Skip to main content
GroupsSalesforce Integration
Group

Salesforce Integration

Welcome to the Salesforce Integration group! This is a community for developers, architects, admins and enthusiasts to discuss integrating Salesforce with 3rd party applications and systems. Share your knowledge, ask questions, and help others unlock the power of Salesforce integrations using APIs, Events, and more!
Ask a question...
E L
May 12, 7:48 AM
Alternatives to headless login

With SOAP login() set to be depreciated,

I am starting to look for new ways to authenticate myself to Salesforce. I need this to work more or less headlessly for at least two integration developers (e.g. no web login page). 

 

What I mean by this is, for Soap Login, if there is a reset in security token, all I need to do is to update the security token once in code configuration. 

 

I looked at External Apps and I found that

  1. External App Client Credentials: This is now disabled on newer versions of External Apps (the only way to do this is to enable Connected App I think, which is basically replacing one depreciation for another depreciation). 

     

  2. External App JWT method: Would work, but this does not prevent developer A from impersonating as developer B (unless I create N number of External App), and also need to maintain certificates somewhere.   

     

  3. Refresh Tokens technically require only one human interaction each time the refresh token expires (e.g. similar to security tokens). But I can't really tell how long access tokens last and under what conditions do refresh token expire. 
2 answers
Write an answer...
0/9000
Jennifer Harris (Salesforce Solutions Architect | 12x Certified, All-Star Ranger at Self)
May 11, 2023, 2:30 AM
Salesforce API Only System Integrations profile - Too Many Permissions!?

Am I doing this correctly?

I am setting up an integration to Spiff using the new Salesforce API Only System Integration user license. 

I am trying to follow the principle of least privilege.

I wish to grant READ ONLY access to a limited number of fields on the Account. In order to grant access to Accounts, I must also assign the Salesforce API Integration permission set license, which grants View All, Modify All permissions to the Account object.

Have y'all seen all the permissions included in this PSL? By assigning it, ALL account fields are exposed to the Spiff application. Not to mention the plethora of other sys-admin level permissions that I don't want this application to have.

What's the solution here? Go back to standard full-price license type?

7 answers
Write an answer...
0/9000
Mark Budzyn (System Architect at AGCO)
Apr 27, 3:18 PM
External Client App Credential Rotation

Does anyone have any insight/best practices on managing key rotations in the new External Client Apps? Currently, it appears that one can only stage new keys via a specific API (staging new credentials is no longer available in the UI, as it was in the classic connected app). We have roughly 50 integrations across our enterprise and want to realign them to use the External Client App (Client Credentials OAuth flow) with a robust credential rotation schedule. 

 

My original thought was to have the third-party stage the credentials and then consume them based on the steps shown here: 

https://help.salesforce.com/s/articleView?id=xcloud.eca_stage_oauth_credentials.htm&type=5View

  

 

The necessary permissions to allow this require the following to be able to stage new credentials: 

External Client App Consumer Secrets in Metadata 

Create, edit, and delete External Client Apps 

View all External Client Apps, view their settings, and edit their policies 

 

Unfortunately, the actual endpoints for staging and consuming the new keys require the very broad permissions noted above, and now I'm wondering whether giving the integration the ability to rotate its own keys is a bad idea.  

 

Does anyone have any best practices/thoughts on how to handle this?

1 answer
  1. Amina Tasawar
    Apr 27, 5:48 PM

    Managing credential rotation in Salesforce External Client Apps should ideally stay centralized rather than giving third-party integrations full control, since the required permissions are quite broad and can create security risks. A better approach is to handle rotation through an internal process (like a secure backend or secrets manager), where you can stage, switch, and revoke keys safely across all integrations.

    It’s similar to how scalable apps are managed—whether it’s enterprise systems or even a well-optimized video editing app, performance and security both depend on controlled updates rather than open access. I’ve seen similar optimization concepts discussed on platforms like modwinkapk dot com, where app efficiency and smooth performance are key focus areas.
Write an answer...
0/9000
Julie Tuerk (President / Consultant at Greener Pastures Consulting)
Apr 13, 5:38 PM
API Access Control Enablement

Has anyone enabled API Access Control in an org with extensive integrations? I'd love to hear about pitfalls and things to know as we enable this. I'm aware of how it affects connected apps and how to manage those settings. I'm looking for gotchas and issues that may not be apparent from the documentation.

1 answer
  1. Manimaran Gunasekaran (Keneland)
    Apr 14, 12:36 AM

    Great question! API Access Control (part of Salesforce Shield) is powerful but can definitely cause surprises when enabled in an org with existing integrations. Here are the key gotchas to watch out for: 

     

     

     

    . Named/Connected App Policies Must Be Configured Before Enforcement 

     

    hen you enable API Access Control, you move from "all Connected Apps are implicitly trusted" to "only explicitly approved Connected Apps can use specific APIs." If any integration uses a Connected App that hasn't been updated with an API Access Policy, those API calls will start failing immediately. Audit all Connected Apps in Setup before enabling. 

     

     

     

    2. JWT Bearer Flow and OAuth 2.0 Flows Are Impacted 

     

    I Access Control enforces policies at the OAuth token level. If integrations use JWT Bearer Token flows or user credentials-based flows, ensure the applicable Connected App has "API Access Control" Policies configured. Particularly watch out for Mulesoft, middleware, and ETL tool connections. 

     

     

    3. Managed Package Integrations Can Break Silently 

     

    nstalled managed packages (AppExchange apps) often use their own Connected Apps that you may not control directly. These can break without obvious error messages. Contact each ISV to understand their Connected App requirements before enabling. 

     

     

    4. IP Restrictions Layer on Top 

    If your org has IP restrictions on Connected Apps combined with API Access Control, the combination can create double-layered blocking that's hard to debug. Test in a sandbox with production-like Connected App configurations first. 

     

     

    5. Reporting and Audit Trails 

    Enable Event Monitoring (also part of Shield) alongside API Access Control to capture LoginEvent and ApiEvent data. This gives you visibility into what's failing after cutover, and helps quickly identify which Connected Apps need policy updates. 

     

     

    6. Sandboxes Inherit API Access Control Settings Partially 

     

    en you refresh sandboxes, API Access Control settings may not fully replicate. Verify in your sandbox that the behavior matches production before using it as a test environment. 

     

     

    Recommended approach: export all your Connected Apps, map them to their integration owners, and do a phased rollout by setting API Access Control to "Warn" mode (or enabling in a sandbox) before enforcing in production. 

     

     

    --- 

     

    Mani G 

     

    Principal/Founder 

    https://Keneland.com

Write an answer...
0/9000
Phillip Hoffman (IT at TelAffects LLC) asked in #Integration
Jan 5, 2024, 12:48 PM
Need help setting up Voice Connector with RingCentral - The Subscription Failed Error

Followed all instructions in Einstein Conversation Insights Voice Connector Guide & Einstein Conversation Insights RingCentral Guide. At the end of this long list of steps to set this up, when trying to Enable RingCentral Integration in the SF Voice Connector app, I get the error "The subscription failed". I opened a ticket with Salesforce support and they said it was an issue with the named credential set up for RingCentral and they could not help me. They suggested contacting RC Support, but they said to contact Salesforce support. SF support also said to post here, so trying that now. I can't find a log anywhere that would provide more details as to what this subscription failed message actually means. SF support said RC is returning that error, RC support says SF is returning that error. The RC app I created is in the sandbox is not showing any activity. The setup docs I refer to are linked below.

 

https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/eci_connector_guide.pdf

https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/eci_ringcentral_guide.pdf

 

Hoping for some help here, please.

 

@Salesforce Integration 

RingCentralVoiceConnectorActivationError.png
15 answers
  1. Brandon McLarty (Pension Fund of Christian Church)
    Apr 10, 3:57 PM

     In Setup, go to Sites, click Voice Connector Site to see details, click Public Access Settings, click Assigned Users, click Site Guest User, VoiceConnector, then add the permission sets  

      

    Conversation Insights Integration User  

    Voice Connector Permission  

     

    this was themissing peice for our setup, but may not resolve your issue if there are other outstanding data cloud / permision / creditial / auth / user issues. 

     

    this use is in addition to the the voice intergration user found under User settings.

Write an answer...
0/9000
Piero Calcagno (Principal Solution Engineer at Salesforce)
Apr 12, 2021, 11:42 AM

Use Genesys Cloud for Salesforce adapter to handle interaction across all channel without using SF Omni-channel. Pls HELP!

 

Hi Everybody,

 

I working on the integration between Genesys Pure Cloud and Salesforce. The challenges we are facing are related to the fact that the client's contact centre currently handles all channels via Genesys. In particular, they leverage workforce management, quality assurance and real-time monitoring capabilities provided by Genesys Cloud across all channels.

 

Normally, the right solution to apply would have been when SF comes into play:

  1. Use the adapter to handle voice interactions
  2. Use SF omnichannel capabilities to handle text-based interactions (chat, email, WhatsApp, SMS, etc...)
  3. The adapter would guarantee the synchronization of the agent status between GC and SF

Unluckily, the option described above won't allow us to preserve WFM, QA and RT monitoring for all the channels that will not pass through Genesys (see point 2). 

 

This was a digest of the story that is bringing me to consider an option where

  1. All interactions will flow through Genesys as it happens today for the client
  2. The adapter will basically handle the UI integration between the two systems
  3. No omnichannel capabilities in place

My questions are:

  • Does anyone have experience with such a similar scenario?
  • How is the CSR experience with text-based interactions (e.g. with a chat)? The chat should be handled in a Genesys frame. Correct? Is this frame integrated into the console? Or will it be promoted as a separate screen?

I don't have the chance to test this scenario and I didn't receive any useful advice from Genesys. 

 

Thanks in advance for your support!

 

Regards,

 

Piero

1 comment
  1. Maxwell Lord (DGT27)
    Mar 9, 6:48 AM

    Hi Piero,

    Yes, this scenario is fairly common. When a contact center relies on Genesys for WFM, QA, and real-time monitoring, the recommended approach is to keep Genesys as the single interaction routing layer and use the Genesys Cloud for Salesforce adapter only for UI and CRM integration.

    In this architecture, all channels (voice, chat, email, messaging) continue to flow through Genesys. Salesforce Service Console becomes the agent workspace, while the Genesys interaction panel is embedded inside Salesforce for handling conversations. Screen pops, case creation, and activity logging can still occur in Salesforce without using Omni-Channel.

    This preserves centralized reporting and workforce management in Genesys.

    If you need implementation guidance, a Salesforce Genesys Cloud integration consultant at dgt27 can help review the architecture, validate routing design, and ensure the Salesforce and Genesys environments remain aligned without disrupting existing contact center operations.

Write a comment...
0/9000
Mithilesh Singh (MSc in Cloud Computing at Cloud SFDC)
Mar 3, 2:34 PM

🛠️ Sharing a tool I built after spending hours debugging a Salesforce network issue — hope it helps someone here! 

 

**The Problem** 

Our Java application was failing to trigger auto-scaling during peak load (95% utilization). The code looked perfect on both the Java and Salesforce integration side. We were stuck. 

 

After capturing network packets and spending hours in Wireshark, we finally found it — a mutual TLS (mTLS) handshake failure. Salesforce was resetting the connection because the Java app was presenting an invalid client certificate. The fix was straightforward once we knew the root cause, but finding it was painful. 

 

**The Tool** 

I built PCAP Analyser — it takes your .pcap / .pcapng / .har capture files and gives you a plain-English breakdown: 

- What happened 

- Likely root cause 

- Confidence level 

- Recommended fix with Salesforce documentation links 

 

No Wireshark expertise required. Designed specifically with Salesforce Admins and integration teams in mind. 

 

🔗

cloudssfdc.com

— free tier available, no credit card needed. 

 

Would love feedback from the community, especially if you've dealt with mTLS, OAuth, or API timeout issues. Happy to answer questions! 🙌

Screenshot 2026-03-03 at 1.38.00 AM.png
Screenshot 2026-03-03 at 1.41.04 AM.png
Screenshot 2026-03-03 at 1.41.23 AM.png
Screenshot 2026-03-03 at 1.41.57 AM.png
Screenshot 2026-03-03 at 1.35.42 AM.png
Screenshot 2026-03-03 at 1.38.00 AM.png
Screenshot 2026-03-03 at 1.39.42 AM.png
Screenshot 2026-03-03 at 1.41.04 AM.png
Screenshot 2026-03-03 at 1.41.23 AM.png
Screenshot 2026-03-03 at 1.41.57 AM.png
Write a comment...
0/9000
Mary Grace Donaldson (Development Manager at The Land Trust for Tennessee)
Jan 20, 10:28 PM
NPC Salesforce Integrations with Mailchimp

My organization is in Nonprofit Cloud (Agentforce Nonprofit). We recently started using Mailchimp for our email platform and are wanting to integrate it with our Salesforce org. Does anyone have any recommendations or cautionary tales about any of these integrations, or suggestions for others? I am somewhat distrusting of ratings on the AppExchange.

  • Mailchimp for Salesforce by Beaufort12 (this is the Mailchimp recommended
  • ChimpConnect
  • SyncApps by Cazoomi (likely too pricey for us)

Considerations: we're a nonprofit with a limited budget, but we are willing to invest in a good integration that will support our nonprofit long-term.

2 answers
Write an answer...
0/9000
vpriya kk (Salesforce Developer at ABC)
Oct 6, 2025, 3:22 PM
Service Now integration with Salesforce

I am trying to integrate between Servicenow and Salesforce ( information need to pass bi directionally). Any help

4 answers
  1. Kerry Miller (Achieva.ai)
    Dec 22, 2025, 2:47 PM

    If you’re looking to enable bi-directional integration between ServiceNow and Salesforce, the right approach can significantly improve service efficiency and customer experience.

    A well-designed ServiceNow–Salesforce integration allows real-time data synchronization between IT service management and CRM platforms. This ensures cases, incidents, tasks, and customer updates flow seamlessly across both systems—eliminating manual work and data silos.

    With a robust Salesforce ServiceNow integration, organizations can:

    • Sync cases and incidents bi-directionally
    • Maintain a unified view of customers and service tickets
    • Automate workflows across IT and customer support teams
    • Improve response times and operational visibility

    Using APIs, middleware, or a proven integration solution, businesses can securely scale their ServiceNow integration with Salesforce to support growing service demands.

    If your goal is faster resolution, better collaboration, and smarter service operations, investing in a reliable Salesforce–ServiceNow integration is the way forward. 

Write an answer...
0/9000
Katie Kourtakis
Dec 12, 2025, 5:17 PM
Cloned Minimum Access - API Only Integration Profile

Hello, I have a question about the standard Minimum Access - API Only Integration profile. From my research, it appears to have been created to replace the Salesforce API Only System Integration profile that had the ability to assign CRUD permissions on custom objects on the profile level. This new profile does not allow for assigning such permissions on the profile level. We want to start using this profile but have questions around it's practicality. As with other standard profiles, we always clone them and create a new custom profile. When I clone the Minimum Access - API Only Integration profile, the restrictions on assigning CRUD on custom objects is lifted. This appears to defeat the purpose of using the Minimum Access - API Only Integration profile over the older, Salesforce API Only System Integration profile. Based on further research, Salesforce has a blog stating the best practice for integration users is to have a custom profile created for each one. Are people following this practice or only using the standard Minimum Access - API Only Integration profile? Why are the system permissions restricted on the profile after cloning but the restriction on assigning CRUD to custom objects not?

3 answers
  1. Katie Kourtakis
    Dec 15, 2025, 8:05 PM

    @Oleg Mastriukov I am planning on using perm sets for assigning permissions regardless of profile. My question is more around the standard Salesforce profile and how it was designed to be used.

Write an answer...
0/9000