When trying to connect to the ingest API (bulk) of the SalesForce CDP we had some problems and a lack of understanding of the process. After completing this step, we decided to write a tutorial that would help more people who would also go through these same difficulties.
The task can be divided into a few macro steps:
1 Generate JKS (Java Key Store) and self-signed certificate;
2 Create a connected app in SalesForce;
3 Assemble JWT using SalesForce standards;
4 Get access_token oauth2 from SalesForce Core;
5 Get access_token oauth from SalesForce CDP;
6 Create a job in the Ingestion API.
1 — Generate JKS (Java Key Store) and self-signed certificate
A Java KeyStore (JKS) is a repository of security certificates — authorization certificates or public key certificates — plus corresponding private keys, used, for example, in TLS encryption.
Self-signed certificates are public key certificates that your users issue on their own behalf, as opposed to a certification authority (CA) that issues them. These certificates are easy to make and cost no money.
To authenticate to SalesForce it is necessary to create a self-signed certificate and create a connected app containing this same certificate so that we can generate the JWT.
Generate a keystore and self-signed certificate keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Export a certificate from a keystore keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
At the end of executing these commands above, we will have 2 files: keystore.jks and mydomain.crt
2 — Create a connected app in SalesForce
You must create a connected app in salesforce with the characteristics below:
- check “Enable OAuth Settings”
- check “Use digital signatures”
- upload file mydomain.crt generated in the previous step
At the end of the creation, the customer key and password will be displayed, save this information.
3 — Assemble JWT using SalesForce standards
Run java code available in https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_jwt_flow.htm&type=5
Here’s an example of the JAVA code:
When executing the code above, a JWT will be displayed to be used later.
4 — Get access_token oauth2 from SalesForce Core
First you need to get the token from salesforce core before getting the access token from salesforce CDP.
For this it is necessary to consume the url ‘https://login.salesforce.com/services/oauth2/token', following example in python:
The access_token will be returned to be used to authenticate to SalesForce CDP.
5 — Get access_token oauth from SalesForce CDP
With the access_token (generated in the previous step), we can authenticate to SalesForce CDP.
For this, it is necessary to consume the url ‘https://<yourOrg>/services/a360/token’, following example in python:
The access_token will be returned to be used in the Ingestion API of SalesForce CDP.
6 — Create a job in the Ingestion API
With the access_token returned by SalesForce CDP, we were able to create an ingestion API job, follow the Python script:
When creating the job, the JSON below will be returned:
Paulo H. S. Carvalho