Salesforce

Available when using an authoring Data Collector version 3.19.0 or later.

To create a Salesforce connection, the Salesforce stage library, streamsets-datacollector-salesforce-lib, must be installed on the selected authoring Data Collector.

For a description of the Salesforce connection properties, see Salesforce Connection Properties.

After you create a Salesforce connection, you can use the connection in the following stages:
Engine Stages

Data Collector 5.0.0 or later
  • Salesforce Bulk API 2.0 origin
  • Salesforce Bulk API 2.0 Lookup processor
  • Salesforce Bulk API 2.0 destination

Data Collector 3.19.0 or later
  • Salesforce origin
  • Salesforce Lookup processor
  • Salesforce destination
  • Tableau CRM destination

Authentication Types

You can configure Salesforce connections to connect to Salesforce using the following authentication types:
Basic Authentication
You can specify a user name and password to use for basic authentication with Salesforce.

When enabled in Salesforce, you can also use mutual authentication to connect.

Connected App with OAuth
You can configure a Salesforce stage or connection to connect to Salesforce using OAuth 2.0. The stage or connection then uses an OAuth-enabled Salesforce connected app and the Salesforce implementation of JWT Bearer Flow to enable machine-to-machine OAuth.
To use this authentication method, you must complete several prerequisite tasks. Then in the stage or connection, you specify a user name, consumer key, and private key.
Note: Using the Connected App with OAuth is supported in Data Collector 3.22.0 or later.

When enabled in Salesforce, you can also use mutual authentication to connect.

Changing the API Version

By default, a Salesforce connection uses version 57.0.0 of the Salesforce Web Services Connector libraries. You can use a different Salesforce API version if you need to access functionality not present in version 57.0.0.
Important: You must complete these steps on all registered Data Collectors that access the connection. For example, you must download the Salesforce JAR files on the authoring Data Collector so that you can test the connection or preview a pipeline that uses the connection. Similarly, you must download the JAR files on the execution Data Collector so that you can run a pipeline that uses the connection.
  1. On the Salesforce tab, set the API Version property to the version that you want to use.
  2. Download the relevant version of the following JAR files from Salesforce Web Services Connector (WSC):

    • WSC JAR file - force-wsc-<version>.0.0.jar

    • Partner API JAR file - force-partner-api-<version>.0.0.jar

    Where <version> is the API version number.

    For information about downloading libraries from Salesforce WSC, see the Salesforce Developer documentation.

  3. In the following Data Collector directory, replace the default force-wsc-57.0.0.jar and force-partner-api-57.0.0.jar files with the versioned JAR files that you downloaded: 
    $SDC_DIST/streamsets-libs/streamsets-datacollector-salesforce-lib/lib/
  4. Restart Data Collector for the changes to take effect.

Salesforce Connection Properties

When creating a Salesforce connection, configure the following properties on the Salesforce tab:
Salesforce Property Description
Auth Endpoint Salesforce SOAP API authentication endpoint. For example, you might enter one of the following common values:
  • login.salesforce.com - Use to connect to a Production or Developer Edition organization.
  • test.salesforce.com - Use to connect to a sandbox organization.

Default is login.salesforce.com.
API Version Salesforce API version used to connect to Salesforce.

Default is 57.0.0. If you change the version, you also must download the relevant JAR files from Salesforce Web Services Connector (WSC).
Authentication Type Authentication type to use to connect to Salesforce:
  • Basic Authentication - Specify a user name and password.
  • Connected App with OAuth - Use an OAuth 2.0-enabled connected app to enable machine-to-machine OAuth with JWT Bearer Flow.
Username Salesforce username in the following email format: <text>@<text>.com.

When using Connected App with OAuth authentication, the user must be authorized to use the app.
Password

Salesforce password.

If the Data Collector machine is outside the trusted IP range configured in your Salesforce environment, you must use a security token along with the password. Use Salesforce to generate a security token and then set this property to the password followed by the security token.

For example, if the password is abcd and the security token is 1234, then set this property to abcd1234. For more information on generating a security token, see Reset Your Security Token.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Consumer Key Consumer key from the connected app.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Available when using Connected App with OAuth authentication.
Private Key Private key from the public key certificate that you used with the connected app.

Ensure that the key is formatted correctly, with no spaces or extra line breaks.

Tip: To secure sensitive information, you can use credential stores or runtime resources.
Available when using Connected App with OAuth authentication.
Subscribe Timeout Maximum time to allow for subscribing to a Salesforce channel, in seconds.

Not used by Salesforce Bulk API 2.0 stages.
Connection Handshake Timeout Maximum time to wait for a Salesforce connection handshake, in seconds.

Not used by Salesforce Bulk API 2.0 stages.

Optionally, configure the following properties on the Advanced tab.

The defaults for these properties should work in most cases:
Advanced Property Description
Use Proxy Specifies whether to use an HTTP proxy to connect to Salesforce.
Proxy Hostname Proxy host.
Proxy Port Proxy port.
Proxy Requires Credentials Specifies whether the proxy requires a user name and password.
Proxy Realm Authentication realm for the proxy server.
Proxy Username User name for proxy credentials.
Proxy Password Password for proxy credentials.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Use Mutual Authentication

When enabled in Salesforce, you can use SSL/TLS mutual authentication to connect to Salesforce.

Mutual authentication is not enabled in Salesforce by default. To enable mutual authentication, contact Salesforce.

Before enabling mutual authentication, you must store a mutual authentication certificate in the Data Collector resources directory. For more information, see Keystore and Truststore Configuration.
Use Remote Keystore Enables loading the contents of the keystore from a remote credential store or from values entered in the stage properties.
Private Key Private key used in the remote keystore. Enter a credential function that returns the key or enter the contents of the key. For more information, see credential functions.
Certificate Chain Each PEM certificate used in the remote keystore. Enter a credential function that returns the certificate or enter the contents of the certificate.

Using simple or bulk edit mode, click the Add icon to add additional certificates.
Keystore File Path to the local keystore file. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory:

${runtime:resourcesDirPath()}/keystore.jks

Important: The file must exist in the same location on all execution engines that access the connection.

By default, no keystore is used.

Keystore Type Type of keystore to use. Use one of the following types:
  • Java Keystore File (JKS)
  • PKCS #12 (p12 file)

Default is Java Keystore File (JKS).

Keystore Password Password to the keystore file. A password is optional, but recommended.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Keystore Key Algorithm Algorithm to manage the keystore.

Default is SunX509.