Salesforce REST

Salesforce is a cloud-based platform that helps businesses manage customer relationships, sales, and services. It supports integration with various tools and offers customization to fit different business needs.

Below you can find the Aembit configuration required to work with the Salesforce service as a Server Workload using the Salesforce REST API.

Prerequisites

Before proceeding with the configuration, ensure you have the following:

• Salesforce account.
• A connected app on Salesforce. If you have not set up an app yet, follow the steps in the next section.

Salesforce App Configuration

1. Log in to your Salesforce account.

2. In the upper-right corner of any page, click the cog icon and then click Setup.

3. In the search box at the top of the Setup page, type App Manager and select it from the search results.

4. Click the New Connected App button in the top-right corner of the page.

5. Configure the app based on your preferences. Below are key choices:
   • Provide a name for your connected app. The API Name will be auto-generated based on the app name, but you can edit it if needed. Enter a valid email address in the Contact Email field. The other fields under the Basic Information section are optional.
   • Check the Enable OAuth Settings box.
   • Enter a placeholder URL such as https://aembit.io in the Callback URL field to pass the required check. (This field will not be used for the Client Credentials Flow.)
   • Select the necessary OAuth Scopes for your application based on your needs.
   • Uncheck the Proof Key for Code Exchange, Require Secret for Web Server Flow, and Require Secret for Refresh Token Flow boxes.
   • Check the Enable Client Credentials Flow box. When the pop-up window appears, click OK to proceed.
   • Scroll down and click Save.
   • Click Continue to complete the app creation process.

Note

Salesforce requires an execution user to be designated, allowing the platform to generate access tokens for the chosen user.

6. On the Connected App Detail page of your newly created app, click the Manage button, and then click Edit Policies.

7. In the Client Credentials Flow section, click the magnifying glass icon next to the Run As field.

8. Select the user you want to designate from the pop-up window and click Save.

For detailed information on the OAuth 2.0 Client Credentials Flow on Salesforce, please refer to the official Salesforce documentation.

Server Workload Configuration

To retrieve connection information in Salesforce:

• Click on your profile photo in the upper-right corner of any page. The endpoint appears in the dropdown menu under your username; copy the endpoint.

1. Create a new Server Workload.

• Name - Choose a user-friendly name.

2. Configure the service endpoint:

• Host - <domain>.my.salesforce.com (Provide the endpoint copied from Salesforce)
• Application Protocol - HTTP
• Port - 443
• Forward to Port - 443 with TLS
• Authentication method - HTTP Authentication
• Authentication scheme - Bearer

Credential Provider Configuration

1. Log in to your Salesforce account.

2. In the upper-right corner of any page, click the cog icon and then click Setup.

3. In the search box at the top of the Setup page, type App Manager and select it from the search results to view your newly created app.

4. Scroll down the list, find your app, click the icon at the end of the row, and select View from the dropdown menu.

5. Click the Manage Consumer Details button. Salesforce will ask you to verify your identity.

6. After verifying your identity, on the opened page, copy both the Consumer Key and Consumer Secret, and store these details securely for later use in the tenant configuration.

7. Create a new Credential Provider.

• Name - Choose a user-friendly name.
• Credential Type - OAuth 2.0 Client Credentials
• Token endpoint - https://<domain>.my.salesforce.com/services/oauth2/token
• Client ID - Provide the Consumer Key copied from Salesforce.
• Client Secret - Provide the Consumer Secret copied from Salesforce.
• Scopes - You can leave this field empty, as Salesforce will default to your selected scopes for the app.
• Credential Style - Authorization Header

Client Workload Configuration

Aembit now handles the credentials required to access the Server Workload, eliminating the need for you to manage them directly. You can safely remove any previously used credentials from the Client Workload.

If you access the Server Workload through an SDK or library, it is possible that the SDK/library may still require credentials to be present for initialization purposes. In this scenario, you can provide placeholder credentials. Aembit will overwrite these placeholder credentials with the appropriate ones during the access process.

Access Policy

• Create an Access Policy for a Client Workload to access the Salesforce Server Workload. Assign the newly created Credential Provider to this Access Policy.