Salesforce
Version
This integration utilizes the Salesforce Salesforce REST API v38.0.
Base URL
The base URL used for all Salesforce API endpoints contains the Salesforce data center:https://data_center.salesforce.com
Authentication & Authorization
The DataGrail Salesforce integration connects using OAuth 2.0.
User Roles
By default, DataGrail requires a Salesforce user with admin credentials to install the app. Non-administrator users must have the following permissions in their profile:
- API Enabled
- Customize Application
- Manage Package Licenses
- View All Data
Salesforce allows setting permissions at field level for both visibility and accessibility. Fields without read permissions will not be included in the queries from DataGrail.
Scopes
The Salesforce integration requires specific scopes that must be granted in order to function for a given capability.
Scope | Base | Access | Deletion | Data Discovery | System Detection |
---|---|---|---|---|---|
refresh_token | ✅ | ||||
api (read) | ✅ | ✅ | ✅ | ||
api (write) | ✅ |
Limits
Limits in Salesforce are calculated using the leaky
bucket algorithm. All requests that are made after rate limits have been
exceeded are throttled and an HTTP 429 Too Many Requests
error is returned.
Requests succeed again after enough requests have emptied out of the bucket.
- DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
- DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Capabilities
Access
DataGrail's Salesforce integration provides Synchronous Access capabilities for the following supported identifier category: Email.Data Interactions
For Access requests, DataGrail will take the following actions:
- Extract the following default objects from Salesforce.
- Custom fields unique to the organization may also be returned as part of the default objects or other custom objects, if they may potentially include PII.
- Other custom objects may also be returned if they are linked to Contact, Lead, or User objects.
Case
- attributes_type
- attributes_url
- AccountName
- CaseNumber
- ContactEmail
- ContactFax
- ContactId
- ContactMobile
- ContactPhone
- CreatedById
- CreatedDate
- Description
- IsClosed
- IsDeleted
- IsEscalated
- Id
- LastModifiedDate
- LastReferencedDate
- LastViewedDate
- Origin
- Priority
- Reason
- Status
- Subject
- SuppliedName
- SuppliedEmail
- SuppliedPhone
- SuppliedCompany
- Type
Contact
- attributes_type
- attributes_url
- AccountName
- Birthdate
- CleanStatus
- CreatedById
- CreatedDate
- Department
- Description
- Fax
- FirstName
- HomePhone
- Id
- IsDeleted
- IsEmailBounced
- Languages__c
- LastActivityDate
- LastModifiedDate
- LastName
- LastReferencedDate
- LastViewedDate
- MailingAddress
- MailingCountry
- MailingPostalCode
- MobilePhone
- Name
- OtherAddress
- OtherCountry
- OtherPostalCode
- Other Phone
- OwnerId
- Phone
- Title
- Salutation
Lead
- attributes_type
- attributes_url
- Address
- AnnualRevenue
- CleanStatus
- Company
- CreatedById
- CreatedDate
- Description
- Fax
- FirstName
- Id
- Industry
- IsConverted
- IsDeleted
- LastActivityDate
- LastModifiedDate
- LastName
- LastReferencedDate
- LastViewedDate
- MobilePhone
- Name
- OwnerId
- Phone
- Status
- Title
- Website
Opportunity
- attributes_type
- attributes_url
- AccountName
- ClosedDate
- CreatedById
- CreatedDate
- CurrentGenerators
- Description
- Fiscal
- FiscalQuarter
- FiscalYear
- ForecastCategory
- HasOpportunity
- HasOverdueTask
- Id
- IsDeleted
- IsClosed
- IsPrivate
- IsWon
- LastModifiedDate
- LastReferencedDate
- LastViewedDate
- LeadSource
- Name
- Probability
- StageName
- Type
Task
- attributes_type
- attributes_url
- ActivityDate
- CreatedById
- CreatedDate
- Description
- IsArchived
- IsClosed
- IsHighPriority
- IsRecurrence
- LastModifiedDate
- Priority
- RecordTypeId
- Status
- Subject
- TaskSubtype
User
- attributes_type
- attributes_url
- Address
- Alias
- CommunityNickname
- CreatedById
- CreatedDate
- Description
- EmailPreferences
- Fax
- FirstName
- Id
- IsActive
- IsDeleted
- LanguageLocale
- LastLoginDate
- LastModifiedDate
- LastName
- LastReferencedDate
- LastViewedDate
- MobilePhone
- Name
- Phone
- PhotoUrl
- ProfileId
- TimeZone
- Title
- Username
- UserPermissions
- UserRole
- UserType
Endpoints Utilized
Method | Endpoint | Purpose | Docs |
---|---|---|---|
GET | /services/data/v38.0/query | Query objects for data subject PII | |
GET | /services/data/v38.0/sobjects | Extract PII fields from relevant objects |
Deletion
DataGrail's Salesforce integration provides Synchronous Deletion capabilities for the following supported identifier category: Email.Data Interactions
For Deletion requests, DataGrail will take the following actions:
- Search for Contacts and Leads containing the data subject email. Deletion of Users is not currently supported.
- Surface Cases, Opportunities, Tasks, and other custom objects related to the primary records.
- Delete all selected objects.
By request, Salesforce deletion can be switched to the anonymization mode. In this mode, DataGrail will not delete any objects, but update them with anonymized values, using pre-configured customer anonymization rules.
Endpoints Utilized
System Detection
DataGrail provides continuous system detection, delivering a real-time inventory of your data assets.Data Interactions
DataGrail's System Detection process runs once daily and performs the following actions:
- Read the following fields from ConnectedApplications:
Name
,CreatedDate
- Read the following fields from CustomObjects:
DeveloperName
,CreatedDate
,Description
- Read the following fields from PackageLicenses:
NamespacePrefix
,CreatedDate
- Read the following fields from ApexClasses:
Name
,NamespacePrefix
,Status
,CreatedDate
Endpoints Utilized
Data Discovery
DataGrail's Salesforce integration provides data discovery capabilities based on the principle of finding any and all personal data that's stored in a data system.Data Interactions
DataGrail currently supports Data Discovery on all of the accessible, queryable objects in the Salesforce instance.
- Count number of all records for each of supported objects.
- Fetch records examples for each of the supported objects.
- Sample data for the next analysis and classification.
Queryable Objects is a term used to describe a feature of Salesforce objects that allows for data to be retrieved through the Salesforce API. Although the majority of standard and custom objects in Salesforce are queryable by default, there are certain exceptions due to security considerations.
Endpoints Utilized
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.