most secure integration approach by inheriting the exact permissions and context of the Salesforce user who triggers the operation. This ensures that your Heroku application respects all organizational security policies and data access controls.

Additionally, User Mode supports elevated permissions* that will be granted exclusively during code execution by AppLink. This allows the Heroku application to perform operations that the triggering user cannot normally perform. Admins can review these additional permissions easily through Permission Sets.

Aspect

Details

Architecture

Salesforce User → Flow/Apex/Agentforce → AppLink → Heroku App

Security

Full Salesforce user permissions enforcement with optional admin-approved elevated permissions

Data Access

Same permissions as the calling user, plus securely elevated permissions when configured

Elevated Permissions

Admin-approved additional permissions granted only during code execution for specific operations

Use Case

Interactive operations triggered by users within Salesforce, including operations requiring elevated access

Setup Commands

heroku salesforce:connect - Connect to a Salesforce org

heroku salesforce:publish - Publish the app into the org for Flow, Apex, and Agentforce access

Example

A Flow calling Heroku to validate customer data during record creation, or an Agentforce action that updates restricted fields with admin-approved elevated permissions

Named User Mode

Named User Mode enables system-level operations with consistent, predictable permissions by using a specific designated user's context. This approach is ideal for automated processes that require stable permission sets and don't depend on the triggering user's access level.

Aspect

Details

Architecture

System Process → AppLink (Named User Context) → Heroku App

Security

Specific named user's permissions and context

Data Access

Consistent permissions based on designated user account

Use Case

System-level operations that need predictable permissions

Setup Commands

heroku salesforce:authorizations:add - Connect named users to the Heroku application

Application logic requests connections via AppLink API as needed

Example

Batch processing or scheduled operations with known permission requirements

Extend Existing Heroku Applications

Beyond extending Salesforce processes, AppLink also enables existing Heroku applications (mobile apps, web portals, APIs) to gain secure access to both Salesforce CRM data and Data Cloud insights:

Direct API Access

For applications requiring real-time data access and immediate responsiveness, AppLink provides direct connectivity to both Salesforce CRM and Data Cloud APIs with managed security and authentication. This approach enables dynamic, real-time interactions between your consumer applications and Salesforce data.

Aspect

Details

Architecture

Heroku app → AppLink → Salesforce APIs + Data Cloud APIs

CRM Data Access

Real-time customer records, accounts, and business data

Data Cloud Integration

Inbound: Capture website engagement activity and send insights to Data Cloud

Outbound: Retrieve Data Cloud insights to dynamically drive website content

Setup Commands

heroku datacloud:connect - Connect to Data Cloud

heroku datacloud:data-action-target:create - Enable Data Cloud to invoke Heroku logic

heroku datacloud:disconnect - Disconnect from Data Cloud

Security

Managed connections with controlled access scope

Example

E-commerce site tracking user behavior in Data Cloud while displaying personalized content based on CRM preferences

Scaled Data Access with Heroku Connect

When consumer applications face large peak load events like Cyber Monday in retail scenarios, Heroku Connect provides a scalable architecture by synchronizing Salesforce data to Heroku Postgres for high-performance reads and writes. This approach combines the scale of Postgres with near real-time Salesforce data synchronization.

Aspect

Details

Architecture

Heroku app → Heroku Postgres ← Heroku Connect ← Salesforce CRM

Use Case

High-volume consumer applications requiring significant scale for CRM data

Benefits

Near real-time sync with Salesforce CRM data

Postgres scalability for high-concurrent read and write operations

Reduced API limits impact on core Salesforce operations

Combined Approach

Use Heroku Connect for scaled CRM data access while using AppLink for real-time Data Cloud interactions

Example

Customer portal serving thousands of concurrent users accessing account data via Postgres, while capturing real-time engagement in Data Cloud

Discovery, Security, and Architecture

AppLink provides a comprehensive foundation that combines intelligent service discovery, enterprise-grade security, and performance optimization to deliver a robust integration platform between Heroku and Salesforce.

  • Service Discovery: Services automatically register when published and appear in Salesforce API Catalog with real-time availability monitoring and permission-based visibility. This provides unified API discovery across Salesforce, Heroku, and MuleSoft platforms.
  • Security Architecture: Automated OAuth 2.0 flows preserve user context while enforcing all Salesforce security models including field-level security and sharing rules. Network communications are secured with TLS encryption and restricted access controls.
  • Performance Optimization: Automatic token management, Unit of Work Pattern for API optimization, and horizontal scaling with load balancing ensure high-performance operations. Pattern-based optimization uses batch processing and real-time eventing for maximum efficiency.

Architecture Benefits

This sophisticated architecture delivers several key benefits.

  • Developer Productivity: Abstracted complexity allows developers to focus on business logic rather than integration details, with consistent APIs that work across all Salesforce touchpoints and rich SDK libraries providing prebuilt functionality for common operations.
  • Enterprise Security: Inherited permissions ensure the Salesforce security model is automatically enforced, with audit compliance through full logging and tracking of all operations, and data governance that respects all Salesforce data policies.
  • Performance and Scale: Optimized data access with intelligent query optimization, elastic compute that scales up during peak loads and down during quiet periods, and efficient resource usage through connection pooling and smart batching.
  • Operational Excellence: Your code deployed to Heroku benefits from built-in monitoring with health checks and performance metrics, error handling with graceful degradation and automatic recovery, and deployment automation enabling seamless updates without downtime.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback