Configure a Salesforce org

This page describes how to configure a Salesforce instance for use with Datastream.

Before you begin

Before you start configuring Salesforce for use with Datastream, you need to:

  • Have access to an active Salesforce organization
  • Have knowledge of how to navigate and change settings in Salesforce
  • Have knowledge of how to create users and profiles in Salesforce

Configure a Salesforce organization for use with Datastream

To establish a connection between your Salesforce org and Datastream, you need to authenticate either by using a username and a password, or by using the OAuth 2.0 client credentials flow. To use the latter, you can create a Salesforce connected app or an external client app.

If your Salesforce org is configured to allow access from specific IP addresses, make sure that Salesforce accepts Datastream IP addresses. For information about how to manage your network access restrictions, see Network access and profile-based IP restrictions and Set trusted IP ranges for your organization in the Salesforce documentation.

Configure a user

  1. In Salesforce, either create a user, or adjust the settings for an existing user as per the instructions that follow.
  2. Create a dedicated profile and assign it to the user.
  3. If your organization has IP address restrictions configured, make sure that you add the Datastream IP addresses to the list of allowed IP addresses. For more information, see Restrict login IP addresses in profiles.
  4. Make sure that the user profile has the API Enabled permission so that the user can use both the Salesforce REST API and Bulk API 2.0.
  5. Make sure that the user profile has the permissions to read all objects and fields that you want to include in your stream. For security reasons, consider granting the user read-only permissions. For more information, see Control who sees what in the Salesforce documentation.
  6. Optional: By default, Salesforce returns encrypted fields as masked fields. If you need your user to view the actual values of encrypted fields, grant them the View Encrypted Data permission. You can grant the permission by editing the user's permission set.

Optional: Create and set up a connected app

Salesforce uses connected apps to integrate external applications with the Salesforce API, integrate service providers with your Salesforce org, or to control what data a third-party application can access from your Salesforce organization. If you prefer to use a connected app to authenticate your Salesforce instance in Datastream, perform the following steps:

  1. Create a connected app. For more information, see the Salesforce documentation.

  2. Configure your connected app for the OAuth 2.0 client credentials flow.

  3. Make sure that your connected app has the Manage user data via APIs (api) scope enabled. For more information about scopes, see OAuth tokens and scopes.

  4. Make sure that your connected app can access the Salesforce APIs with the Datastream IP addresses. For more information, see Restrict access to APIs with connected apps and Configure trusted IP ranges for a connected app.

  5. Get the consumer key and consumer secret:

    1. In Salesforce, enter App in the quick find box, and then select App Manager.
    2. Find your connected app in the list and expand the drop-down to the right of the row.
    3. Select View.
    4. In the Manage connected apps details page, click Manage consumer details.
    5. A screen opens asking you for a verification code. An email with the verification code is sent to the user to whom you assign the client credentials flow.
    6. Enter the verification code. You are then redirected to the consumer details page where you can find your key and secret. You need to provide the consumer key and secret when you create your connection profile.

What's next