Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Salesforce

The Salesforce integration utilizes The DataGrail AppExchange App and this documentation describes the technical capabilities of this integration, including authorization, scopes/permissions, and utilized endpoints. For more information on how to integrate Salesforce, visit our connection instructions.

Version

This integration utilizes the Salesforce Salesforce REST API v38.0.

Base URL

The base URL used for all Salesforce API endpoints contains the Salesforce data center:
https://data_center.salesforce.com

Authentication & Authorization

The DataGrail Salesforce integration connects using OAuth 2.0.

User Roles

By default, DataGrail requires a Salesforce user with admin credentials to install the app. Non-administrator users must have the following permissions in their profile:

  • API Enabled
  • Customize Application
  • Manage Package Licenses
  • View All Data
Field Level Permissions

Salesforce allows setting permissions at field level for both visibility and accessibility. Fields without read permissions will not be included in the queries from DataGrail.

Scopes

The Salesforce integration requires specific scopes that must be granted in order to function for a given capability.

ScopeBaseAccessDeletionData DiscoverySystem Detection
refresh_token
api (read)
api (write)
Base Scopes
All base scopes must be granted in order to connect the integration with DataGrail. The remaining scopes are only required if enabling those capabilities

Limits

Limits in Salesforce are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket.

  • DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
  • DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Capabilities

Access

DataGrail's Salesforce integration provides Synchronous Access capabilities for the following supported identifier category: Email.

Data Interactions

For Access requests, DataGrail will take the following actions:

  1. Extract the following default objects from Salesforce.
  2. Custom fields unique to the organization may also be returned as part of the default objects or other custom objects, if they may potentially include PII.
  3. Other custom objects may also be returned if they are linked to Contact, Lead, or User objects.
Case
  • attributes_type
  • attributes_url
  • AccountName
  • CaseNumber
  • ContactEmail
  • ContactFax
  • ContactId
  • ContactMobile
  • ContactPhone
  • CreatedById
  • CreatedDate
  • Description
  • IsClosed
  • IsDeleted
  • IsEscalated
  • Id
  • LastModifiedDate
  • LastReferencedDate
  • LastViewedDate
  • Origin
  • Priority
  • Reason
  • Status
  • Subject
  • SuppliedName
  • SuppliedEmail
  • SuppliedPhone
  • SuppliedCompany
  • Type
Contact
  • attributes_type
  • attributes_url
  • AccountName
  • Birthdate
  • CleanStatus
  • CreatedById
  • CreatedDate
  • Department
  • Description
  • Email
  • Fax
  • FirstName
  • HomePhone
  • Id
  • IsDeleted
  • IsEmailBounced
  • Languages__c
  • LastActivityDate
  • LastModifiedDate
  • LastName
  • LastReferencedDate
  • LastViewedDate
  • MailingAddress
  • MailingCountry
  • MailingPostalCode
  • MobilePhone
  • Name
  • OtherAddress
  • OtherCountry
  • OtherPostalCode
  • Other Phone
  • OwnerId
  • Phone
  • Title
  • Salutation
Lead
  • attributes_type
  • attributes_url
  • Address
  • AnnualRevenue
  • CleanStatus
  • Company
  • CreatedById
  • CreatedDate
  • Description
  • Email
  • Fax
  • FirstName
  • Id
  • Industry
  • IsConverted
  • IsDeleted
  • LastActivityDate
  • LastModifiedDate
  • LastName
  • LastReferencedDate
  • LastViewedDate
  • MobilePhone
  • Name
  • OwnerId
  • Phone
  • Status
  • Title
  • Website
Opportunity
  • attributes_type
  • attributes_url
  • AccountName
  • ClosedDate
  • CreatedById
  • CreatedDate
  • CurrentGenerators
  • Description
  • Fiscal
  • FiscalQuarter
  • FiscalYear
  • ForecastCategory
  • HasOpportunity
  • HasOverdueTask
  • Id
  • IsDeleted
  • IsClosed
  • IsPrivate
  • IsWon
  • LastModifiedDate
  • LastReferencedDate
  • LastViewedDate
  • LeadSource
  • Name
  • Probability
  • StageName
  • Type
Task
  • attributes_type
  • attributes_url
  • ActivityDate
  • CreatedById
  • CreatedDate
  • Description
  • IsArchived
  • IsClosed
  • IsHighPriority
  • IsRecurrence
  • LastModifiedDate
  • Priority
  • RecordTypeId
  • Status
  • Subject
  • TaskSubtype
User
  • attributes_type
  • attributes_url
  • Address
  • Alias
  • CommunityNickname
  • CreatedById
  • CreatedDate
  • Description
  • Email
  • EmailPreferences
  • Fax
  • FirstName
  • Id
  • IsActive
  • IsDeleted
  • LanguageLocale
  • LastLoginDate
  • LastModifiedDate
  • LastName
  • LastReferencedDate
  • LastViewedDate
  • MobilePhone
  • Name
  • Phone
  • PhotoUrl
  • ProfileId
  • TimeZone
  • Title
  • Username
  • UserPermissions
  • UserRole
  • UserType

Endpoints Utilized


Deletion

DataGrail's Salesforce integration provides Synchronous Deletion capabilities for the following supported identifier category: Email.

Data Interactions

For Deletion requests, DataGrail will take the following actions:

  1. Search for Contacts and Leads containing the data subject email. Deletion of Users is not currently supported.
  2. Surface Cases, Opportunities, Tasks, and other custom objects related to the primary records.
  3. Delete all selected objects.
Anonymization

By request, Salesforce deletion can be switched to the anonymization mode. In this mode, DataGrail will not delete any objects, but update them with anonymized values, using pre-configured customer anonymization rules.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/services/data/v38.0/queryQuery objects for data subject PII
GET/services/data/v38.0/sobjectsExtract PII fields from relevant objects
PATCH/services/data/v38.0/sobjects2Anonymize PII fields
DEL/services/data/v38.0/sobjects3Delete objects containing PII

System Detection

DataGrail provides continuous system detection, delivering a real-time inventory of your data assets.

Data Interactions

DataGrail's System Detection process runs once daily and performs the following actions:

  1. Read the following fields from ConnectedApplications: Name, CreatedDate
  2. Read the following fields from CustomObjects: DeveloperName, CreatedDate, Description
  3. Read the following fields from PackageLicenses: NamespacePrefix, CreatedDate
  4. Read the following fields from ApexClasses: Name, NamespacePrefix, Status, CreatedDate

Endpoints Utilized


Data Discovery

DataGrail's Salesforce integration provides data discovery capabilities based on the principle of finding any and all personal data that's stored in a data system.

Data Interactions

DataGrail currently supports Data Discovery on all of the accessible, queryable objects in the Salesforce instance.

  1. Count number of all records for each of supported objects.
  2. Fetch records examples for each of the supported objects.
  3. Sample data for the next analysis and classification.
Queryable Objects

Queryable Objects is a term used to describe a feature of Salesforce objects that allows for data to be retrieved through the Salesforce API. Although the majority of standard and custom objects in Salesforce are queryable by default, there are certain exceptions due to security considerations.

Endpoints Utilized


 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.