Salesforce Connector and Datasource Configuration

Salesforce REST API to extract data from a Salesforce repository via a Salesforce Connected App.

This service has an authentication procedure and API usage limits.

You need to have the Consumer Key and Consumer Secret of the Salesforce Connected App, which must be created by a Salesforce administrator for the account. Instructions on how to do this follow the datasource configuration details.

Salesforce Authentication

In addition to a user password, Salesforce authentication requires a security token automatically generated by Salesforce. To begin, obtain the security token by following Reset Your Security Token in Salesforce’s online help.

Once you have obtained the security token, append it to the end of the value found in the Salesforce password property. For example, if your password is PasswordABC, and your security token is 0123456789, the value of the Salesforce password property should be PasswordABC0123456789.

You must request a new Salesforce security token if the user password is changed. If this happens, alter the value of the Salesforce password property to match the new password and security token.

Security Trimming

When you enable security trimming for a Salesforce connector, the system uses the Fusion username and tries finding the identical ID in Salesforce. If it finds this ID, then it uses the permissions given to that ID in Salesforce and applies a filter to the search query. If the ID is not found then it applies a filter to block all documents from being shown.

The security trimming feature assumes that the Fusion username is the same as Salesforce alias. When retrieving data from Salesforce, the connector retrieves the user Id based on the Fusion username (Salesforce alias) via the query:

     Select Id from User WHERE alias={username}

If it isn’t found, then the connector will create a security filter to deny access to all documents.

If you are logged into the Fusion UI or send a request to the REST API with username "admin", the Salesforce connector uses that as the value of property "salesforce_username". Therefore, in Fusion, you must have accounts which reflect the Salesforce accounts.

Creating a Salesforce Connected App

Before creating the datasource, a Salesforce administrator for the account must create a Salesforce Connected App in Salesforce:

  • Go to Setup > Create > Apps and in the Connected Apps section and click the new button

  • Add values to the following properties:

    • Connected App Name

    • API Name

    • Contact Email

    • Check the property Enable OAuth Settings

  • More properties should be displayed:

    • Callback URL: You can use a dumb HTTPS URL e.g.

    • Selected OAuth Scopes: Select Full Access(full) scope

  • Save the new Connected App

  • After this step a message will be displayed, click the continue button.

  • In the section API (Enable OAuth Settings) the consumer key and consumer secret should be displayed, which will be used on the datasource

For the Salesforce credentials the user must be a System Administrator or one with no restrictions (able to access all the objects and fields)


When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.