Purpose

This article explains how the integration with Allbound and Salesforce is connected at its core, and why user authentication is required to connect the integration with these two systems.

About The Salesforce Integration User

Allbound is able to integrate with Salesforce via the Salesforce API. The Salesforce REST API requires authentication with a licensed user for security and access control purposes. The Allbound application connector uses an OAuth 2.0 flow, which is standard for REST API integrations. Here are the main reasons behind this requirement:

1. User Identity Verification: By authenticating with a licensed user, Salesforce ensures that the API requests are associated with a specific user account. This allows Salesforce to verify the identity of the user and ensure that only authorized individuals or applications can access and manipulate data.
2. Access Control and Permissions: Salesforce provides a robust and granular access control system, allowing administrators to define different levels of access and permissions for each user. By authenticating with a licensed user, the API requests inherit the permissions and access levels assigned to that user. This ensures that the API can only perform actions that the user is authorized to perform, preventing unauthorized access to sensitive data or functionality.
3. Usage Tracking and Accountability: Salesforce tracks and logs API activity for auditing and accountability purposes. By requiring authentication with a licensed user, Salesforce can associate API requests with specific user accounts, allowing administrators to monitor and trace API usage back to individual users. This helps in identifying any misuse or unauthorized access attempts and facilitates accountability for API activity.
4. Licensing and Usage Restrictions: Salesforce operates on a licensing model where users are granted specific privileges and features based on their license type. Requiring authentication with a licensed user ensures that API usage aligns with the licensing terms and restrictions. It prevents unauthorized or excessive API usage by enforcing the same licensing limitations and entitlements that apply to user interactions through the Salesforce user interface.

In summary, authentication with a licensed user in the Salesforce API ensures secure access, adherence to access control policies, accountability for API activity, and compliance with licensing terms and restrictions. It helps protect data integrity and maintain the trust and confidentiality of Salesforce instances.

Salesforce must authenticate the integration using the license of a Salesforce user. Allbound strongly recommends that you authorize the Allbound app through an integration user and not your actual Salesforce user. This is for data integrity, as well as access control and permissions to the objects and fields that Allbound needs to sync data with. 

Permission Requirements: How to dedicate a Salesforce API Only Integration User to the Allbound Integration

Salesforce Integration - API Only User License Permission Requirements